Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe com surrogate virus?


  • This topic is locked This topic is locked
59 replies to this topic

#1 norcress

norcress

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 30 August 2014 - 08:18 PM

After short use windows produces low memory error messages.  When using file explorer eventually the icons show up blank and everything freezes.

Task Manager shows exceptional amount of memory being used by dllhost.exe.  Have used Kaspersky and Malwarebytes, nothing shows up.  Kaspersky will not complete a full scan due to memory issues.

Also tried AWD and Combofix before reading your pages here saying I shouldnt do that until talking to you first.  Too late there, but problems still persist same as before.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Norm and Chris at 18:04:47 on 2014-08-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8175.6644 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T27L10NSP25EP3/webex/ieatgpc1.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{DE0D3A8A-DAD4-4A43-82E1-55EFBCB91E32} : DHCPNameServer = 64.59.160.13 64.59.161.68
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Norm and Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9os22ho9.default-1398220993701\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Norm and Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Norm and Chris\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-6-10 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-22 203776]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-6-17 214512]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-22 1127448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-22 2656280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-22 115216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-5 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-5 29280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-22 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-6-8 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-30 19:27:15    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-08-30 19:11:14    98816    ----a-w-    C:\Windows\sed.exe
2014-08-30 19:11:14    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-30 19:11:14    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-30 09:15:51    --------    d-----w-    C:\Users\Norm and Chris\AppData\Roaming\SUPERAntiSpyware.com
2014-08-30 09:14:32    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-08-30 09:14:31    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-08-30 07:30:01    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{6D87ADD8-F95E-4E23-82FD-AC3D38C5A40D}
2014-08-29 16:31:20    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{17B342DE-F23B-4525-97D6-C6C32432C974}
2014-08-29 09:55:01    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11D72BB8-6CD5-4951-A708-A103AC4FC2F4}\mpengine.dll
2014-08-29 03:26:03    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{36993B94-6D0F-4F97-9158-44143B01A983}
2014-08-28 15:25:48    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{0518517F-2D3C-47DC-9684-D6FB47F1494B}
2014-08-28 09:18:10    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 09:18:10    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 09:18:09    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-27 22:43:23    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{D04DE9A5-6771-42B2-8DAD-9E3A257F4388}
2014-08-26 23:40:20    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{445CBE3A-47F3-4F3F-BDC6-C01AB67DEF0E}
2014-08-26 11:38:57    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{B0060CB4-57F1-42C5-AEAF-95A7117CFDF5}
2014-08-25 23:38:40    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{022E37DD-8C25-4E08-97D4-6ACC32235D86}
2014-08-25 01:39:38    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{AC7AADD6-7B9E-42C8-AC97-0F4BA5B907FD}
2014-08-22 08:28:54    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{89B97D9D-B1AB-4733-922D-1BB3B3185985}
2014-08-21 19:29:46    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{6F9E97FC-4888-4038-8ACC-3FEA3D016715}
2014-08-21 07:15:52    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{F296F7A5-E47D-4E84-A398-8C8201E5CC3D}
2014-08-20 18:20:38    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{F3AFDCFD-B79C-4A91-99FC-66F0B19BDD45}
2014-08-19 18:07:24    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{5D3C7C95-2582-4D68-B3B7-184B7C751990}
2014-08-19 05:09:06    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{4986DD6E-7D18-4D88-A41A-A2062B10AF8C}
2014-08-18 17:08:51    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{91A9DC7F-F7F3-49FD-A7B2-C8D8CB226CEA}
2014-08-18 00:03:47    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{635B5163-11FD-4487-92F1-84B3556373BA}
2014-08-17 18:57:17    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{1E814532-3C14-4A8D-840D-F6E564F33B9C}
2014-08-17 01:11:00    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{CBF642E3-1E59-401F-8799-79A084CBE1E5}
2014-08-15 20:19:15    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{61AAECE5-8F9E-4C8E-BA8F-E80019B0FC06}
2014-08-15 10:02:17    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-15 10:02:17    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-15 10:02:17    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-15 10:02:17    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-15 10:02:10    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-15 10:02:10    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-15 10:01:45    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 10:01:45    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-15 06:16:28    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{39CB9F75-CA7F-46E7-94D9-C1EBC6769AFE}
2014-08-14 18:15:32    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{CB3B1BE4-B44B-4AD4-9CFC-5B186DECB5AB}
2014-08-14 17:43:57    810176    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-08-14 17:42:57    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-14 17:42:56    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 17:42:56    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-14 17:42:56    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-08-13 20:08:20    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{74316BF2-736F-494F-9E08-5A85E3C3C180}
2014-08-13 00:16:46    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{1C87DE0E-44AD-435E-806E-3A8C9552A6CB}
2014-08-12 18:11:41    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-12 05:54:59    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{24CE0823-FA86-40DA-B276-8782AB35393A}
2014-08-11 17:27:30    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{CA11BB34-37C1-4641-9B6B-E09FC4A76E33}
2014-08-11 01:24:42    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{F10E5635-66ED-432C-812D-F5B2C7129E28}
2014-08-10 03:00:35    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{723E2FEB-B8C8-4A4D-B981-C76B7A0114D1}
2014-08-09 01:51:49    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{EE02DD0D-774F-47E8-A028-E841695108E2}
2014-08-08 13:37:11    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{5ECBBA35-57F7-48E3-91DE-3A3407C46A4C}
2014-08-07 21:02:27    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{D2917F63-9C1A-4880-BCE3-AEF8C15BC829}
2014-08-07 05:40:01    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{9DA53D75-CE5E-4624-92CE-57B4B7819D11}
2014-08-06 17:22:16    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{55FF55D6-0038-42F2-9E4F-A5ED45C285FB}
2014-08-06 05:21:55    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{43F0F06E-06C8-4AEB-ADFA-D6C7F3A30356}
2014-08-05 17:20:22    227728    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 16:27:29    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{28F9472D-D565-44A3-B5F5-984CB74CCAAB}
2014-08-05 02:10:21    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{F3D7262F-3FC8-4387-A40E-08B10C144081}
2014-08-04 00:51:51    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{A0764577-5C41-437F-83C0-8CA4FE2D44EB}
2014-08-02 17:23:17    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{DA523659-BEF0-4A04-A13B-4E56BC366EFB}
2014-08-02 17:21:43    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{BC5B411D-0454-4E51-AB2A-2ED4CCF61797}
2014-08-01 16:28:44    --------    d-----w-    C:\Users\Norm and Chris\AppData\Local\{39662672-F4FB-470E-81CF-FC0409750DD8}
.
==================== Find3M  ====================
.
2014-08-29 07:01:58    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-15 20:18:24    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 20:18:24    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 16:20:00    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37    112064    ----a-w-    C:\Windows\System32\consent.exe
2014-06-03 10:02:21    504320    ----a-w-    C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-06-03 10:02:12    1941504    ----a-w-    C:\Windows\System32\authui.dll
2014-06-03 09:29:50    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50    2363392    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
.
============= FINISH: 18:05:26.85 ===============
 



BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 02 September 2014 - 05:36 PM

Hello norcress,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 02 September 2014 - 08:43 PM

Hello Cody

 

Attached are the reports from the Farbar REcovery Scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Norm and Chris at 2014-09-02 18:36:01
Running from C:\Users\Norm and Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMDPKDI0
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{9A6AD916-D45D-1D1C-E2C0-A0402F511999}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0113.2337.42366 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help English (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help French (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help German (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
ccc-utility64 (Version: 2011.0113.2337.42366 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW 10 (HKLM-x32\...\CorelDRAW 10) (Version:  - )
CorelDRAW 10 (x32 Version: 10 - Corel) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW® Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DT Max - Demo Database (HKLM-x32\...\{97E1C648-DCEB-4508-9D08-A6F94313D3E0}) (Version: 14.30.0000 - Logiciel Dr Tax Software Inc.)
DT Max - English knowledge base (HKLM-x32\...\{021017F4-FBC3-4438-87BD-74888789CDDD}) (Version: 14.30.0000 - Logiciel Dr Tax Software Inc.)
DT Max - French knowledge base (HKLM-x32\...\{2A19D8AD-0C13-4551-84F1-5FEA99674CF2}) (Version: 14.30.0000 - Logiciel Dr Tax Software Inc.)
DT Max - System (HKLM-x32\...\{51A64F91-BB6F-4D27-9BD0-DA8F08277E7F}) (Version: 14.30.0000 - Logiciel Dr Tax Software Inc.)
DT Max - T1 (HKLM-x32\...\{0B48DD77-AA94-4D90-AFE0-507A6428A189}) (Version: 14.30.0000 - Logiciel Dr Tax Software Inc.)
DT Max - Updater (HKLM-x32\...\{0EBA4D07-32EE-4F0E-B375-1356E69C748B}) (Version: 6.30.0000 - Logiciel Dr Tax Software Inc.)
DVDStyler v2.7.2 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlashPlayer (HKLM-x32\...\{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
HyperLoad - Wiffle Baseball (HKLM-x32\...\{67F69C6C-8F2F-4C18-AAA8-9BD64BA1B7FB}) (Version: 2.0 - Kraft)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: /Qt-5.2.0 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.105.02020 (HKLM-x32\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.105.02020 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NWZ-E460 WALKMAN Guide (HKLM-x32\...\{A4D58206-7E8F-41F2-BD94-85009F3AEA28}) (Version: 2.0.2.04130 - Sony Corporation)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.304 - SanDisk Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 10:26:04 Windows Update
22-08-2014 15:27:09 Windows Update
26-08-2014 10:26:07 Windows Update
28-08-2014 10:00:16 Windows Update
30-08-2014 19:11:22 ComboFix created restore point
02-09-2014 12:06:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-08-30 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {080FC44C-D481-4736-91EE-C557325A47A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {36B87D08-4ADB-453B-923F-91D27998E9EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4267D7D7-B82A-41CF-8736-534D80501DA8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {429809B6-DE06-49D4-AE1F-D58CBAD7386E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {4AF9DC9D-7168-4D0E-9624-8BD3B7F029C5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68E26AF0-E5F0-4954-A2A1-9B7EB40636D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {720AAADD-0E78-4BFE-9D05-EBE6EB8CCB42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {82C35A3D-8098-4F64-9876-9A308B344257} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {82E8DBB7-ABBC-4299-9A8E-8AD1CAE2777C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {8817F240-4D30-421F-B3CE-4CCA62F2CBAF} - System32\Tasks\HPCeeScheduleForNORMANDCHRIS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9F2F1976-92F3-4A90-8675-48A5A60E1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {A9C9E635-94FC-4DE4-931F-1E4976BD746D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B019BDC7-68B6-41D1-A9A6-E63CFEE1A698} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {DAC46EA1-80AA-4EE1-9F7C-BD7DD49B817F} - System32\Tasks\HPCeeScheduleForNorm and Chris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNorm and Chris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNORMANDCHRIS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 05:42:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/02/2014 05:42:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/02/2014 00:06:21 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/02/2014 00:06:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 05:42:07 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 05:42:06 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 01:33:32 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 01:33:32 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 00:38:25 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.

Error: (09/01/2014 00:38:21 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.


System errors:
=============
Error: (09/01/2014 04:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/01/2014 04:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/01/2014 04:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/01/2014 04:54:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/01/2014 04:54:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/31/2014 07:16:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/30/2014 05:44:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/30/2014 00:25:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/30/2014 00:24:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/30/2014 00:23:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (09/02/2014 05:42:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/02/2014 05:42:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/02/2014 00:06:21 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/02/2014 00:06:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 05:42:07 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 05:42:06 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 01:33:32 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 01:33:32 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 00:38:25 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/01/2014 00:38:21 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: FlashPlayer -- Error 1706. No se encuentra ningún paquete de instalación para el producto FlashPlayer. Vuelva a intentar la instalación usando una copia válida del paquete de instalación 'Installer.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-09-02 03:35:45.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 03:35:45.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:34.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:34.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 01:25:14.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.52 MB
Available physical RAM: 5962.64 MB
Total Pagefile: 27566.26 MB
Available Pagefile: 24738.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.76 GB) (Free:1579.48 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.16 GB) (Free:1.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:501.98 GB) NTFS
Drive k: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 56FFF76E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1850.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 00554AF6)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

NEXT LOG

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Norm and Chris (administrator) on NORMANDCHRIS-HP on 02-09-2014 18:35:13
Running from C:\Users\Norm and Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMDPKDI0
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Norm and Chris\Desktop\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Norm and Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMDPKDI0\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-03-25] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D64EADFC-8B9F-41F4-9537-2B2ADDD7D404} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D64EADFC-8B9F-41F4-9537-2B2ADDD7D404} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D64EADFC-8B9F-41F4-9537-2B2ADDD7D404} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://join-test.webex.com/client/T27L10NSP25EP3/webex/ieatgpc1.cab
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 64.59.160.13 64.59.161.68

FireFox:
========
FF ProfilePath: C:\Users\Norm and Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9os22ho9.default-1398220993701
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Norm and Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Norm and Chris\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2085863142-1833678121-224026311-1001\FireFox\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: MEGA - C:\Users\Norm and Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9os22ho9.default-1398220993701\Extensions\firefox@mega.co.nz.xpi [2014-05-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Norm and Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9os22ho9.default-1398220993701\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-22]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-07-30]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-01]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-31] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-11-23] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:34 - 2014-09-02 18:35 - 00000000 ____D () C:\FRST
2014-09-02 18:32 - 2014-09-02 18:33 - 00002376 _____ () C:\Users\Norm and Chris\Desktop\FSS.txt
2014-09-02 18:30 - 2014-09-02 18:30 - 00415232 _____ (Farbar) C:\Users\Norm and Chris\Desktop\FSS.exe
2014-09-02 18:16 - 2014-09-02 18:16 - 00066708 _____ () C:\Users\Norm and Chris\Documents\bookmark.htm
2014-09-02 17:55 - 2014-09-02 17:55 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D7C69CE3-AF5E-4C39-B1CF-4D630D1CF143}
2014-09-02 13:52 - 2014-09-02 13:52 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F1EF261B-AB5A-4360-8332-C7BE385F5B96}
2014-09-02 00:00 - 2014-09-02 00:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{8335DE53-45B3-4BA9-A280-611482D8564D}
2014-09-01 19:57 - 2014-09-01 19:57 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\Adobe
2014-09-01 12:00 - 2014-09-01 12:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6F1DDD17-85F2-44A9-85DB-6876EB278EBD}
2014-08-31 19:18 - 2014-08-31 19:19 - 00486424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 19:18 - 2014-08-31 19:18 - 00001088 _____ () C:\Windows\PFRO.log
2014-08-31 18:25 - 2014-08-31 18:25 - 00133288 _____ () C:\Users\Norm and Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 18:23 - 2014-08-31 19:19 - 00000056 _____ () C:\Windows\setupact.log
2014-08-31 18:23 - 2014-08-31 18:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 12:48 - 2014-08-31 12:48 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{3DB17541-AB01-449E-B639-8EDE73FAA902}
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{46DB5EA6-D06E-4915-AF87-0FDD0B92A1A3}
2014-08-30 18:05 - 2014-08-30 18:05 - 00025055 _____ () C:\Users\Norm and Chris\Desktop\dds.txt
2014-08-30 18:05 - 2014-08-30 18:05 - 00010848 _____ () C:\Users\Norm and Chris\Desktop\attach.txt
2014-08-30 12:27 - 2014-08-30 12:27 - 00019510 _____ () C:\ComboFix.txt
2014-08-30 12:11 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 12:11 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 12:11 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 12:11 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 12:11 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 12:11 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 12:11 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 12:11 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 12:08 - 2014-08-30 12:27 - 00000000 ____D () C:\Qoobox
2014-08-30 12:08 - 2014-08-30 12:26 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 01:26 - 2014-08-30 01:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-30 00:30 - 2014-08-30 00:30 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6D87ADD8-F95E-4E23-82FD-AC3D38C5A40D}
2014-08-29 09:31 - 2014-08-29 09:31 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{17B342DE-F23B-4525-97D6-C6C32432C974}
2014-08-28 20:26 - 2014-08-28 20:26 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{36993B94-6D0F-4F97-9158-44143B01A983}
2014-08-28 08:25 - 2014-08-28 08:25 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{0518517F-2D3C-47DC-9684-D6FB47F1494B}
2014-08-28 02:18 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 02:18 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:18 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 01:16 - 2014-08-28 01:16 - 00049152 _____ () C:\Windows\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2014-08-27 15:43 - 2014-08-27 15:43 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D04DE9A5-6771-42B2-8DAD-9E3A257F4388}
2014-08-26 16:40 - 2014-08-26 16:40 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{445CBE3A-47F3-4F3F-BDC6-C01AB67DEF0E}
2014-08-26 04:38 - 2014-08-26 04:39 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{B0060CB4-57F1-42C5-AEAF-95A7117CFDF5}
2014-08-25 16:38 - 2014-08-25 16:38 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{022E37DD-8C25-4E08-97D4-6ACC32235D86}
2014-08-24 18:39 - 2014-08-24 18:40 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{AC7AADD6-7B9E-42C8-AC97-0F4BA5B907FD}
2014-08-22 08:27 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 08:27 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 08:27 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 08:27 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 08:27 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 08:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 08:27 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 08:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 01:37 - 2014-09-01 17:59 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNorm and Chris
2014-08-22 01:37 - 2014-09-01 17:59 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForNorm and Chris.job
2014-08-22 01:28 - 2014-08-22 01:28 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{89B97D9D-B1AB-4733-922D-1BB3B3185985}
2014-08-21 12:29 - 2014-08-21 12:29 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6F9E97FC-4888-4038-8ACC-3FEA3D016715}
2014-08-21 00:15 - 2014-08-21 00:15 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F296F7A5-E47D-4E84-A398-8C8201E5CC3D}
2014-08-20 11:20 - 2014-08-20 11:20 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F3AFDCFD-B79C-4A91-99FC-66F0B19BDD45}
2014-08-19 11:07 - 2014-08-19 11:07 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{5D3C7C95-2582-4D68-B3B7-184B7C751990}
2014-08-18 22:09 - 2014-08-18 22:09 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{4986DD6E-7D18-4D88-A41A-A2062B10AF8C}
2014-08-18 10:08 - 2014-08-18 10:08 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{91A9DC7F-F7F3-49FD-A7B2-C8D8CB226CEA}
2014-08-17 17:03 - 2014-08-17 17:03 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{635B5163-11FD-4487-92F1-84B3556373BA}
2014-08-17 11:57 - 2014-08-17 11:57 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{1E814532-3C14-4A8D-840D-F6E564F33B9C}
2014-08-16 18:11 - 2014-08-16 18:11 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CBF642E3-1E59-401F-8799-79A084CBE1E5}
2014-08-15 13:19 - 2014-08-15 13:19 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{61AAECE5-8F9E-4C8E-BA8F-E80019B0FC06}
2014-08-15 03:02 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:02 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:02 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:02 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:02 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:02 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 23:16 - 2014-08-14 23:16 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{39CB9F75-CA7F-46E7-94D9-C1EBC6769AFE}
2014-08-14 11:15 - 2014-08-14 11:15 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CB3B1BE4-B44B-4AD4-9CFC-5B186DECB5AB}
2014-08-14 10:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 10:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 10:44 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 10:44 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 10:44 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 10:44 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 10:44 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 10:44 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 10:44 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 10:44 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 10:44 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 10:44 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 10:44 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 10:44 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 10:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 10:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 10:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 10:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 10:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 10:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 10:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 10:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 10:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 10:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 10:43 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 10:43 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 10:43 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 10:43 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 10:43 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 10:43 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 10:43 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 10:43 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 10:43 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 10:43 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 10:43 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 10:43 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 10:43 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 10:43 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 10:43 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 10:43 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 10:43 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 10:43 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 10:43 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 10:43 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 10:43 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 10:43 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 10:43 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 10:43 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 10:43 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 10:43 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 10:43 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 10:43 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 10:43 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 10:43 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 10:43 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 10:43 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 10:43 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 10:43 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 10:43 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 10:43 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 10:43 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 10:43 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 10:43 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 10:43 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 10:43 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 10:43 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 10:43 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 10:43 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 10:43 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 10:43 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 10:43 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 10:43 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 10:43 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 10:43 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 10:43 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 10:43 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 10:43 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 10:43 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 10:43 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 10:43 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 10:42 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 10:42 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 10:42 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 10:42 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:08 - 2014-08-13 13:08 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{74316BF2-736F-494F-9E08-5A85E3C3C180}
2014-08-12 17:16 - 2014-08-12 17:16 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{1C87DE0E-44AD-435E-806E-3A8C9552A6CB}
2014-08-12 11:11 - 2014-08-12 11:11 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 11:11 - 2014-08-12 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 11:11 - 2014-08-12 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-11 22:54 - 2014-08-11 22:54 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{24CE0823-FA86-40DA-B276-8782AB35393A}
2014-08-11 10:27 - 2014-08-11 10:27 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CA11BB34-37C1-4641-9B6B-E09FC4A76E33}
2014-08-10 18:24 - 2014-08-10 18:24 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F10E5635-66ED-432C-812D-F5B2C7129E28}
2014-08-09 20:00 - 2014-08-09 20:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{723E2FEB-B8C8-4A4D-B981-C76B7A0114D1}
2014-08-08 18:51 - 2014-08-08 18:51 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{EE02DD0D-774F-47E8-A028-E841695108E2}
2014-08-08 06:37 - 2014-08-08 06:37 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{5ECBBA35-57F7-48E3-91DE-3A3407C46A4C}
2014-08-07 14:02 - 2014-08-07 14:02 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D2917F63-9C1A-4880-BCE3-AEF8C15BC829}
2014-08-06 22:40 - 2014-08-06 22:40 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{9DA53D75-CE5E-4624-92CE-57B4B7819D11}
2014-08-06 10:22 - 2014-08-06 10:22 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{55FF55D6-0038-42F2-9E4F-A5ED45C285FB}
2014-08-05 22:21 - 2014-08-05 22:22 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{43F0F06E-06C8-4AEB-ADFA-D6C7F3A30356}
2014-08-05 09:27 - 2014-08-05 09:27 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{28F9472D-D565-44A3-B5F5-984CB74CCAAB}
2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F3D7262F-3FC8-4387-A40E-08B10C144081}
2014-08-03 17:51 - 2014-08-03 17:52 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{A0764577-5C41-437F-83C0-8CA4FE2D44EB}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:35 - 2014-09-02 18:34 - 00000000 ____D () C:\FRST
2014-09-02 18:33 - 2014-09-02 18:32 - 00002376 _____ () C:\Users\Norm and Chris\Desktop\FSS.txt
2014-09-02 18:30 - 2014-09-02 18:30 - 00415232 _____ (Farbar) C:\Users\Norm and Chris\Desktop\FSS.exe
2014-09-02 18:23 - 2012-02-16 10:54 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 18:16 - 2014-09-02 18:16 - 00066708 _____ () C:\Users\Norm and Chris\Documents\bookmark.htm
2014-09-02 17:55 - 2014-09-02 17:55 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D7C69CE3-AF5E-4C39-B1CF-4D630D1CF143}
2014-09-02 17:55 - 2011-12-16 20:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-02 17:36 - 2012-04-09 01:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 16:34 - 2011-10-23 15:27 - 02052627 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 13:52 - 2014-09-02 13:52 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F1EF261B-AB5A-4360-8332-C7BE385F5B96}
2014-09-02 00:00 - 2014-09-02 00:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{8335DE53-45B3-4BA9-A280-611482D8564D}
2014-09-01 19:57 - 2014-09-01 19:57 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\Adobe
2014-09-01 19:23 - 2012-02-16 10:54 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 17:59 - 2014-08-22 01:37 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNorm and Chris
2014-09-01 17:59 - 2014-08-22 01:37 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForNorm and Chris.job
2014-09-01 17:59 - 2011-11-07 15:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-01 17:59 - 2011-10-24 12:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 12:00 - 2014-09-01 12:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6F1DDD17-85F2-44A9-85DB-6876EB278EBD}
2014-09-01 05:11 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 05:11 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 19:19 - 2014-08-31 19:18 - 00486424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 19:19 - 2014-08-31 18:23 - 00000056 _____ () C:\Windows\setupact.log
2014-08-31 19:19 - 2011-07-22 01:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-31 19:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 19:18 - 2014-08-31 19:18 - 00001088 _____ () C:\Windows\PFRO.log
2014-08-31 18:25 - 2014-08-31 18:25 - 00133288 _____ () C:\Users\Norm and Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 18:23 - 2014-08-31 18:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 17:54 - 2014-07-28 09:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 12:48 - 2014-08-31 12:48 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{3DB17541-AB01-449E-B639-8EDE73FAA902}
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{46DB5EA6-D06E-4915-AF87-0FDD0B92A1A3}
2014-08-30 18:11 - 2011-10-23 20:42 - 00000000 ___RD () C:\systemfiles
2014-08-30 18:05 - 2014-08-30 18:05 - 00025055 _____ () C:\Users\Norm and Chris\Desktop\dds.txt
2014-08-30 18:05 - 2014-08-30 18:05 - 00010848 _____ () C:\Users\Norm and Chris\Desktop\attach.txt
2014-08-30 12:27 - 2014-08-30 12:27 - 00019510 _____ () C:\ComboFix.txt
2014-08-30 12:27 - 2014-08-30 12:08 - 00000000 ____D () C:\Qoobox
2014-08-30 12:27 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-30 12:26 - 2014-08-30 12:08 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 12:25 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-30 11:56 - 2014-01-03 18:57 - 00000000 ____D () C:\AdwCleaner
2014-08-30 01:26 - 2014-08-30 01:26 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-30 00:30 - 2014-08-30 00:30 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6D87ADD8-F95E-4E23-82FD-AC3D38C5A40D}
2014-08-29 20:37 - 2011-10-25 18:16 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\CrashDumps
2014-08-29 09:31 - 2014-08-29 09:31 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{17B342DE-F23B-4525-97D6-C6C32432C974}
2014-08-28 20:26 - 2014-08-28 20:26 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{36993B94-6D0F-4F97-9158-44143B01A983}
2014-08-28 08:25 - 2014-08-28 08:25 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{0518517F-2D3C-47DC-9684-D6FB47F1494B}
2014-08-28 01:16 - 2014-08-28 01:16 - 00049152 _____ () C:\Windows\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2014-08-27 23:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-27 22:31 - 2014-02-27 20:53 - 00000000 ____D () C:\temp
2014-08-27 15:43 - 2014-08-27 15:43 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D04DE9A5-6771-42B2-8DAD-9E3A257F4388}
2014-08-26 16:40 - 2014-08-26 16:40 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{445CBE3A-47F3-4F3F-BDC6-C01AB67DEF0E}
2014-08-26 04:39 - 2014-08-26 04:38 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{B0060CB4-57F1-42C5-AEAF-95A7117CFDF5}
2014-08-25 16:38 - 2014-08-25 16:38 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{022E37DD-8C25-4E08-97D4-6ACC32235D86}
2014-08-24 18:40 - 2014-08-24 18:39 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{AC7AADD6-7B9E-42C8-AC97-0F4BA5B907FD}
2014-08-22 19:07 - 2014-08-28 02:18 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-28 02:18 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-28 02:18 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 01:28 - 2014-08-22 01:28 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{89B97D9D-B1AB-4733-922D-1BB3B3185985}
2014-08-21 12:29 - 2014-08-21 12:29 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{6F9E97FC-4888-4038-8ACC-3FEA3D016715}
2014-08-21 00:15 - 2014-08-21 00:15 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F296F7A5-E47D-4E84-A398-8C8201E5CC3D}
2014-08-20 11:20 - 2014-08-20 11:20 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F3AFDCFD-B79C-4A91-99FC-66F0B19BDD45}
2014-08-19 13:17 - 2012-01-08 16:45 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-19 13:17 - 2012-01-08 16:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-19 11:07 - 2014-08-19 11:07 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{5D3C7C95-2582-4D68-B3B7-184B7C751990}
2014-08-18 22:09 - 2014-08-18 22:09 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{4986DD6E-7D18-4D88-A41A-A2062B10AF8C}
2014-08-18 10:08 - 2014-08-18 10:08 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{91A9DC7F-F7F3-49FD-A7B2-C8D8CB226CEA}
2014-08-17 17:03 - 2014-08-17 17:03 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{635B5163-11FD-4487-92F1-84B3556373BA}
2014-08-17 11:57 - 2014-08-17 11:57 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{1E814532-3C14-4A8D-840D-F6E564F33B9C}
2014-08-16 18:11 - 2014-08-16 18:11 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CBF642E3-1E59-401F-8799-79A084CBE1E5}
2014-08-15 13:19 - 2014-08-15 13:19 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{61AAECE5-8F9E-4C8E-BA8F-E80019B0FC06}
2014-08-15 13:18 - 2012-04-09 01:31 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 13:18 - 2012-04-09 01:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 13:18 - 2011-10-23 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 07:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:12 - 2011-12-22 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:08 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:06 - 2011-10-24 16:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:00 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 23:16 - 2014-08-14 23:16 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{39CB9F75-CA7F-46E7-94D9-C1EBC6769AFE}
2014-08-14 19:24 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 11:15 - 2014-08-14 11:15 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CB3B1BE4-B44B-4AD4-9CFC-5B186DECB5AB}
2014-08-13 13:08 - 2014-08-13 13:08 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{74316BF2-736F-494F-9E08-5A85E3C3C180}
2014-08-12 17:16 - 2014-08-12 17:16 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{1C87DE0E-44AD-435E-806E-3A8C9552A6CB}
2014-08-12 11:12 - 2013-10-31 05:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-12 11:11 - 2014-08-12 11:11 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 11:11 - 2014-08-12 11:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 11:11 - 2014-08-12 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 11:11 - 2014-08-12 11:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 08:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 07:58 - 2014-02-25 21:30 - 00000974 _____ () C:\Users\Norm and Chris\Desktop\ATF-Cleaner(1).exe - Shortcut.lnk
2014-08-11 22:54 - 2014-08-11 22:54 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{24CE0823-FA86-40DA-B276-8782AB35393A}
2014-08-11 10:27 - 2014-08-11 10:27 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{CA11BB34-37C1-4641-9B6B-E09FC4A76E33}
2014-08-10 18:24 - 2014-08-10 18:24 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F10E5635-66ED-432C-812D-F5B2C7129E28}
2014-08-09 20:00 - 2014-08-09 20:00 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{723E2FEB-B8C8-4A4D-B981-C76B7A0114D1}
2014-08-08 18:51 - 2014-08-08 18:51 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{EE02DD0D-774F-47E8-A028-E841695108E2}
2014-08-08 06:37 - 2014-08-08 06:37 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{5ECBBA35-57F7-48E3-91DE-3A3407C46A4C}
2014-08-07 14:02 - 2014-08-07 14:02 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{D2917F63-9C1A-4880-BCE3-AEF8C15BC829}
2014-08-07 03:43 - 2011-12-12 16:49 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Roaming\vlc
2014-08-06 22:40 - 2014-08-06 22:40 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{9DA53D75-CE5E-4624-92CE-57B4B7819D11}
2014-08-06 19:06 - 2014-08-14 10:42 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-14 10:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:22 - 2014-08-06 10:22 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{55FF55D6-0038-42F2-9E4F-A5ED45C285FB}
2014-08-05 22:22 - 2014-08-05 22:21 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{43F0F06E-06C8-4AEB-ADFA-D6C7F3A30356}
2014-08-05 09:27 - 2014-08-05 09:27 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{28F9472D-D565-44A3-B5F5-984CB74CCAAB}
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 19:10 - 2014-08-04 19:10 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{F3D7262F-3FC8-4387-A40E-08B10C144081}
2014-08-04 03:23 - 2012-12-12 04:22 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNORMANDCHRIS-HP$
2014-08-04 03:23 - 2012-12-12 04:22 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForNORMANDCHRIS-HP$.job
2014-08-03 17:52 - 2014-08-03 17:51 - 00000000 ____D () C:\Users\Norm and Chris\AppData\Local\{A0764577-5C41-437F-83C0-8CA4FE2D44EB}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 00:32

==================== End Of Log ============================



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 03 September 2014 - 09:24 PM

Hello norcress,

 

Just wanted to give you an update on my progress:

 

Sorry for the delay, I am currently waiting for an instructor to be assigned to my case. I have our next steps ready to be approved, I just cannot post them until they approved by an instructor.

 

Thank you for your patience. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 03 September 2014 - 09:46 PM

Thanks for the heads-up, and thank you for taking the time to look at my problem.

 

Norman Cress



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 04 September 2014 - 02:31 PM

Hello norcress,
 
Given the amount of anti-virus and anti-malware tools you have run, I do not suspect that this issue is malware-related. We will make sure this is the case, and look further into what could be causing the high amount of memory usage by dllhost.exe.

Please do the following things.
 
===================================================
 
Process Explorer

  • Download and run Process Explorer
  • Expanding each process will show what other processes are associated with it, giving us information about what is hogging up your computer's resources.
  • Please include a screenshot of this window in your next post so we can determine what process(es) are using up your computer's memory.
     

===================================================

Upload to Virus Total

  • Connect to Virus Total
  • Ensure that the File tab is selected on the page (it should be by default).
  • Click Choose File.
  • Locate the file C:\Windows\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ and click Scan it! [Note that the file name may appear slightly different on your screen].
  • When the scan is complete, copy and paste the URL in your browser and include it in your next post.
     

===================================================
 
Post ComboFix Log

  • Navigate to C\ComboFix.txt
  • Open this file and copy and paste its contents into your next reply.
     

===================================================
 
What I'd like to see in your next post:   :thumbsup2:

  • Process Explorer screenshot.
  • Virus Total Screenshot.
  • ComboFix.txt

Edited by TheShooter93, 04 September 2014 - 02:34 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 04 September 2014 - 05:25 PM

Hello

 

For process explorer I did the prnt scrn to get a screen shot but I can't seem to be able to paste it or attach it to this email.  I am not sure why?

I did notice that as it ran occasionally the dllhost.exe file popped up in red and disappeared again.

 

 

I am also not able to locate the C:\Windows\SysWOW64 file in that directory and a windows search turns up nothing but an empty folder in the ADW Quarantine.

 

The combofix log is posted below.

 

 

ComboFix 14-08-29.03 - Norm and Chris 30/08/2014  12:22:15.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8175.6066 [GMT -7:00]
Running from: c:\systemfiles\winsysfiles_1\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI014C.txt
c:\windows\tmp\dd_vcredistMSI0305.txt
c:\windows\tmp\dd_vcredistMSI1C56.txt
c:\windows\tmp\dd_vcredistMSI1E57.txt
c:\windows\tmp\dd_vcredistMSI34BA.txt
c:\windows\tmp\dd_vcredistMSI3BFF.txt
c:\windows\tmp\dd_vcredistMSI4FC1.txt
c:\windows\tmp\dd_vcredistMSI546F.txt
c:\windows\tmp\dd_vcredistMSI5700.txt
c:\windows\tmp\dd_vcredistMSI5FFB.txt
c:\windows\tmp\dd_vcredistMSI70B4.txt
c:\windows\tmp\dd_vcredistUI014C.txt
c:\windows\tmp\dd_vcredistUI0305.txt
c:\windows\tmp\dd_vcredistUI1C56.txt
c:\windows\tmp\dd_vcredistUI1E57.txt
c:\windows\tmp\dd_vcredistUI34BA.txt
c:\windows\tmp\dd_vcredistUI3BFF.txt
c:\windows\tmp\dd_vcredistUI4FC1.txt
c:\windows\tmp\dd_vcredistUI546F.txt
c:\windows\tmp\dd_vcredistUI5700.txt
c:\windows\tmp\dd_vcredistUI5FFB.txt
c:\windows\tmp\dd_vcredistUI70B4.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
J:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-30  )))))))))))))))))))))))))))))))
.
.
2014-08-30 19:25 . 2014-08-30 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 09:15 . 2014-08-30 09:15 -------- d-----w- c:\users\Norm and Chris\AppData\Roaming\SUPERAntiSpyware.com
2014-08-30 09:14 . 2014-08-30 09:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-08-30 09:14 . 2014-08-30 09:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-29 09:55 . 2014-08-30 19:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11D72BB8-6CD5-4951-A708-A103AC4FC2F4}\offreg.dll
2014-08-29 09:55 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11D72BB8-6CD5-4951-A708-A103AC4FC2F4}\mpengine.dll
2014-08-28 09:18 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 09:18 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 09:18 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-15 10:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 10:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 10:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 10:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 10:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 10:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 10:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 10:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 17:43 . 2014-07-31 23:41 810176 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-08-14 17:42 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 17:42 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 17:42 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 17:42 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-12 18:11 . 2014-08-12 18:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-12 18:11 . 2014-08-12 18:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-12 18:11 . 2014-08-12 18:11 -------- d-----w- c:\program files (x86)\Java
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 07:01 . 2014-07-28 16:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-29 06:49 . 2011-11-01 22:49 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-15 20:18 . 2012-04-09 08:31 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-15 20:18 . 2011-10-24 04:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 10:06 . 2011-10-24 23:51 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 16:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-06-18 02:18 . 2014-07-09 05:55 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 05:55 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 05:55 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 05:55 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 05:53 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 05:53 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 05:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:18]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 17:54]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 17:54]
.
2014-08-30 c:\windows\Tasks\HPCeeScheduleForNorm and Chris.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2014-08-04 c:\windows\Tasks\HPCeeScheduleForNORMANDCHRIS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-26 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
mLocal Page = about:blank
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68
FF - ProfilePath - c:\users\Norm and Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9os22ho9.default-1398220993701\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.

 

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-30  12:27:10
ComboFix-quarantined-files.txt  2014-08-30 19:27
.
Pre-Run: 1,711,048,372,224 bytes free
Post-Run: 1,710,651,404,288 bytes free
.
- - End Of File - - 1512792AF1474C4CF42398494B979FD8
 



#8 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 04 September 2014 - 05:44 PM

Apologies, found the file you wanted scanned by virustotal  here it is

https://www.virustotal.com/ro/file/138052473bc937624003ee06427daca3c1d0dc899e59a198fcaee57fccaf8eb1/analysis/



#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 05 September 2014 - 09:44 AM

Hello norcress,

 

Thanks for the update and logs. :)

 

Let's see if we can get that screenshot attached.

 

========================================

 

Try using Snipping Tool (built-in to Windows 7 and later) to take the screenshot.

 

This utility will allow you to save the file immediately after taking the screenshot.

 

Once saved, attach the file to your post by doing the following:

  • Click "More Reply Options".
  • Under the text-entry box, click "Choose Files...".
  • Select the screenshot.
  • Click "Open".
  • Then post!

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 05 September 2014 - 09:35 PM

Attached as requested.  Thanks.



#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 05 September 2014 - 09:58 PM

Hi norcress,

 

I do not see an attachment in your post.

 

Please try attaching it again. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 05 September 2014 - 10:27 PM

Not working for me.  Max file size says 134 kb, my file size is just over 300 kb.



#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 05 September 2014 - 10:33 PM

Please try taking another screenshot and making it smaller. Only capture the Process Explorer window we are interested in.
 
Also, try the following.
 
==========

Managing Attachments
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0 bytes of 250K

Edited by TheShooter93, 05 September 2014 - 10:33 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 norcress

norcress
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 05 September 2014 - 10:37 PM

Done, thank you for your patience here.



#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:36 AM

Posted 05 September 2014 - 11:07 PM

Hi norcress,

 

Thanks for the screenshot. :)

 

According to it, there isn't anything using an exceptional amount of memory.

 

I do see some lines that weren't shown in the screenshot though. Please scroll down and take another screenshot of the remaining lines to see if there is anything that sticks out there.

 

==========

 

Are you still experiencing the low memory messages and symptoms?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users