Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Host Process (Rundll32) has stopped working


  • This topic is locked This topic is locked
30 replies to this topic

#1 matchead

matchead

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 19 July 2014 - 07:20 AM

Hello -

 

"Windows Host process (Rundll32) has stopped working" keeps popping up on my screen.  I tried to run the "DDS" program for log files, but it does not complete.  Tried downloading and running it 3 times.

 

Please advise on how I can run the DDS in order to provide the log files.



BC AdBot (Login to Remove)

 


#2 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 July 2014 - 08:20 PM

Anyone ??????? ........... Bueller ...????

hehe



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 AM

Posted 24 July 2014 - 07:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541528 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 July 2014 - 09:02 AM

Followed directions as noted - Unable to complete the dds for a log.  It gets to about 80% and freezes.  Original issue of "Windows Host Process(Rundll32) has stopped working" is still popping up on my screen.  Closing it only makes it pop up again, so I just keep it "minimized" to the bottom of the screen.

 

Windows 7 Home Premium

Service Pack 1

64-bit



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 26 July 2014 - 10:26 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi matchead,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 July 2014 - 07:50 PM

Hi Ms. Toffee - Thanks for your help.

Here's the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Michael (administrator) on MICHAEL-HP on 26-07-2014 20:37:47
Running from C:\Users\Michael\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Nullsoft) C:\Users\Michael\Documents\Exe and DLs\Winamp\winamp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-11-01] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-11-01] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [880128 2011-11-14] (Creative Technology Ltd)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [ItiqIdme] => regsvr32.exe "C:\ProgramData\ItiqIdme\ItiqIdme.dat"
HKU\.DEFAULT\...\Run: [OtpuKwuy] => regsvr32.exe "C:\ProgramData\OtpuKwuy\OtpuKwuy.dat"
HKU\.DEFAULT\...\Run: [EvvuRyif] => regsvr32.exe "C:\ProgramData\EvvuRyif\EvvuRyif.dat"
HKU\.DEFAULT\...\Run: [EcocpUcsog] => regsvr32.exe "C:\ProgramData\EcocpUcsog\EcocpUcsog.dat"
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe [813448 2013-05-24] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3700214913-4012731398-408642833-1000\...\MountPoints2: {155050a6-888e-11e1-ae6d-74de2b79a656} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-3700214913-4012731398-408642833-1000\...\MountPoints2: {8005e798-86f7-11e1-a309-74de2b79a656} - J:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
ShortcutTarget: autostart.lnk -> C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\t7lrlo0.cpp ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
ShortcutTarget: GigaTribe.lnk -> C:\Program Files (x86)\GigaTribe\gigatribe.exe (Gigatribe)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3bvyeog0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [104448 2011-11-28] (Creative Technology Ltd)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RpcSs; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]
S2 Winmgmt; C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\0olrl7t.dot [331496 2014-07-19] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-04-04] (Windows ® Codename Longhorn DDK provider)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1266264 2011-11-28] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2011-11-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 20:37 - 2014-07-26 20:38 - 00019327 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-26 20:37 - 2014-07-26 20:37 - 00000000 ____D () C:\FRST
2014-07-26 20:36 - 2014-07-26 20:36 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-26 20:25 - 2014-07-26 20:25 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-26 09:37 - 2014-07-26 09:37 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.com
2014-07-26 09:30 - 2014-07-26 01:48 - 00788310 _____ () C:\Users\Michael\Documents\car wash.jpeg
2014-07-25 21:36 - 2014-07-25 21:36 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4160-F.txt
2014-07-24 21:10 - 2014-07-24 21:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-23 20:34 - 2014-07-23 20:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5000-F.txt
2014-07-22 21:06 - 2014-07-22 21:06 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4908-F.txt
2014-07-22 07:21 - 2014-07-22 07:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4848-F.txt
2014-07-21 20:54 - 2014-07-21 20:54 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-2608-F.txt
2014-07-21 20:47 - 2014-07-21 20:47 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4940-F.txt
2014-07-21 07:01 - 2014-07-26 09:22 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4884-F.txt
2014-07-20 20:35 - 2014-07-20 20:35 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-4796-F.txt
2014-07-20 08:45 - 2014-07-20 08:45 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4968-F.txt
2014-07-19 18:56 - 2014-07-19 18:56 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8036-F.txt
2014-07-19 18:50 - 2014-07-19 18:50 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-6672-F.txt
2014-07-19 18:49 - 2014-07-19 18:49 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5552-F.txt
2014-07-19 18:38 - 2014-07-19 18:38 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5212-F.txt
2014-07-19 18:32 - 2014-07-19 18:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4868-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6236-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-7108-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-6908-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4984-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4420-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7104-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5840-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6216-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4592-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4680-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4520-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6564-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5236-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6356-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6228-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1044-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6740-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6260-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6112-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4872-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6328-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5676-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5556-F.txt
2014-07-19 08:08 - 2014-07-19 08:08 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5220-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1800-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4372-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3568-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5104-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4812-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11476-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-7372-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7068-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-11568-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-10876-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-13232-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2936-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12880-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10516-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9772-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-8480-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13196-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10384-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7872-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3024-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3220-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5160-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4828-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11236-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-10800-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8440-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5336-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13032-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-9272-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8104-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3912-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-9764-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13564-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-1192-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7748-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3540-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11160-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8732-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10160-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8292-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8004-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-12992-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10380-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6488-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-11948-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9232-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-13144-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12740-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-12660-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2008-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3200-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12648-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-8336-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13140-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8656-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-152-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8444-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12744-F.txt
2014-07-19 07:20 - 2014-07-19 07:22 - 00000000 ____D () C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1
2014-07-18 23:56 - 2014-07-18 23:56 - 00000000 ____D () C:\ProgramData\EcocpUcsog
2014-07-17 06:13 - 2014-07-17 06:13 - 00000000 ____D () C:\ProgramData\EvvuRyif
2014-07-16 23:58 - 2014-07-16 23:58 - 00000000 ____D () C:\ProgramData\OtpuKwuy
2014-07-12 20:53 - 2014-07-12 20:53 - 00000000 ____D () C:\ProgramData\ItiqIdme
2014-07-02 22:03 - 2014-07-02 22:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 20:38 - 2014-07-26 20:37 - 00019327 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-26 20:37 - 2014-07-26 20:37 - 00000000 ____D () C:\FRST
2014-07-26 20:36 - 2014-07-26 20:36 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-26 20:34 - 2014-04-07 23:09 - 00000069 _____ () C:\Windows\system32\khxfo.bip
2014-07-26 20:32 - 2012-04-14 15:29 - 01699040 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 20:32 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:32 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:25 - 2014-07-26 20:25 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-26 20:25 - 2012-01-24 21:15 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-26 20:24 - 2013-04-05 07:36 - 00000031 _____ () C:\Windows\system32\bbcap.err
2014-07-26 20:24 - 2012-01-24 20:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-26 20:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 20:24 - 2009-07-14 00:51 - 00212793 _____ () C:\Windows\setupact.log
2014-07-26 09:37 - 2014-07-26 09:37 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.com
2014-07-26 09:22 - 2014-07-21 07:01 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4884-F.txt
2014-07-26 01:48 - 2014-07-26 09:30 - 00788310 _____ () C:\Users\Michael\Documents\car wash.jpeg
2014-07-26 00:14 - 2012-04-14 15:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{496A4010-DC1D-40AF-9279-FF008AE0FC18}
2014-07-25 22:09 - 2012-06-02 21:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-25 21:36 - 2014-07-25 21:36 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4160-F.txt
2014-07-24 22:56 - 2012-04-14 20:31 - 00000000 ____D () C:\Users\Michael\Documents\My Received Files
2014-07-24 21:10 - 2014-07-24 21:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-23 20:34 - 2014-07-23 20:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5000-F.txt
2014-07-22 21:06 - 2014-07-22 21:06 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4908-F.txt
2014-07-22 07:21 - 2014-07-22 07:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4848-F.txt
2014-07-21 20:54 - 2014-07-21 20:54 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-2608-F.txt
2014-07-21 20:47 - 2014-07-21 20:47 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4940-F.txt
2014-07-20 23:27 - 2014-04-21 22:05 - 00003797 _____ () C:\console.log
2014-07-20 20:35 - 2014-07-20 20:35 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-4796-F.txt
2014-07-20 10:22 - 2012-04-15 10:56 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 08:45 - 2014-07-20 08:45 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4968-F.txt
2014-07-19 18:56 - 2014-07-19 18:56 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8036-F.txt
2014-07-19 18:50 - 2014-07-19 18:50 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-6672-F.txt
2014-07-19 18:49 - 2014-07-19 18:49 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5552-F.txt
2014-07-19 18:38 - 2014-07-19 18:38 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5212-F.txt
2014-07-19 18:32 - 2014-07-19 18:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4868-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6236-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-7108-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-6908-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4984-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4420-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7104-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5840-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6216-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4592-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4680-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4520-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6564-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5236-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6356-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6228-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1044-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6740-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6260-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6112-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4872-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6328-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5676-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5556-F.txt
2014-07-19 08:08 - 2014-07-19 08:08 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5220-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1800-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4372-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3568-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5104-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4812-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11476-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-7372-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7068-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-11568-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-10876-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-13232-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2936-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12880-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10516-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9772-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-8480-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13196-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10384-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7872-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3024-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3220-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5160-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4828-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11236-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-10800-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8440-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5336-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13032-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-9272-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8104-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3912-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-9764-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13564-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-1192-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7748-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3540-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11160-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8732-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10160-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8292-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8004-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-12992-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10380-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6488-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-11948-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9232-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-13144-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12740-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-12660-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2008-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3200-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12648-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-8336-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13140-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8656-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-152-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8444-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12744-F.txt
2014-07-19 07:22 - 2014-07-19 07:20 - 00000000 ____D () C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1
2014-07-18 23:56 - 2014-07-18 23:56 - 00000000 ____D () C:\ProgramData\EcocpUcsog
2014-07-17 06:13 - 2014-07-17 06:13 - 00000000 ____D () C:\ProgramData\EvvuRyif
2014-07-16 23:58 - 2014-07-16 23:58 - 00000000 ____D () C:\ProgramData\OtpuKwuy
2014-07-15 07:00 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 23:30 - 2012-04-22 00:04 - 00000000 ____D () C:\Users\Michael\Documents\Paltalk Crap
2014-07-12 20:53 - 2014-07-12 20:53 - 00000000 ____D () C:\ProgramData\ItiqIdme
2014-07-03 06:51 - 2010-11-20 23:47 - 00512274 _____ () C:\Windows\PFRO.log
2014-07-02 22:03 - 2014-07-02 22:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-07-02 22:03 - 2014-03-13 21:10 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-07-02 22:03 - 2012-06-11 21:29 - 00001987 _____ () C:\Users\Michael\Desktop\Paltalk Messenger.lnk
2014-07-02 22:03 - 2012-04-14 20:27 - 00000000 ____D () C:\Users\Michael\Documents\Exe and DLs
2014-07-01 07:37 - 2012-04-26 20:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-06-30 21:09 - 2012-04-26 20:37 - 00000000 ____D () C:\Users\Michael\Documents\Lyrics

Files to move or delete:
====================
C:\Users\Michael\Winmx 3.54.exe

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\2.exe
C:\Users\Michael\AppData\Local\Temp\AskSLib.dll
C:\Users\Michael\AppData\Local\Temp\bbcap.dll
C:\Users\Michael\AppData\Local\Temp\bbchlp.dll
C:\Users\Michael\AppData\Local\Temp\exe2DD3.tmp.exe
C:\Users\Michael\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Michael\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael\AppData\Local\Temp\nvStInst.exe
C:\Users\Michael\AppData\Local\Temp\ochelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0516096 ____A (Microsoft Corporation) 27BAF3AEC324A8001A4C6B0E8E156988

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 00:53

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Michael at 2014-07-26 20:38:41
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.4.2665 - Blueberry)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fire Talk New (HKCU\...\3b981b3f4751cdd8) (Version: 2.0.0.188 - Fire Talk New)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GigaTribe 3.04.012 (HKLM-x32\...\ShalSoft.GigaTribe_is1) (Version:  - GigaTribe SAS)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD)
RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{31A736DC-A2D2-4443-AE82-7A6EEF580DC1}) (Version: 1.00.14 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vidyo Desktop 2.2.0 (HKLM-x32\...\Vidyo Desktop) (Version: 2.2.0 - Vidyo Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Winmx Community 1 (HKLM-x32\...\Winmx Community 1) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {552A0A10-4185-4730-95BC-4BECDAC99FBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {78E82A28-15EC-4514-AD76-E6B91AE5074E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7CCA26B2-B8EA-4E2A-9C01-02832C64B3A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {9B0407F1-018A-494C-857C-E3623CCA7E50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {B3CC42E9-D40B-46F1-911A-50DC135C3676} - System32\Tasks\{79BD6A89-68BA-44B4-A789-072061F6879E} => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [2011-11-14] (Creative Technology Ltd)
Task: {BECC45CE-6F47-406B-A972-AD9E77BE9F3C} - System32\Tasks\{7B6FCCA2-9C23-4954-B4DC-CC52110E1653} => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [2011-11-14] (Creative Technology Ltd)
Task: {D3495F5F-78EF-4AAE-BC9F-F62DA0A55BD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F23F2B90-2662-439D-8544-FACBEF958DB4} - System32\Tasks\{CEF43000-9307-4123-8F41-1C6D13FE9796} => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [2011-11-14] (Creative Technology Ltd)
Task: {F6082263-D03F-433C-9FFD-C103848F4ED6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

==================== Loaded Modules (whitelisted) =============

2014-03-27 10:31 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-11 20:17 - 2011-05-11 20:17 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-07-19 07:20 - 2014-07-19 07:20 - 00135544 _____ () C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\t7lrlo0.cpp
2014-07-19 07:20 - 2014-07-19 07:20 - 00135544 _____ () c:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\t7lrlo0.cpp
2012-04-14 21:09 - 2006-06-21 13:05 - 00210432 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\System\aacPlusDecoder.w5s
2012-04-14 21:09 - 2006-06-21 13:05 - 00015360 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\System\jnetlib.w5s
2012-04-14 21:09 - 2006-06-21 13:08 - 00029696 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\System\playlist.w5s
2012-04-14 21:09 - 2006-06-21 13:03 - 00014848 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\System\tagz.w5s
2012-04-14 21:09 - 2006-06-21 13:02 - 00090624 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\System\xml.w5s
2012-04-14 21:09 - 2006-06-21 13:09 - 00086016 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_cdda.dll
2012-04-14 21:09 - 2002-03-20 06:43 - 00114688 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_midi.dll
2012-04-14 21:09 - 2002-04-27 03:14 - 00093696 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\read_file.dll
2012-04-14 21:09 - 2002-04-27 03:12 - 00151040 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_mod.dll
2012-04-14 21:09 - 2006-06-21 13:08 - 00308224 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_mp3.dll
2012-04-14 21:09 - 2002-04-29 06:44 - 00221696 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_vorbis.dll
2012-04-14 21:09 - 2006-06-21 13:03 - 00010240 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\in_wave.dll
2012-04-14 21:09 - 2006-06-21 13:02 - 00223232 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\libsndfile.dll
2012-04-14 21:09 - 2006-06-21 13:06 - 00041984 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\out_ds.dll
2012-04-14 21:09 - 2006-06-21 13:06 - 00013824 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\out_wave.dll
2012-04-14 21:09 - 2004-06-29 20:03 - 00069632 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\gen_cdg.dll
2012-04-14 21:09 - 2006-06-21 13:09 - 00019968 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\gen_hotkeys.dll
2012-04-14 21:09 - 2006-06-06 09:17 - 00174080 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\gen_jumpex.dll
2012-04-14 21:09 - 2006-06-21 13:09 - 00023040 _____ () C:\Users\Michael\Documents\Exe and DLs\Winamp\Plugins\gen_tray.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2014 08:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02f76fa1
Faulting process id: 0x13b8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: kernel32.dll, version: 6.1.7601.18015, time stamp: 0x50b83c89
Exception code: 0xc0000005
Fault offset: 0x00014196
Faulting process id: 0x15e4
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000002
Fault offset: 0x76d9d7e8
Faulting process id: 0x116c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: kernel32.dll, version: 6.1.7601.18015, time stamp: 0x50b83c89
Exception code: 0xc0000005
Fault offset: 0x00014196
Faulting process id: 0x1408
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:43:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x748ce384
Faulting process id: 0xe10
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:42:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002defe
Faulting process id: 0x16a4
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:42:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xc0000005
Fault offset: 0x00014a67
Faulting process id: 0x14c4
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: kernel32.dll, version: 6.1.7601.18015, time stamp: 0x50b83c89
Exception code: 0xc0000005
Fault offset: 0x00014196
Faulting process id: 0x1380
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002defe
Faulting process id: 0x12c8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/26/2014 08:23:38 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

System errors:
=============
Error: (07/26/2014 08:45:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:45:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:44:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:44:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:43:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:43:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:42:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:42:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:41:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (07/26/2014 08:41:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Microsoft Office Sessions:
=========================
Error: (07/26/2014 08:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000502f76fa113b801cfa9341f1b1375C:\Windows\SysWOW64\rundll32.exeunknown60a843e0-1527-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637kernel32.dll6.1.7601.1801550b83c89c00000050001419615e401cfa93419d93fbcC:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\kernel32.dll5ba3521b-1527-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.0000000008000000276d9d7e8116c01cfa933df6c1afcC:\Windows\SysWOW64\rundll32.exeunknown21149b98-1527-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637kernel32.dll6.1.7601.1801550b83c89c000000500014196140801cfa933da1f71d0C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\kernel32.dll1bc8197d-1527-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:43:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c0000005748ce384e1001cfa933d310a61cC:\Windows\SysWOW64\rundll32.exeunknown1673cf31-1527-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:42:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.1820551db9710c00000050002defe16a401cfa933a580d078C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dlle727f185-1526-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:42:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637KERNELBASE.dll6.1.7601.1801550b83c8ac000000500014a6714c401cfa933a05f07e1C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\KERNELBASE.dlle2090f1e-1526-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637kernel32.dll6.1.7601.1801550b83c89c000000500014196138001cfa9339af0a5e2C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\kernel32.dlldc810a9e-1526-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.1820551db9710c00000050002defe12c801cfa9313ba703feC:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dll8ce60085-1524-11e4-b98d-50e549d5e319

Error: (07/26/2014 08:23:38 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 10014.89 MB
Available physical RAM: 7732.35 MB
Total Pagefile: 20027.96 MB
Available Pagefile: 17651.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1845.55 GB) (Free:1657.1 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:17 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E5E627E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-217381339136) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 27 July 2014 - 11:00 AM

Hi matchead,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

We need to search for a file with FRST:

  • Double-click on FRST.exe/FRST64.exe on your desktop to open it, in the search box, type the following: rpcss.dll;rundll32.exe
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt

xXToffeeXx~


Edited by xXToffeeXx, 27 July 2014 - 11:02 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 27 July 2014 - 12:47 PM

Let's clean :-)

Here the log:

 

Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Michael at 2014-07-27 12:16:49
Running from C:\Users\Michael\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll;rundll32.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe
[2009-07-13 19:41][2009-07-13 21:14] 0044544 ____A (Microsoft Corporation) 51138BEEA3E2C21EC44D0932C71762A8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe
[2009-07-13 19:57][2009-07-13 21:39] 0045568 ____A (Microsoft Corporation) DD81D91FF3B0763C392422865C9AC12E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\SysWOW64\rundll32.exe
[2009-07-13 19:41][2009-07-13 21:14] 0044544 ____A (Microsoft Corporation) 51138BEEA3E2C21EC44D0932C71762A8 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0516096 ____A (Microsoft Corporation) 27BAF3AEC324A8001A4C6B0E8E156988

C:\Windows\System32\rundll32.exe
[2009-07-13 19:57][2009-07-13 21:39] 0045568 ____A (Microsoft Corporation) DD81D91FF3B0763C392422865C9AC12E [File is signed]

====== End Of Search ======



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 27 July 2014 - 01:32 PM

Hi matchead,
 
Okay, good. Lets get started then.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [ItiqIdme] => regsvr32.exe "C:\ProgramData\ItiqIdme\ItiqIdme.dat"
HKU\.DEFAULT\...\Run: [OtpuKwuy] => regsvr32.exe "C:\ProgramData\OtpuKwuy\OtpuKwuy.dat"
HKU\.DEFAULT\...\Run: [EvvuRyif] => regsvr32.exe "C:\ProgramData\EvvuRyif\EvvuRyif.dat"
HKU\.DEFAULT\...\Run: [EcocpUcsog] => regsvr32.exe "C:\ProgramData\EcocpUcsog\EcocpUcsog.dat"
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 Winmgmt; C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\0olrl7t.dot [331496 2014-07-19] (Microsoft Corporation) [File not signed]
C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1
2014-07-26 20:25 - 2014-07-26 20:25 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-25 21:36 - 2014-07-25 21:36 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4160-F.txt
2014-07-24 21:10 - 2014-07-24 21:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-23 20:34 - 2014-07-23 20:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5000-F.txt
2014-07-22 21:06 - 2014-07-22 21:06 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4908-F.txt
2014-07-22 07:21 - 2014-07-22 07:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4848-F.txt
2014-07-21 20:54 - 2014-07-21 20:54 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-2608-F.txt
2014-07-21 20:47 - 2014-07-21 20:47 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4940-F.txt
2014-07-21 07:01 - 2014-07-26 09:22 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4884-F.txt
2014-07-20 20:35 - 2014-07-20 20:35 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-4796-F.txt
2014-07-20 08:45 - 2014-07-20 08:45 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4968-F.txt
2014-07-19 18:56 - 2014-07-19 18:56 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8036-F.txt
2014-07-19 18:50 - 2014-07-19 18:50 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-6672-F.txt
2014-07-19 18:49 - 2014-07-19 18:49 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5552-F.txt
2014-07-19 18:38 - 2014-07-19 18:38 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5212-F.txt
2014-07-19 18:32 - 2014-07-19 18:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4868-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6236-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-7108-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-6908-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4984-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4420-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7104-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5840-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6216-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4592-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4680-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4520-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6564-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5236-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6356-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6228-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1044-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6740-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6260-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6112-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4872-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6328-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5676-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5556-F.txt
2014-07-19 08:08 - 2014-07-19 08:08 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5220-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1800-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4372-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3568-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5104-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4812-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11476-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-7372-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7068-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-11568-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-10876-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-13232-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2936-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12880-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10516-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9772-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-8480-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13196-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10384-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7872-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3024-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3220-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5160-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4828-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11236-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-10800-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8440-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5336-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13032-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-9272-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8104-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3912-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-9764-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13564-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-1192-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7748-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3540-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11160-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8732-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10160-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8292-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8004-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-12992-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10380-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6488-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-11948-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9232-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-13144-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12740-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-12660-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2008-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3200-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12648-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-8336-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13140-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8656-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-152-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8444-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12744-F.txt
2014-07-18 23:56 - 2014-07-18 23:56 - 00000000 ____D () C:\ProgramData\EcocpUcsog
2014-07-17 06:13 - 2014-07-17 06:13 - 00000000 ____D () C:\ProgramData\EvvuRyif
2014-07-16 23:58 - 2014-07-16 23:58 - 00000000 ____D () C:\ProgramData\OtpuKwuy
2014-07-12 20:53 - 2014-07-12 20:53 - 00000000 ____D () C:\ProgramData\ItiqIdme
2014-07-26 20:34 - 2014-04-07 23:09 - 00000069 _____ () C:\Windows\system32\khxfo.bip
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • New FRST log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 July 2014 - 07:25 AM

Here we go:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Michael at 2014-07-28 08:00:03 Run:1
Running from C:\Users\Michael\Documents\Fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [ItiqIdme] => regsvr32.exe "C:\ProgramData\ItiqIdme\ItiqIdme.dat"
HKU\.DEFAULT\...\Run: [OtpuKwuy] => regsvr32.exe "C:\ProgramData\OtpuKwuy\OtpuKwuy.dat"
HKU\.DEFAULT\...\Run: [EvvuRyif] => regsvr32.exe "C:\ProgramData\EvvuRyif\EvvuRyif.dat"
HKU\.DEFAULT\...\Run: [EcocpUcsog] => regsvr32.exe "C:\ProgramData\EcocpUcsog\EcocpUcsog.dat"
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 Winmgmt; C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1\0olrl7t.dot [331496 2014-07-19] (Microsoft Corporation) [File not signed]
C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1
2014-07-26 20:25 - 2014-07-26 20:25 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-25 21:36 - 2014-07-25 21:36 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4160-F.txt
2014-07-24 21:10 - 2014-07-24 21:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-23 20:34 - 2014-07-23 20:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5000-F.txt
2014-07-22 21:06 - 2014-07-22 21:06 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4908-F.txt
2014-07-22 07:21 - 2014-07-22 07:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4848-F.txt
2014-07-21 20:54 - 2014-07-21 20:54 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-2608-F.txt
2014-07-21 20:47 - 2014-07-21 20:47 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4940-F.txt
2014-07-21 07:01 - 2014-07-26 09:22 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4884-F.txt
2014-07-20 20:35 - 2014-07-20 20:35 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-4796-F.txt
2014-07-20 08:45 - 2014-07-20 08:45 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4968-F.txt
2014-07-19 18:56 - 2014-07-19 18:56 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8036-F.txt
2014-07-19 18:50 - 2014-07-19 18:50 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-6672-F.txt
2014-07-19 18:49 - 2014-07-19 18:49 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5552-F.txt
2014-07-19 18:38 - 2014-07-19 18:38 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5212-F.txt
2014-07-19 18:32 - 2014-07-19 18:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4868-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6236-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-7108-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-6908-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4984-F.txt
2014-07-19 08:21 - 2014-07-19 08:21 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4420-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7104-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5840-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6216-F.txt
2014-07-19 08:15 - 2014-07-19 08:15 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4592-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4680-F.txt
2014-07-19 08:14 - 2014-07-19 08:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4520-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6564-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-19 08:13 - 2014-07-19 08:13 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5236-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6356-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6228-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1044-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6740-F.txt
2014-07-19 08:12 - 2014-07-19 08:12 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6260-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6112-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4872-F.txt
2014-07-19 08:11 - 2014-07-19 08:11 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-6328-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5676-F.txt
2014-07-19 08:10 - 2014-07-19 08:10 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5556-F.txt
2014-07-19 08:08 - 2014-07-19 08:08 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5220-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1800-F.txt
2014-07-19 07:38 - 2014-07-19 07:38 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4372-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3568-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-5104-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4812-F.txt
2014-07-19 07:37 - 2014-07-19 07:37 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11476-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-7372-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7068-F.txt
2014-07-19 07:34 - 2014-07-19 07:34 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-11568-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-10876-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-13232-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2936-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12880-F.txt
2014-07-19 07:33 - 2014-07-19 07:33 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10516-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9772-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-8480-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13196-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10384-F.txt
2014-07-19 07:32 - 2014-07-19 07:32 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-7872-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3024-F.txt
2014-07-19 07:31 - 2014-07-19 07:31 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3220-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5160-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4828-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11236-F.txt
2014-07-19 07:30 - 2014-07-19 07:30 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-10800-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8440-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-5336-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13032-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-9272-F.txt
2014-07-19 07:29 - 2014-07-19 07:29 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8104-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3912-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-9764-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-13564-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-1192-F.txt
2014-07-19 07:28 - 2014-07-19 07:28 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-7748-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3540-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-11160-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8732-F.txt
2014-07-19 07:27 - 2014-07-19 07:27 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-10160-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8292-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-8004-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-12992-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-10380-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-6488-F.txt
2014-07-19 07:26 - 2014-07-19 07:26 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-11948-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-9232-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-13144-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12740-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-12660-F.txt
2014-07-19 07:25 - 2014-07-19 07:25 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-2008-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-3200-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-12648-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-8336-F.txt
2014-07-19 07:24 - 2014-07-19 07:24 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-13140-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-8656-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-152-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-8444-F.txt
2014-07-19 07:23 - 2014-07-19 07:23 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-12744-F.txt
2014-07-18 23:56 - 2014-07-18 23:56 - 00000000 ____D () C:\ProgramData\EcocpUcsog
2014-07-17 06:13 - 2014-07-17 06:13 - 00000000 ____D () C:\ProgramData\EvvuRyif
2014-07-16 23:58 - 2014-07-16 23:58 - 00000000 ____D () C:\ProgramData\OtpuKwuy
2014-07-12 20:53 - 2014-07-12 20:53 - 00000000 ____D () C:\ProgramData\ItiqIdme
2014-07-26 20:34 - 2014-04-07 23:09 - 00000069 _____ () C:\Windows\system32\khxfo.bip
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ItiqIdme => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\OtpuKwuy => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\EvvuRyif => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\EcocpUcsog => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
"HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
"HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
Winmgmt => Service restored successfully.
C:\ProgramData\0D9C7D8D1EEF41C08540A0E61FF8F0E1 => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4808-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4160-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5080-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5000-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4908-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4848-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-2608-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4940-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4884-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4796-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4968-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8036-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6672-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5552-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5212-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4868-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6236-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7108-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6908-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4984-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4420-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7104-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5840-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6216-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4592-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4680-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4520-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6564-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3216-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5236-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6356-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6228-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-1044-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6740-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6260-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6112-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4872-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3628-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6328-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5676-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5556-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4292-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5220-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-1800-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3564-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4372-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3568-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5104-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4812-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-2184-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-11476-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7372-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7068-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-11568-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10876-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13232-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-2936-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12880-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10516-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-9772-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8480-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13196-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10384-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7872-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3024-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3220-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5160-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4828-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-11236-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10800-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8440-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5336-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13032-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-9272-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8104-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3912-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-9764-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13564-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-1192-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-2724-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-7748-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3540-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-11160-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8732-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10160-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8292-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8004-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12992-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-10380-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6488-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-11948-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-9232-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13144-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12740-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12660-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-2008-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3200-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12648-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8336-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-13140-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8656-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-152-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-8444-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-12744-F.txt => Moved successfully.
C:\ProgramData\EcocpUcsog => Moved successfully.
C:\ProgramData\EvvuRyif => Moved successfully.
C:\ProgramData\OtpuKwuy => Moved successfully.
C:\ProgramData\ItiqIdme => Moved successfully.
C:\Windows\system32\khxfo.bip => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Michael (administrator) on MICHAEL-HP on 28-07-2014 08:23:13
Running from C:\Users\Michael\Documents\Fix
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-11-01] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-11-01] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [880128 2011-11-14] (Creative Technology Ltd)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe [813448 2013-05-24] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3700214913-4012731398-408642833-1000\...\MountPoints2: {155050a6-888e-11e1-ae6d-74de2b79a656} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-3700214913-4012731398-408642833-1000\...\MountPoints2: {8005e798-86f7-11e1-a309-74de2b79a656} - J:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
ShortcutTarget: autostart.lnk -> C:\PROGRA~3\0D9C7D~1\t7lrlo0.cpp (No File)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
ShortcutTarget: GigaTribe.lnk -> C:\Program Files (x86)\GigaTribe\gigatribe.exe (Gigatribe)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3bvyeog0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
U2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [104448 2011-11-28] (Creative Technology Ltd)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RpcSs; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-04-04] (Windows ® Codename Longhorn DDK provider)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1266264 2011-11-28] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2011-11-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 08:19 - 2014-07-28 08:19 - 00000072 _____ () C:\Windows\system32\khxfo.bip
2014-07-28 07:09 - 2014-07-28 07:09 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-27 22:11 - 2014-07-28 08:23 - 00000000 ____D () C:\Users\Michael\Documents\Fix
2014-07-27 21:53 - 2014-07-27 21:53 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4856-F.txt
2014-07-27 09:08 - 2014-07-27 09:09 - 00000231 _____ () C:\ProgramData\RUNDLL32.EXE-4800-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6096-F.txt
2014-07-26 20:45 - 2014-07-26 20:45 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5604-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-5128-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4460-F.txt
2014-07-26 20:43 - 2014-07-26 20:43 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5316-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5796-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4992-F.txt
2014-07-26 20:37 - 2014-07-28 08:23 - 00000000 ____D () C:\FRST
2014-07-26 09:30 - 2014-07-26 01:48 - 00788310 _____ () C:\Users\Michael\Documents\car wash.jpeg
2014-07-02 22:03 - 2014-07-02 22:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 08:23 - 2014-07-27 22:11 - 00000000 ____D () C:\Users\Michael\Documents\Fix
2014-07-28 08:23 - 2014-07-26 20:37 - 00000000 ____D () C:\FRST
2014-07-28 08:21 - 2013-04-05 07:36 - 00000031 _____ () C:\Windows\system32\bbcap.err
2014-07-28 08:21 - 2012-01-24 21:15 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-28 08:21 - 2012-01-24 20:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-28 08:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 08:21 - 2009-07-14 00:51 - 00213465 _____ () C:\Windows\setupact.log
2014-07-28 08:19 - 2014-07-28 08:19 - 00000072 _____ () C:\Windows\system32\khxfo.bip
2014-07-28 08:19 - 2012-04-14 15:29 - 01766538 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 07:17 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 07:17 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 07:12 - 2012-04-14 15:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{496A4010-DC1D-40AF-9279-FF008AE0FC18}
2014-07-28 07:09 - 2014-07-28 07:09 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-27 22:16 - 2012-06-02 21:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-27 21:53 - 2014-07-27 21:53 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4856-F.txt
2014-07-27 10:47 - 2012-04-15 10:56 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-27 09:09 - 2014-07-27 09:08 - 00000231 _____ () C:\ProgramData\RUNDLL32.EXE-4800-F.txt
2014-07-26 22:47 - 2012-04-14 20:31 - 00000000 ____D () C:\Users\Michael\Documents\My Received Files
2014-07-26 20:46 - 2014-07-26 20:46 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6096-F.txt
2014-07-26 20:45 - 2014-07-26 20:45 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5604-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-5128-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4460-F.txt
2014-07-26 20:43 - 2014-07-26 20:43 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5316-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5796-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4992-F.txt
2014-07-26 01:48 - 2014-07-26 09:30 - 00788310 _____ () C:\Users\Michael\Documents\car wash.jpeg
2014-07-20 23:27 - 2014-04-21 22:05 - 00003797 _____ () C:\console.log
2014-07-15 07:00 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 23:30 - 2012-04-22 00:04 - 00000000 ____D () C:\Users\Michael\Documents\Paltalk Crap
2014-07-03 06:51 - 2010-11-20 23:47 - 00512274 _____ () C:\Windows\PFRO.log
2014-07-02 22:03 - 2014-07-02 22:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-07-02 22:03 - 2014-03-13 21:10 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-07-02 22:03 - 2012-06-11 21:29 - 00001987 _____ () C:\Users\Michael\Desktop\Paltalk Messenger.lnk
2014-07-02 22:03 - 2012-04-14 20:27 - 00000000 ____D () C:\Users\Michael\Documents\Exe and DLs
2014-07-01 07:37 - 2012-04-26 20:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-06-30 21:09 - 2012-04-26 20:37 - 00000000 ____D () C:\Users\Michael\Documents\Lyrics

Files to move or delete:
====================
C:\Users\Michael\Winmx 3.54.exe

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\2.exe
C:\Users\Michael\AppData\Local\Temp\AskSLib.dll
C:\Users\Michael\AppData\Local\Temp\bbcap.dll
C:\Users\Michael\AppData\Local\Temp\bbchlp.dll
C:\Users\Michael\AppData\Local\Temp\exe2DD3.tmp.exe
C:\Users\Michael\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Michael\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael\AppData\Local\Temp\nvStInst.exe
C:\Users\Michael\AppData\Local\Temp\ochelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0516096 ____A (Microsoft Corporation) 27BAF3AEC324A8001A4C6B0E8E156988

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 00:53

==================== End Of Log ============================



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 28 July 2014 - 08:21 AM

Hi matchead,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
ShortcutTarget: autostart.lnk -> C:\PROGRA~3\0D9C7D~1\t7lrlo0.cpp (No File)
2014-07-28 08:19 - 2014-07-28 08:19 - 00000072 _____ () C:\Windows\system32\khxfo.bip
2014-07-28 07:09 - 2014-07-28 07:09 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-27 21:53 - 2014-07-27 21:53 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4856-F.txt
2014-07-27 09:08 - 2014-07-27 09:09 - 00000231 _____ () C:\ProgramData\RUNDLL32.EXE-4800-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6096-F.txt
2014-07-26 20:45 - 2014-07-26 20:45 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5604-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-5128-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4460-F.txt
2014-07-26 20:43 - 2014-07-26 20:43 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5316-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5796-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4992-F.txt
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
SaveMbr: drive=0
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate two logs (Fixlog.txt and MBRDUMP.txt) in the same location the tool was run.
  • Please copy and paste the fixlog.txt in your next reply, and then please attach mbrdump.txt to your post.

--------------

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Mbrdump.txt (attached)
  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 July 2014 - 07:54 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Michael at 2014-07-29 08:40:34 Run:2
Running from C:\Users\Michael\Documents\Fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShortcutTarget: autostart.lnk -> C:\PROGRA~3\0D9C7D~1\t7lrlo0.cpp (No File)
2014-07-28 08:19 - 2014-07-28 08:19 - 00000072 _____ () C:\Windows\system32\khxfo.bip
2014-07-28 07:09 - 2014-07-28 07:09 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-27 21:53 - 2014-07-27 21:53 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-4856-F.txt
2014-07-27 09:08 - 2014-07-27 09:09 - 00000231 _____ () C:\ProgramData\RUNDLL32.EXE-4800-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-26 20:46 - 2014-07-26 20:46 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-6096-F.txt
2014-07-26 20:45 - 2014-07-26 20:45 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5604-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-5128-F.txt
2014-07-26 20:44 - 2014-07-26 20:44 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-4460-F.txt
2014-07-26 20:43 - 2014-07-26 20:43 - 00000107 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-5316-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-5796-F.txt
2014-07-26 20:42 - 2014-07-26 20:42 - 00000112 _____ () C:\ProgramData\RUNDLL32.EXE-4992-F.txt
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
SaveMbr: drive=0
*****************

C:\PROGRA~3\0D9C7D~1\t7lrlo0.cpp not found.
C:\Windows\system32\khxfo.bip => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4920-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4856-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4800-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5048-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-6096-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5604-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5128-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4460-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3600-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5316-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-5796-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-4992-F.txt => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
MBRDUMP.txt is made successfully.

==== End of Fixlog ====

 

# AdwCleaner v3.301 - Report created 29/07/2014 at 08:52:39
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - MICHAEL-HP
# Running from : C:\Users\Michael\Documents\Fix\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\PIP
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3bvyeog0.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1954 octets] - [29/07/2014 08:42:07]
AdwCleaner[R1].txt - [2014 octets] - [29/07/2014 08:46:43]
AdwCleaner[R2].txt - [1914 octets] - [29/07/2014 08:52:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1974 octets] ##########

 

(Sorry, but I do not see a way to "attach" the Mbrdump file in this reply window..  Please advise.


Edited by matchead, 29 July 2014 - 07:59 AM.


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 29 July 2014 - 11:18 AM

Hi matchead,
 
You can attach by going to More Reply Options at the bottom of the reply box, then Attach Files -> Choose Files... then a window will appear which you use to navigate to the file. Then click on open and the file will be upload.
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 matchead

matchead
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 July 2014 - 08:10 PM

Attached File  AdwCleanerR3.txt   2.08KB   0 downloads# AdwCleaner v3.301 - Report created 29/07/2014 at 21:06:41
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - MICHAEL-HP
# Running from : C:\Users\Michael\Documents\Fix\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3bvyeog0.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1954 octets] - [29/07/2014 08:42:07]
AdwCleaner[R1].txt - [2014 octets] - [29/07/2014 08:46:43]
AdwCleaner[R2].txt - [2074 octets] - [29/07/2014 08:52:39]
AdwCleaner[R3].txt - [2134 octets] - [29/07/2014 21:05:32]
AdwCleaner[S0].txt - [1769 octets] - [29/07/2014 21:06:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1829 octets] ##########



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:00 AM

Posted 30 July 2014 - 05:34 AM

Hi matchead,

 

I still need the mbrdump.txt attached.

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users