Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WOW64 dllhost.exe trojan launches many processes


  • This topic is locked This topic is locked
14 replies to this topic

#1 stewmando

stewmando

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 October 2014 - 08:39 PM

I have the trojan virus on my system where my system is consumed by many processes of the dllhost.exe.  my antivius keeps showing alerts that is blocking outbound connections from C:/windows/WOW64/dllhost.exe

 

 

Below is the DDS.txt and enclosed is the attachment.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16453
Run by Robin at 16:30:14 on 2014-10-09
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3550.452 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\windows\system32\EscSvc64.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
C:\windows\syswow64\dllhost.exe
C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Robin\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
svchost.exe
C:\Windows\System32\SettingSyncHost.exe
C:\windows\system32\wuauclt.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\taskmgr.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\rundll32.exe
C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\SysWOW64\WerFault.exe
svchost.exe
C:\windows\System32\cscript.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by TOSHIBA
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe,
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATILAE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-410 Series"
uRun: [PCShowServer] "C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [EPLTarget\P0000000000000002] C:\windows\System32\spool\DRIVERS\x64\3\E_IATILAE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-410 Series"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E9459EAE-D39E-444B-8099-36FA09EE5C3C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E9459EAE-D39E-444B-8099-36FA09EE5C3C}\36861627C69656 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E9459EAE-D39E-444B-8099-36FA09EE5C3C}\9614175716C496E6B6D2954483 : DHCPNameServer = 192.168.4.1
TCP: Interfaces\{E9459EAE-D39E-444B-8099-36FA09EE5C3C}\C416155796E64716 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{E9459EAE-D39E-444B-8099-36FA09EE5C3C}\F447475627F505F607 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-10-09 23:25:52 0 ----a-w- C:\Users\Robin\AppData\Roaming\seetla.dll
2014-10-09 23:24:58 47104 ----a-w- C:\Users\Robin\AppData\Roaming\qyzdup.dll
2014-10-09 18:09:18 -------- d-----w- C:\FRST
2014-10-08 18:09:23 -------- d-----w- C:\Program Files\Enigma Software Group
2014-10-08 17:55:37 -------- d-----w- C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-08 17:55:31 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-10-08 04:28:49 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-07 21:11:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF081A51-3158-4AA2-8BD0-CD4E8014047C}\mpengine.dll
2014-10-07 02:34:52 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-07 02:33:33 92888 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-07 02:33:32 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-07 02:33:32 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-10-07 02:33:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-07 02:33:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 01:51:22 -------- d-----w- C:\Users\Robin\AppData\Roaming\Leceamh
2014-10-06 22:48:30 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-10-06 17:22:02 -------- d-----w- C:\ProgramData\j9tbgsdger04r
2014-10-06 14:55:17 -------- d-----w- C:\Users\Robin\AppData\Roaming\Itakaw
2014-10-05 17:43:41 -------- d-----w- C:\Users\Robin\AppData\Roaming\Exadixp
2014-10-05 16:07:50 -------- d-----w- C:\Users\Robin\AppData\Roaming\Alkiugc
2014-10-05 10:00:15 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2014-09-22 06:42:39 278152 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 16:51:33.72 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 13 October 2014 - 03:05 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2014 - 10:35 AM

here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Robin (administrator) on ROBIN on 13-10-2014 08:02:43
Running from C:\Users\Robin\Desktop
Loaded Profile: Robin (Available profiles: Robin)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(NDS Technologies) C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
() C:\Users\Robin\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1516680 2012-11-08] (Seagate Technology LLC)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122032 2012-11-08] (Seagate Technology LLC)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [PCShowServer] => C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [EPLTarget\P0000000000000002] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = 
SearchScopes: HKCU - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Robin\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Robin\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-26]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-26]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2014-10-07] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 08:00 - 2014-10-13 08:00 - 02110464 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-10-13 07:41 - 2014-10-13 07:41 - 00000117 _____ () C:\windows\system32\netcfg-314502180.txt
2014-10-13 07:41 - 2014-10-13 07:41 - 00000117 _____ () C:\windows\system32\netcfg-314495987.txt
2014-10-09 16:25 - 2014-10-09 16:25 - 00000000 _____ () C:\Users\Robin\AppData\Roaming\seetla.dll
2014-10-09 16:24 - 2014-10-09 16:24 - 00047104 _____ () C:\Users\Robin\AppData\Roaming\qyzdup.dll
2014-10-09 16:20 - 2014-10-09 16:20 - 00000117 _____ () C:\windows\system32\netcfg-54007.txt
2014-10-09 16:12 - 2014-10-09 16:52 - 00014508 _____ () C:\Users\Robin\Desktop\attach.txt
2014-10-09 16:12 - 2014-10-09 16:51 - 00010774 _____ () C:\Users\Robin\Desktop\dds.txt
2014-10-09 16:12 - 2014-10-09 16:06 - 00688992 ____R (Swearware) C:\Users\Robin\Desktop\dds (1).com
2014-10-09 11:12 - 2014-10-09 11:12 - 00050913 _____ () C:\Users\Robin\Desktop\Addition.txt
2014-10-09 11:10 - 2014-10-13 08:05 - 00016619 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-10-09 11:09 - 2014-10-13 08:03 - 00000000 ____D () C:\FRST
2014-10-09 10:10 - 2014-10-09 09:17 - 31766208 _____ (Microsoft Corporation) C:\Users\Robin\Desktop\Windows-KB890830-x64-V5.16.exe
2014-10-08 15:18 - 2014-10-08 15:18 - 00000117 _____ () C:\windows\system32\netcfg-95722.txt
2014-10-08 15:17 - 2014-10-08 15:17 - 00000117 _____ () C:\windows\system32\netcfg-44694.txt
2014-10-08 15:16 - 2014-10-08 15:16 - 00000117 _____ () C:\windows\system32\netcfg-61979.txt
2014-10-08 11:47 - 2014-10-08 11:47 - 00000117 _____ () C:\windows\system32\netcfg-4023047.txt
2014-10-08 11:47 - 2014-10-08 11:47 - 00000117 _____ () C:\windows\system32\netcfg-4022766.txt
2014-10-08 11:11 - 2014-10-08 11:11 - 00000117 _____ () C:\windows\system32\netcfg-1875849.txt
2014-10-08 11:11 - 2014-10-08 11:11 - 00000117 _____ () C:\windows\system32\netcfg-1871153.txt
2014-10-08 11:11 - 2014-10-08 11:11 - 00000000 _____ () C:\autoexec.bat
2014-10-08 11:09 - 2014-10-08 11:09 - 00003320 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2014-10-08 11:09 - 2014-10-08 11:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-08 10:55 - 2014-10-09 16:09 - 00000000 ____D () C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-08 10:53 - 2014-10-08 10:50 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Desktop\SpyHunter-Installer.exe
2014-10-08 10:41 - 2014-10-08 10:41 - 00000117 _____ () C:\windows\system32\netcfg-36675.txt
2014-10-08 10:40 - 2014-10-08 10:40 - 00000117 _____ () C:\windows\system32\netcfg-9073891.txt
2014-10-08 08:09 - 2014-10-08 08:09 - 00443160 _____ () C:\windows\Minidump\100814-22354-01.dmp
2014-10-07 21:28 - 2014-10-08 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-07 21:28 - 2014-10-08 10:38 - 00000000 ____D () C:\Users\Robin\Desktop\mbar
2014-10-07 21:26 - 2014-10-07 21:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Robin\Downloads\mbar-1.07.0.1012.exe
2014-10-07 20:56 - 2014-10-07 20:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Robin\Downloads\tdsskiller.exe
2014-10-07 18:53 - 2014-10-07 18:53 - 00000117 _____ () C:\windows\system32\netcfg-11911315.txt
2014-10-07 18:53 - 2014-10-07 18:53 - 00000117 _____ () C:\windows\system32\netcfg-11911269.txt
2014-10-07 17:14 - 2014-10-07 17:14 - 00000117 _____ () C:\windows\system32\netcfg-5939332.txt
2014-10-07 17:14 - 2014-10-07 17:14 - 00000117 _____ () C:\windows\system32\netcfg-5939192.txt
2014-10-07 15:35 - 2014-10-07 15:35 - 00000117 _____ () C:\windows\system32\netcfg-7707073.txt
2014-10-07 13:33 - 2014-10-07 13:33 - 00000162 ____H () C:\Users\Robin\Desktop\~$vermore-Pleasanton Rod & Gun Club - Club Shoot Results.htm
2014-10-07 13:27 - 2014-10-07 13:27 - 00000117 _____ () C:\windows\system32\netcfg-53960.txt
2014-10-07 13:27 - 2014-10-07 13:27 - 00000117 _____ () C:\windows\system32\netcfg-51059.txt
2014-10-07 13:26 - 2014-10-07 13:27 - 00564464 _____ () C:\windows\Minidump\100714-19640-01.dmp
2014-10-06 20:58 - 2014-10-06 20:58 - 00000117 _____ () C:\windows\system32\netcfg-680710.txt
2014-10-06 20:47 - 2014-10-06 20:47 - 00000117 _____ () C:\windows\system32\netcfg-38454.txt
2014-10-06 19:48 - 2014-10-06 19:48 - 00000117 _____ () C:\windows\system32\netcfg-43326703.txt
2014-10-06 19:46 - 2014-10-06 19:46 - 00000117 _____ () C:\windows\system32\netcfg-43229109.txt
2014-10-06 19:45 - 2014-10-06 19:45 - 00000117 _____ () C:\windows\system32\netcfg-43184477.txt
2014-10-06 19:44 - 2014-10-06 19:44 - 00000117 _____ () C:\windows\system32\netcfg-43111531.txt
2014-10-06 19:43 - 2014-10-06 19:43 - 00000117 _____ () C:\windows\system32\netcfg-43071954.txt
2014-10-06 19:42 - 2014-10-06 19:42 - 00000117 _____ () C:\windows\system32\netcfg-42956794.txt
2014-10-06 19:40 - 2014-10-06 19:40 - 00000117 _____ () C:\windows\system32\netcfg-42858841.txt
2014-10-06 19:38 - 2014-10-06 19:38 - 00000117 _____ () C:\windows\system32\netcfg-42721435.txt
2014-10-06 19:38 - 2014-10-06 19:38 - 00000117 _____ () C:\windows\system32\netcfg-42716443.txt
2014-10-06 19:34 - 2014-10-13 07:44 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 19:34 - 2014-10-06 19:34 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 19:34 - 2014-10-06 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 19:33 - 2014-10-07 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-06 19:33 - 2014-10-06 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 19:33 - 2014-10-06 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 19:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-06 19:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-06 19:28 - 2014-10-06 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 18:51 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Leceamh
2014-10-06 10:22 - 2014-10-06 20:47 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-10-06 10:20 - 2014-10-09 16:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-06 09:14 - 2014-10-06 09:14 - 00000117 _____ () C:\windows\system32\netcfg-5324563.txt
2014-10-06 09:14 - 2014-10-06 09:14 - 00000117 _____ () C:\windows\system32\netcfg-5324485.txt
2014-10-06 07:55 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Itakaw
2014-10-05 21:26 - 2014-10-05 21:26 - 00000117 _____ () C:\windows\system32\netcfg-20282797.txt
2014-10-05 21:26 - 2014-10-05 21:26 - 00000117 _____ () C:\windows\system32\netcfg-20282672.txt
2014-10-05 18:46 - 2014-10-05 18:46 - 00000117 _____ () C:\windows\system32\netcfg-10677394.txt
2014-10-05 18:46 - 2014-10-05 18:46 - 00000117 _____ () C:\windows\system32\netcfg-10677332.txt
2014-10-05 15:49 - 2014-10-05 15:49 - 00000117 _____ () C:\windows\system32\netcfg-31855.txt
2014-10-05 15:48 - 2014-10-05 15:48 - 00000117 _____ () C:\windows\system32\netcfg-14397176.txt
2014-10-05 13:39 - 2014-10-05 13:39 - 00000117 _____ () C:\windows\system32\netcfg-6644410.txt
2014-10-05 13:39 - 2014-10-05 13:39 - 00000117 _____ () C:\windows\system32\netcfg-6644004.txt
2014-10-05 13:08 - 2014-10-05 13:09 - 00000117 _____ () C:\windows\system32\netcfg-4800509.txt
2014-10-05 13:08 - 2014-10-05 13:08 - 00000117 _____ () C:\windows\system32\netcfg-4774223.txt
2014-10-05 11:49 - 2014-10-05 11:49 - 00000117 _____ () C:\windows\system32\netcfg-28875.txt
2014-10-05 11:48 - 2014-10-05 11:48 - 00000117 _____ () C:\windows\system32\netcfg-1130757.txt
2014-10-05 10:43 - 2014-10-06 20:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Exadixp
2014-10-05 10:00 - 2014-10-05 10:00 - 00000117 _____ () C:\windows\system32\netcfg-47611.txt
2014-10-05 09:58 - 2014-10-05 09:58 - 00000117 _____ () C:\windows\system32\netcfg-594925.txt
2014-10-05 09:51 - 2014-10-05 09:51 - 00000117 _____ () C:\windows\system32\netcfg-129293.txt
2014-10-05 09:48 - 2014-10-05 09:48 - 00000117 _____ () C:\windows\system32\netcfg--2128881386.txt
2014-10-05 09:15 - 2014-10-05 09:15 - 00150690 _____ () C:\Users\Robin\AppData\Local\gafjquad
2014-10-05 09:13 - 2014-10-05 09:13 - 00068415 _____ () C:\Users\Robin\AppData\Local\mkpfnrps
2014-10-05 09:07 - 2014-10-06 20:46 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Alkiugc
2014-10-05 08:57 - 2014-10-05 08:57 - 00000117 _____ () C:\windows\system32\netcfg--2131937243.txt
2014-10-05 08:57 - 2014-10-05 08:57 - 00000117 _____ () C:\windows\system32\netcfg--2131937118.txt
2014-10-04 08:21 - 2014-10-04 08:21 - 00000117 _____ () C:\windows\system32\netcfg-2074428333.txt
2014-10-04 08:21 - 2014-10-04 08:21 - 00000117 _____ () C:\windows\system32\netcfg-2074427990.txt
2014-10-03 07:37 - 2014-10-03 07:37 - 00000117 _____ () C:\windows\system32\netcfg-1985441650.txt
2014-10-03 07:37 - 2014-10-03 07:37 - 00000117 _____ () C:\windows\system32\netcfg-1985441541.txt
2014-10-02 11:41 - 2014-10-02 11:41 - 00000117 _____ () C:\windows\system32\netcfg-1913680597.txt
2014-10-02 11:41 - 2014-10-02 11:41 - 00000117 _____ () C:\windows\system32\netcfg-1913680161.txt
2014-10-02 09:39 - 2014-10-02 09:39 - 00000117 _____ () C:\windows\system32\netcfg-1906313294.txt
2014-10-02 09:39 - 2014-10-02 09:39 - 00000117 _____ () C:\windows\system32\netcfg-1906313216.txt
2014-10-01 08:44 - 2014-10-01 08:44 - 00000117 _____ () C:\windows\system32\netcfg-1816657351.txt
2014-10-01 08:44 - 2014-10-01 08:44 - 00000117 _____ () C:\windows\system32\netcfg-1816656961.txt
2014-10-01 08:10 - 2014-10-01 08:10 - 00000117 _____ () C:\windows\system32\netcfg-1814576672.txt
2014-10-01 08:10 - 2014-10-01 08:10 - 00000117 _____ () C:\windows\system32\netcfg-1814575939.txt
2014-09-30 10:01 - 2014-09-30 10:01 - 00000117 _____ () C:\windows\system32\netcfg-1734887680.txt
2014-09-30 10:01 - 2014-09-30 10:01 - 00000117 _____ () C:\windows\system32\netcfg-1734887586.txt
2014-09-30 07:56 - 2014-09-30 07:56 - 00000117 _____ () C:\windows\system32\netcfg-1727350601.txt
2014-09-30 07:56 - 2014-09-30 07:56 - 00000117 _____ () C:\windows\system32\netcfg-1727350476.txt
2014-09-30 03:31 - 2014-09-30 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1711458545.txt
2014-09-30 03:31 - 2014-09-30 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1711455628.txt
2014-09-30 03:31 - 2014-09-30 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1711449294.txt
2014-09-30 03:30 - 2014-09-30 03:30 - 00000117 _____ () C:\windows\system32\netcfg-1711387518.txt
2014-09-29 13:23 - 2014-09-29 13:23 - 00000117 _____ () C:\windows\system32\netcfg-1660603732.txt
2014-09-29 13:23 - 2014-09-29 13:23 - 00000117 _____ () C:\windows\system32\netcfg-1660603592.txt
2014-09-29 10:34 - 2014-09-29 10:34 - 00000117 _____ () C:\windows\system32\netcfg-1650463074.txt
2014-09-29 10:34 - 2014-09-29 10:34 - 00000117 _____ () C:\windows\system32\netcfg-1650462965.txt
2014-09-29 07:29 - 2014-09-29 07:29 - 00000117 _____ () C:\windows\system32\netcfg-1639331686.txt
2014-09-29 07:29 - 2014-09-29 07:29 - 00000117 _____ () C:\windows\system32\netcfg-1639329782.txt
2014-09-29 04:34 - 2014-09-29 04:34 - 00000117 _____ () C:\windows\system32\netcfg-1628866530.txt
2014-09-29 04:34 - 2014-09-29 04:34 - 00000117 _____ () C:\windows\system32\netcfg-1628866140.txt
2014-09-28 19:22 - 2014-09-28 19:22 - 00000117 _____ () C:\windows\system32\netcfg-1595747689.txt
2014-09-28 19:22 - 2014-09-28 19:22 - 00000117 _____ () C:\windows\system32\netcfg-1595747643.txt
2014-09-28 17:04 - 2014-09-28 17:04 - 00000117 _____ () C:\windows\system32\netcfg-1587473677.txt
2014-09-28 17:04 - 2014-09-28 17:04 - 00000117 _____ () C:\windows\system32\netcfg-1587471712.txt
2014-09-28 14:46 - 2014-09-28 14:46 - 00000117 _____ () C:\windows\system32\netcfg-1579153645.txt
2014-09-28 14:46 - 2014-09-28 14:46 - 00000117 _____ () C:\windows\system32\netcfg-1579153348.txt
2014-09-28 08:24 - 2014-09-28 08:24 - 00000117 _____ () C:\windows\system32\netcfg-1556266426.txt
2014-09-28 08:24 - 2014-09-28 08:24 - 00000117 _____ () C:\windows\system32\netcfg-1556266348.txt
2014-09-27 17:49 - 2014-09-27 17:49 - 00000117 _____ () C:\windows\system32\netcfg-1503773338.txt
2014-09-27 17:49 - 2014-09-27 17:49 - 00000117 _____ () C:\windows\system32\netcfg-1503773244.txt
2014-09-27 17:18 - 2014-09-27 17:18 - 00000117 _____ () C:\windows\system32\netcfg-1501917924.txt
2014-09-27 17:18 - 2014-09-27 17:18 - 00000117 _____ () C:\windows\system32\netcfg-1501916504.txt
2014-09-27 14:13 - 2014-09-27 14:13 - 00000117 _____ () C:\windows\system32\netcfg-1490775974.txt
2014-09-27 14:13 - 2014-09-27 14:13 - 00000117 _____ () C:\windows\system32\netcfg-1490775865.txt
2014-09-27 07:40 - 2014-09-27 07:40 - 00000117 _____ () C:\windows\system32\netcfg-1467200214.txt
2014-09-27 07:40 - 2014-09-27 07:40 - 00000117 _____ () C:\windows\system32\netcfg-1467200136.txt
2014-09-26 08:41 - 2014-09-26 08:41 - 00000117 _____ () C:\windows\system32\netcfg-1384503116.txt
2014-09-26 08:41 - 2014-09-26 08:41 - 00000117 _____ () C:\windows\system32\netcfg-1384502898.txt
2014-09-25 16:56 - 2014-09-25 16:56 - 00000117 _____ () C:\windows\system32\netcfg-1327803835.txt
2014-09-25 16:56 - 2014-09-25 16:56 - 00000117 _____ () C:\windows\system32\netcfg-1327803633.txt
2014-09-25 14:36 - 2014-09-25 14:36 - 00000117 _____ () C:\windows\system32\netcfg-1319356568.txt
2014-09-25 14:36 - 2014-09-25 14:36 - 00000117 _____ () C:\windows\system32\netcfg-1319356381.txt
2014-09-25 10:07 - 2014-09-25 10:07 - 00000117 _____ () C:\windows\system32\netcfg-1303272741.txt
2014-09-25 10:07 - 2014-09-25 10:07 - 00000117 _____ () C:\windows\system32\netcfg-1303272600.txt
2014-09-24 16:06 - 2014-09-24 16:06 - 00000117 _____ () C:\windows\system32\netcfg-1238387260.txt
2014-09-24 16:06 - 2014-09-24 16:06 - 00000117 _____ () C:\windows\system32\netcfg-1238387182.txt
2014-09-24 15:01 - 2014-09-24 15:01 - 00000117 _____ () C:\windows\system32\netcfg-1234454491.txt
2014-09-24 15:01 - 2014-09-24 15:01 - 00000117 _____ () C:\windows\system32\netcfg-1234454382.txt
2014-09-24 10:53 - 2014-09-24 10:53 - 00000117 _____ () C:\windows\system32\netcfg-1219597470.txt
2014-09-24 10:53 - 2014-09-24 10:53 - 00000117 _____ () C:\windows\system32\netcfg-1219597377.txt
2014-09-24 08:25 - 2014-09-24 08:25 - 00000117 _____ () C:\windows\system32\netcfg-1210704727.txt
2014-09-24 08:25 - 2014-09-24 08:25 - 00000117 _____ () C:\windows\system32\netcfg-1210703588.txt
2014-09-23 18:46 - 2014-09-23 18:46 - 00000117 _____ () C:\windows\system32\netcfg-1161565005.txt
2014-09-23 18:46 - 2014-09-23 18:46 - 00000117 _____ () C:\windows\system32\netcfg-1161564942.txt
2014-09-23 18:14 - 2014-09-23 18:14 - 00000117 _____ () C:\windows\system32\netcfg-1159673493.txt
2014-09-23 18:14 - 2014-09-23 18:14 - 00000117 _____ () C:\windows\system32\netcfg-1159673399.txt
2014-09-23 15:54 - 2014-09-23 15:54 - 00000117 _____ () C:\windows\system32\netcfg-1151267176.txt
2014-09-23 15:54 - 2014-09-23 15:54 - 00000117 _____ () C:\windows\system32\netcfg-1151265335.txt
2014-09-23 15:52 - 2014-09-23 15:52 - 00000117 _____ () C:\windows\system32\netcfg-1151163591.txt
2014-09-23 15:52 - 2014-09-23 15:52 - 00000117 _____ () C:\windows\system32\netcfg-1151162031.txt
2014-09-23 03:31 - 2014-09-23 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1106690249.txt
2014-09-23 03:31 - 2014-09-23 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1106688127.txt
2014-09-23 03:31 - 2014-09-23 03:31 - 00000117 _____ () C:\windows\system32\netcfg-1106681778.txt
2014-09-23 03:30 - 2014-09-23 03:30 - 00000117 _____ () C:\windows\system32\netcfg-1106620189.txt
2014-09-22 11:16 - 2014-09-22 11:16 - 00000117 _____ () C:\windows\system32\netcfg-1048199843.txt
2014-09-22 11:16 - 2014-09-22 11:16 - 00000117 _____ () C:\windows\system32\netcfg-1048199655.txt
2014-09-22 08:39 - 2014-09-22 08:39 - 00000117 _____ () C:\windows\system32\netcfg-1038752110.txt
2014-09-22 08:39 - 2014-09-22 08:39 - 00000117 _____ () C:\windows\system32\netcfg-1038752048.txt
2014-09-21 10:50 - 2014-09-21 10:50 - 00000117 _____ () C:\windows\system32\netcfg-960228570.txt
2014-09-21 10:50 - 2014-09-21 10:50 - 00000117 _____ () C:\windows\system32\netcfg-960228445.txt
2014-09-21 09:51 - 2014-09-21 09:51 - 00000117 _____ () C:\windows\system32\netcfg-956693681.txt
2014-09-21 09:51 - 2014-09-21 09:51 - 00000117 _____ () C:\windows\system32\netcfg-956693541.txt
2014-09-20 13:16 - 2014-09-20 13:16 - 00000117 _____ () C:\windows\system32\netcfg-882613689.txt
2014-09-20 13:16 - 2014-09-20 13:16 - 00000117 _____ () C:\windows\system32\netcfg-882613611.txt
2014-09-19 22:19 - 2014-09-19 22:19 - 00000117 _____ () C:\windows\system32\netcfg-828765357.txt
2014-09-19 22:19 - 2014-09-19 22:19 - 00000117 _____ () C:\windows\system32\netcfg-828765186.txt
2014-09-19 19:55 - 2014-09-19 19:55 - 00000117 _____ () C:\windows\system32\netcfg-820106350.txt
2014-09-19 19:55 - 2014-09-19 19:55 - 00000117 _____ () C:\windows\system32\netcfg-820106132.txt
2014-09-19 16:07 - 2014-09-19 16:07 - 00000117 _____ () C:\windows\system32\netcfg-806463642.txt
2014-09-19 16:07 - 2014-09-19 16:07 - 00000117 _____ () C:\windows\system32\netcfg-806462207.txt
2014-09-19 15:05 - 2014-09-19 15:05 - 00000117 _____ () C:\windows\system32\netcfg-802738837.txt
2014-09-19 15:05 - 2014-09-19 15:05 - 00000117 _____ () C:\windows\system32\netcfg-802738572.txt
2014-09-19 07:33 - 2014-09-19 07:33 - 00000117 _____ () C:\windows\system32\netcfg-775617096.txt
2014-09-19 07:33 - 2014-09-19 07:33 - 00000117 _____ () C:\windows\system32\netcfg-775616924.txt
2014-09-19 06:59 - 2014-09-19 06:59 - 00000117 _____ () C:\windows\system32\netcfg-773597055.txt
2014-09-19 06:59 - 2014-09-19 06:59 - 00000117 _____ () C:\windows\system32\netcfg-773596945.txt
2014-09-19 06:07 - 2014-09-19 06:07 - 00000117 _____ () C:\windows\system32\netcfg-770474117.txt
2014-09-19 06:07 - 2014-09-19 06:07 - 00000117 _____ () C:\windows\system32\netcfg-770472105.txt
2014-09-19 03:25 - 2014-09-19 03:25 - 00000117 _____ () C:\windows\system32\netcfg-760770231.txt
2014-09-19 03:25 - 2014-09-19 03:25 - 00000117 _____ () C:\windows\system32\netcfg-760769170.txt
2014-09-18 21:04 - 2014-09-18 21:04 - 00000117 _____ () C:\windows\system32\netcfg-737896928.txt
2014-09-18 21:04 - 2014-09-18 21:04 - 00000117 _____ () C:\windows\system32\netcfg-737896709.txt
2014-09-18 19:49 - 2014-09-18 19:49 - 00000117 _____ () C:\windows\system32\netcfg-733393288.txt
2014-09-18 19:49 - 2014-09-18 19:49 - 00000117 _____ () C:\windows\system32\netcfg-733392851.txt
2014-09-18 17:40 - 2014-09-18 17:40 - 00000117 _____ () C:\windows\system32\netcfg-725627699.txt
2014-09-18 17:40 - 2014-09-18 17:40 - 00000117 _____ () C:\windows\system32\netcfg-725627590.txt
2014-09-18 15:55 - 2014-09-18 15:55 - 00000117 _____ () C:\windows\system32\netcfg-719343167.txt
2014-09-18 15:55 - 2014-09-18 15:55 - 00000117 _____ () C:\windows\system32\netcfg-719342980.txt
2014-09-18 13:45 - 2014-09-18 13:45 - 00000117 _____ () C:\windows\system32\netcfg-711578264.txt
2014-09-18 13:45 - 2014-09-18 13:45 - 00000117 _____ () C:\windows\system32\netcfg-711577937.txt
2014-09-18 12:51 - 2014-09-18 12:51 - 00000117 _____ () C:\windows\system32\netcfg-708305660.txt
2014-09-18 12:51 - 2014-09-18 12:51 - 00000117 _____ () C:\windows\system32\netcfg-708305488.txt
2014-09-18 10:14 - 2014-09-18 10:14 - 00000117 _____ () C:\windows\system32\netcfg-698917223.txt
2014-09-18 10:14 - 2014-09-18 10:14 - 00000117 _____ () C:\windows\system32\netcfg-698916864.txt
2014-09-18 07:17 - 2014-09-18 07:17 - 00000117 _____ () C:\windows\system32\netcfg-688250390.txt
2014-09-18 07:17 - 2014-09-18 07:17 - 00000117 _____ () C:\windows\system32\netcfg-688249547.txt
2014-09-18 04:48 - 2014-09-18 04:48 - 00000117 _____ () C:\windows\system32\netcfg-679347007.txt
2014-09-18 04:48 - 2014-09-18 04:48 - 00000117 _____ () C:\windows\system32\netcfg-679346867.txt
2014-09-17 22:44 - 2014-09-17 22:44 - 00000117 _____ () C:\windows\system32\netcfg-657487305.txt
2014-09-17 22:44 - 2014-09-17 22:44 - 00000117 _____ () C:\windows\system32\netcfg-657487102.txt
2014-09-17 20:28 - 2014-09-17 20:28 - 00000117 _____ () C:\windows\system32\netcfg-649341166.txt
2014-09-17 20:28 - 2014-09-17 20:28 - 00000117 _____ () C:\windows\system32\netcfg-649341073.txt
2014-09-17 17:14 - 2014-09-17 17:14 - 00000117 _____ () C:\windows\system32\netcfg-637676145.txt
2014-09-17 17:14 - 2014-09-17 17:14 - 00000117 _____ () C:\windows\system32\netcfg-637676020.txt
2014-09-17 16:06 - 2014-09-17 16:06 - 00000117 _____ () C:\windows\system32\netcfg-633626686.txt
2014-09-17 16:06 - 2014-09-17 16:06 - 00000117 _____ () C:\windows\system32\netcfg-633626562.txt
2014-09-17 14:21 - 2014-09-17 14:21 - 00000117 _____ () C:\windows\system32\netcfg-627316352.txt
2014-09-17 14:21 - 2014-09-17 14:21 - 00000117 _____ () C:\windows\system32\netcfg-627316259.txt
2014-09-17 10:34 - 2014-09-17 10:34 - 00000117 _____ () C:\windows\system32\netcfg-613697371.txt
2014-09-17 10:34 - 2014-09-17 10:34 - 00000117 _____ () C:\windows\system32\netcfg-613697247.txt
2014-09-17 09:30 - 2014-09-17 09:30 - 00000117 _____ () C:\windows\system32\netcfg-609857500.txt
2014-09-17 09:30 - 2014-09-17 09:30 - 00000117 _____ () C:\windows\system32\netcfg-609857313.txt
2014-09-17 06:19 - 2014-09-17 06:19 - 00000117 _____ () C:\windows\system32\netcfg-598418400.txt
2014-09-17 06:19 - 2014-09-17 06:19 - 00000117 _____ () C:\windows\system32\netcfg-598417682.txt
2014-09-17 02:04 - 2014-09-17 02:04 - 00000117 _____ () C:\windows\system32\netcfg-583124062.txt
2014-09-17 02:04 - 2014-09-17 02:04 - 00000117 _____ () C:\windows\system32\netcfg-583123952.txt
2014-09-16 20:01 - 2014-09-16 20:01 - 00000117 _____ () C:\windows\system32\netcfg-561313531.txt
2014-09-16 20:01 - 2014-09-16 20:01 - 00000117 _____ () C:\windows\system32\netcfg-561313297.txt
2014-09-16 18:06 - 2014-09-16 18:06 - 00000117 _____ () C:\windows\system32\netcfg-554433122.txt
2014-09-16 18:06 - 2014-09-16 18:06 - 00000117 _____ () C:\windows\system32\netcfg-554433028.txt
2014-09-16 15:37 - 2014-09-16 15:37 - 00000117 _____ () C:\windows\system32\netcfg-545493235.txt
2014-09-16 15:37 - 2014-09-16 15:37 - 00000117 _____ () C:\windows\system32\netcfg-545493126.txt
2014-09-16 14:26 - 2014-09-16 14:26 - 00000117 _____ () C:\windows\system32\netcfg-541257309.txt
2014-09-16 14:26 - 2014-09-16 14:26 - 00000117 _____ () C:\windows\system32\netcfg-541257215.txt
2014-09-16 12:05 - 2014-09-16 12:05 - 00000117 _____ () C:\windows\system32\netcfg-532788529.txt
2014-09-16 12:05 - 2014-09-16 12:05 - 00000117 _____ () C:\windows\system32\netcfg-532788420.txt
2014-09-16 11:14 - 2014-09-16 11:14 - 00000117 _____ () C:\windows\system32\netcfg-529694671.txt
2014-09-16 11:14 - 2014-09-16 11:14 - 00000117 _____ () C:\windows\system32\netcfg-529694577.txt
2014-09-16 10:36 - 2014-09-16 10:36 - 00000117 _____ () C:\windows\system32\netcfg-527410395.txt
2014-09-16 10:36 - 2014-09-16 10:36 - 00000117 _____ () C:\windows\system32\netcfg-527410332.txt
2014-09-16 09:35 - 2014-09-16 09:35 - 00000117 _____ () C:\windows\system32\netcfg-523755869.txt
2014-09-16 09:35 - 2014-09-16 09:35 - 00000117 _____ () C:\windows\system32\netcfg-523755588.txt
2014-09-16 06:51 - 2014-09-16 06:51 - 00000117 _____ () C:\windows\system32\netcfg-513949615.txt
2014-09-16 06:51 - 2014-09-16 06:51 - 00000117 _____ () C:\windows\system32\netcfg-513949505.txt
2014-09-16 03:31 - 2014-09-16 03:31 - 00000117 _____ () C:\windows\system32\netcfg-501933747.txt
2014-09-16 03:31 - 2014-09-16 03:31 - 00000117 _____ () C:\windows\system32\netcfg-501930642.txt
2014-09-16 03:31 - 2014-09-16 03:31 - 00000117 _____ () C:\windows\system32\netcfg-501924122.txt
2014-09-16 03:30 - 2014-09-16 03:30 - 00000117 _____ () C:\windows\system32\netcfg-501862408.txt
2014-09-15 23:11 - 2014-09-15 23:11 - 00000117 _____ () C:\windows\system32\netcfg-486347952.txt
2014-09-15 23:11 - 2014-09-15 23:11 - 00000117 _____ () C:\windows\system32\netcfg-486346064.txt
2014-09-15 22:58 - 2014-09-15 22:58 - 00000117 _____ () C:\windows\system32\netcfg-485558805.txt
2014-09-15 22:58 - 2014-09-15 22:58 - 00000117 _____ () C:\windows\system32\netcfg-485558431.txt
2014-09-15 15:44 - 2014-09-15 15:44 - 00000117 _____ () C:\windows\system32\netcfg-459490555.txt
2014-09-15 15:44 - 2014-09-15 15:44 - 00000117 _____ () C:\windows\system32\netcfg-459490477.txt
2014-09-15 13:51 - 2014-09-15 13:51 - 00000117 _____ () C:\windows\system32\netcfg-452714339.txt
2014-09-15 13:51 - 2014-09-15 13:51 - 00000117 _____ () C:\windows\system32\netcfg-452714277.txt
2014-09-15 12:53 - 2014-09-15 12:53 - 00000117 _____ () C:\windows\system32\netcfg-449279541.txt
2014-09-15 12:53 - 2014-09-15 12:53 - 00000117 _____ () C:\windows\system32\netcfg-449279385.txt
2014-09-15 10:39 - 2014-09-15 10:39 - 00000117 _____ () C:\windows\system32\netcfg-441237564.txt
2014-09-15 10:39 - 2014-09-15 10:39 - 00000117 _____ () C:\windows\system32\netcfg-441237471.txt
2014-09-15 09:18 - 2014-09-15 09:18 - 00000117 _____ () C:\windows\system32\netcfg-436339819.txt
2014-09-15 09:18 - 2014-09-15 09:18 - 00000117 _____ () C:\windows\system32\netcfg-436339632.txt
2014-09-14 22:01 - 2014-09-14 22:01 - 00000117 _____ () C:\windows\system32\netcfg-395750247.txt
2014-09-14 22:01 - 2014-09-14 22:01 - 00000117 _____ () C:\windows\system32\netcfg-395750122.txt
2014-09-14 11:06 - 2014-09-14 11:06 - 00000117 _____ () C:\windows\system32\netcfg-356458665.txt
2014-09-14 11:06 - 2014-09-14 11:06 - 00000117 _____ () C:\windows\system32\netcfg-356458493.txt
2014-09-14 09:02 - 2014-09-14 09:02 - 00000117 _____ () C:\windows\system32\netcfg-348983627.txt
2014-09-14 09:02 - 2014-09-14 09:02 - 00000117 _____ () C:\windows\system32\netcfg-348983534.txt
2014-09-14 07:20 - 2014-09-14 07:20 - 00000117 _____ () C:\windows\system32\netcfg-342888060.txt
2014-09-14 07:20 - 2014-09-14 07:20 - 00000117 _____ () C:\windows\system32\netcfg-342887873.txt
2014-09-13 11:34 - 2014-09-13 11:34 - 00000117 _____ () C:\windows\system32\netcfg-271744896.txt
2014-09-13 11:34 - 2014-09-13 11:34 - 00000117 _____ () C:\windows\system32\netcfg-271744818.txt
2014-09-13 09:41 - 2014-09-13 09:41 - 00000117 _____ () C:\windows\system32\netcfg-264942098.txt
2014-09-13 09:41 - 2014-09-13 09:41 - 00000117 _____ () C:\windows\system32\netcfg-264941880.txt
2014-09-13 07:05 - 2014-09-13 07:05 - 00000117 _____ () C:\windows\system32\netcfg-255583348.txt
2014-09-13 07:05 - 2014-09-13 07:05 - 00000117 _____ () C:\windows\system32\netcfg-255583239.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 08:03 - 2013-07-21 19:03 - 00000931 _____ () C:\windows\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job
2014-10-13 08:03 - 2013-07-21 19:03 - 00000931 _____ () C:\windows\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job
2014-10-13 08:03 - 2013-07-21 19:03 - 00000745 _____ () C:\windows\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job
2014-10-13 08:03 - 2013-07-21 19:03 - 00000745 _____ () C:\windows\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job
2014-10-13 08:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-13 07:56 - 2012-12-26 19:06 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-10-13 07:54 - 2012-12-26 18:55 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 07:53 - 2012-12-26 16:26 - 01251212 _____ () C:\windows\WindowsUpdate.log
2014-10-13 07:43 - 2012-12-26 18:55 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 16:19 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-09 10:10 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-08 15:15 - 2012-09-06 21:39 - 01463650 _____ () C:\windows\PFRO.log
2014-10-08 15:15 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-08 10:40 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-08 08:09 - 2013-08-08 18:26 - 408884225 _____ () C:\windows\MEMORY.DMP
2014-10-08 08:09 - 2013-05-23 16:49 - 00000000 ____D () C:\windows\Minidump
2014-10-08 02:51 - 2012-12-26 16:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\VirtualStore
2014-10-07 21:29 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-07 21:24 - 2012-07-26 00:21 - 00027221 _____ () C:\windows\setupact.log
2014-10-07 15:35 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-05 16:15 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-10-05 10:27 - 2012-09-06 21:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 23:42 - 2013-01-01 20:56 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-18 07:19 - 2013-06-19 09:26 - 00000000 ____D () C:\Users\Robin\Documents\Quicken
2014-09-17 06:20 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
 
Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\APNSetup.exe
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivnejl.dll
C:\Users\Robin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robin\AppData\Local\Temp\ose00000.exe
C:\Users\Robin\AppData\Local\Temp\SHSetup.exe
C:\Users\Robin\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-04 03:00
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Robin at 2014-10-13 08:16:59
Running from C:\Users\Robin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{a1bb9be6-729f-4049-a36a-aad335c86c01}) (Version: 9.2 - DIRECTV)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.15.0 - Seagate)
Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
22-09-2014 10:11:09 Scheduled Checkpoint
29-09-2014 15:40:34 Scheduled Checkpoint
08-10-2014 17:37:32 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14D87FE9-2448-45B9-85E4-386A07FB94C1} - System32\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {42625710-9867-40C0-B8C2-C7C4A40F8DFA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {6529F6F5-C7C8-4EA7-880C-154F4AB3D083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {82541BD0-7F5A-4138-9BA3-1732D31220A2} - System32\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {82A40EC9-C43D-4C75-884C-BCB4FF474955} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {97258E41-8531-4994-8452-65DFE739C9D7} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {999CEAA6-3D93-40EB-9C14-E7CA2E9B80E4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {9BB4305F-64CF-4F65-9507-CC8195D76F5F} - System32\Tasks\Robin DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-11-08] (Seagate Technology LLC)
Task: {9E802B59-EBAF-4659-90F3-ACEF37DE0D7F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {9F445BD8-9CD5-4A42-B39C-C67B5E5C6C81} - System32\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7448268-6B98-466B-A491-88CAFF2CC5EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {A92F2BDB-E40F-4AA7-B408-73B86BF0BA24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {AB838322-D404-4DA7-B021-4924657142B5} - System32\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CBBA8C46-57B7-464A-ABE0-23EE34F43A86} - System32\Tasks\Robin Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {DBB713DB-B671-42B0-8BF7-DCDD9E8AF89E} - System32\Tasks\Robin => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-26 00:58 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07877480 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-07-25 13:44 - 2012-07-25 13:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 13:44 - 2012-07-25 13:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2012-07-25 13:44 - 2012-07-25 13:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd
2012-08-08 11:22 - 2012-08-08 11:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00332128 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 03094880 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 02157928 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07554400 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00689000 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 01403224 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00091976 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\z.dll
2014-10-07 14:00 - 2014-09-30 22:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-07 14:00 - 2014-09-30 22:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-07 14:00 - 2014-09-30 22:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-07 14:00 - 2014-09-30 22:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKCU\...\StartupApproved\Run: => "eajmmimb"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1537218251-1274046669-3348939743-500 - Administrator - Disabled)
Guest (S-1-5-21-1537218251-1274046669-3348939743-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1537218251-1274046669-3348939743-1003 - Limited - Enabled)
Robin (S-1-5-21-1537218251-1274046669-3348939743 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 07:56:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x10e8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 07:53:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x26d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 07:53:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x5540
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 07:48:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x5420
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 07:45:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x54f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 07:43:17 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/13/2014 07:43:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00310020
Faulting process id: 0x13cc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (10/10/2014 03:04:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error: (10/10/2014 03:00:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error: (10/09/2014 06:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x4dbc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
 
System errors:
=============
Error: (10/13/2014 08:17:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:17:34 AM) (Source: DCOM) (EventID: 10010) (User: ROBIN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/13/2014 08:17:03 AM) (Source: DCOM) (EventID: 10010) (User: ROBIN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/13/2014 08:16:39 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:16:39 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:14:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:12:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:11:54 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:08:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (10/13/2014 08:08:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 52%
Total physical RAM: 3550.25 MB
Available physical RAM: 1690.95 MB
Total Pagefile: 7134.25 MB
Available Pagefile: 4085.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:455.51 GB) (Free:378.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 13 October 2014 - 01:35 PM

Hi :)



FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CloseProcesses:
    HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    2014-10-09 16:25 - 2014-10-09 16:25 - 00000000 _____ () C:\Users\Robin\AppData\Roaming\seetla.dll
    2014-10-09 16:24 - 2014-10-09 16:24 - 00047104 _____ () C:\Users\Robin\AppData\Roaming\qyzdup.dll
    2014-10-06 18:51 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Leceamh
    2014-10-06 10:22 - 2014-10-06 20:47 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
    2014-10-06 07:55 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Itakaw
    2014-10-05 10:43 - 2014-10-06 20:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Exadixp
    2014-10-05 09:15 - 2014-10-05 09:15 - 00150690 _____ () C:\Users\Robin\AppData\Local\gafjquad
    2014-10-05 09:13 - 2014-10-05 09:13 - 00068415 _____ () C:\Users\Robin\AppData\Local\mkpfnrps
    2014-10-05 09:07 - 2014-10-06 20:46 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Alkiugc
    C:\windows\system32\netcfg*.txt
    CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    EmptyTemp
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2014 - 02:09 PM

enclosed are the logs system seems to run better.  Can you tell me if there is any antivirus programs I can use in future to prevent this type of virus?  had windows defender and that didn't work.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Robin at 2014-10-13 11:43:41 Run:1
Running from C:\Users\Robin\Desktop
Loaded Profile: Robin (Available profiles: Robin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
2014-10-09 16:25 - 2014-10-09 16:25 - 00000000 _____ () C:\Users\Robin\AppData\Roaming\seetla.dll
2014-10-09 16:24 - 2014-10-09 16:24 - 00047104 _____ () C:\Users\Robin\AppData\Roaming\qyzdup.dll
2014-10-06 18:51 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Leceamh
2014-10-06 10:22 - 2014-10-06 20:47 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-10-06 07:55 - 2014-10-06 20:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Itakaw
2014-10-05 10:43 - 2014-10-06 20:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Exadixp
2014-10-05 09:15 - 2014-10-05 09:15 - 00150690 _____ () C:\Users\Robin\AppData\Local\gafjquad
2014-10-05 09:13 - 2014-10-05 09:13 - 00068415 _____ () C:\Users\Robin\AppData\Local\mkpfnrps
2014-10-05 09:07 - 2014-10-06 20:46 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Alkiugc
C:\windows\system32\netcfg*.txt
CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp
end
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
C:\Users\Robin\AppData\Roaming\seetla.dll => Moved successfully.
C:\Users\Robin\AppData\Roaming\qyzdup.dll => Moved successfully.
C:\Users\Robin\AppData\Roaming\Leceamh => Moved successfully.
C:\ProgramData\j9tbgsdger04r => Moved successfully.
C:\Users\Robin\AppData\Roaming\Itakaw => Moved successfully.
C:\Users\Robin\AppData\Roaming\Exadixp => Moved successfully.
C:\Users\Robin\AppData\Local\gafjquad => Moved successfully.
C:\Users\Robin\AppData\Local\mkpfnrps => Moved successfully.
C:\Users\Robin\AppData\Roaming\Alkiugc => Moved successfully.
C:\windows\system32\netcfg*.txt => Moved successfully.
"HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-1537218251-1274046669-3348939743-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
EmptyTemp => Error: No automatic fix found for this entry.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Robin (administrator) on ROBIN on 13-10-2014 11:57:18
Running from C:\Users\Robin\Desktop
Loaded Profile: Robin (Available profiles: Robin)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(NDS Technologies) C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Users\Robin\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1516680 2012-11-08] (Seagate Technology LLC)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122032 2012-11-08] (Seagate Technology LLC)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [PCShowServer] => C:\Users\Robin\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)
HKU\S-1-5-21-1537218251-1274046669-3348939743-1001\...\Run: [EPLTarget\P0000000000000002] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = 
SearchScopes: HKCU - {7EAC2283-7004-4F26-B4D6-15B464C98B05} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Robin\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Robin\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-26]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-26]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2014-10-07] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 11:47 - 2014-10-13 11:47 - 00000117 _____ () C:\windows\system32\netcfg-46675.txt
2014-10-13 11:46 - 2014-10-13 11:46 - 00000117 _____ () C:\windows\system32\netcfg-329225882.txt
2014-10-13 08:00 - 2014-10-13 08:00 - 02110464 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-10-09 16:12 - 2014-10-09 16:52 - 00014508 _____ () C:\Users\Robin\Desktop\attach.txt
2014-10-09 16:12 - 2014-10-09 16:51 - 00010774 _____ () C:\Users\Robin\Desktop\dds.txt
2014-10-09 16:12 - 2014-10-09 16:06 - 00688992 ____R (Swearware) C:\Users\Robin\Desktop\dds (1).com
2014-10-09 11:12 - 2014-10-13 08:17 - 00035408 _____ () C:\Users\Robin\Desktop\Addition.txt
2014-10-09 11:10 - 2014-10-13 11:57 - 00014681 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-10-09 11:09 - 2014-10-13 11:57 - 00000000 ____D () C:\FRST
2014-10-09 10:10 - 2014-10-09 09:17 - 31766208 _____ (Microsoft Corporation) C:\Users\Robin\Desktop\Windows-KB890830-x64-V5.16.exe
2014-10-08 11:11 - 2014-10-08 11:11 - 00000000 _____ () C:\autoexec.bat
2014-10-08 11:09 - 2014-10-08 11:09 - 00003320 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2014-10-08 11:09 - 2014-10-08 11:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-08 10:55 - 2014-10-09 16:09 - 00000000 ____D () C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-08 10:53 - 2014-10-08 10:50 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Desktop\SpyHunter-Installer.exe
2014-10-08 08:09 - 2014-10-08 08:09 - 00443160 _____ () C:\windows\Minidump\100814-22354-01.dmp
2014-10-07 21:28 - 2014-10-08 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-07 21:28 - 2014-10-08 10:38 - 00000000 ____D () C:\Users\Robin\Desktop\mbar
2014-10-07 21:26 - 2014-10-07 21:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Robin\Downloads\mbar-1.07.0.1012.exe
2014-10-07 20:56 - 2014-10-07 20:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Robin\Downloads\tdsskiller.exe
2014-10-07 13:33 - 2014-10-07 13:33 - 00000162 ____H () C:\Users\Robin\Desktop\~$vermore-Pleasanton Rod & Gun Club - Club Shoot Results.htm
2014-10-07 13:26 - 2014-10-07 13:27 - 00564464 _____ () C:\windows\Minidump\100714-19640-01.dmp
2014-10-06 19:34 - 2014-10-13 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 19:34 - 2014-10-06 19:34 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 19:34 - 2014-10-06 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 19:33 - 2014-10-07 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-06 19:33 - 2014-10-06 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 19:33 - 2014-10-06 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 19:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-06 19:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-06 19:28 - 2014-10-06 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 10:20 - 2014-10-09 16:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 11:52 - 2012-12-26 18:55 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 11:51 - 2012-12-26 16:26 - 01327946 _____ () C:\windows\WindowsUpdate.log
2014-10-13 11:48 - 2012-12-26 18:55 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 11:47 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 11:46 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-13 11:41 - 2012-12-26 19:06 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-10-13 11:03 - 2013-07-21 19:03 - 00000931 _____ () C:\windows\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job
2014-10-13 11:03 - 2013-07-21 19:03 - 00000931 _____ () C:\windows\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job
2014-10-13 11:03 - 2013-07-21 19:03 - 00000745 _____ () C:\windows\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job
2014-10-13 11:03 - 2013-07-21 19:03 - 00000745 _____ () C:\windows\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job
2014-10-13 11:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-09 10:10 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-08 15:15 - 2012-09-06 21:39 - 01463650 _____ () C:\windows\PFRO.log
2014-10-08 10:40 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-08 08:09 - 2013-08-08 18:26 - 408884225 _____ () C:\windows\MEMORY.DMP
2014-10-08 08:09 - 2013-05-23 16:49 - 00000000 ____D () C:\windows\Minidump
2014-10-08 02:51 - 2012-12-26 16:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\VirtualStore
2014-10-07 21:29 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-07 21:24 - 2012-07-26 00:21 - 00027221 _____ () C:\windows\setupact.log
2014-10-07 15:35 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-05 16:15 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-10-05 10:27 - 2012-09-06 21:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 23:42 - 2013-01-01 20:56 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-18 07:19 - 2013-06-19 09:26 - 00000000 ____D () C:\Users\Robin\Documents\Quicken
2014-09-17 06:20 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
 
Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\APNSetup.exe
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivnejl.dll
C:\Users\Robin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robin\AppData\Local\Temp\ose00000.exe
C:\Users\Robin\AppData\Local\Temp\SHSetup.exe
C:\Users\Robin\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-13 08:42
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Robin at 2014-10-13 11:58:26
Running from C:\Users\Robin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{a1bb9be6-729f-4049-a36a-aad335c86c01}) (Version: 9.2 - DIRECTV)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.15.0 - Seagate)
Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-09-2014 15:40:34 Scheduled Checkpoint
08-10-2014 17:37:32 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14D87FE9-2448-45B9-85E4-386A07FB94C1} - System32\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {42625710-9867-40C0-B8C2-C7C4A40F8DFA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {6529F6F5-C7C8-4EA7-880C-154F4AB3D083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {82541BD0-7F5A-4138-9BA3-1732D31220A2} - System32\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {82A40EC9-C43D-4C75-884C-BCB4FF474955} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {97258E41-8531-4994-8452-65DFE739C9D7} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {999CEAA6-3D93-40EB-9C14-E7CA2E9B80E4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {9BB4305F-64CF-4F65-9507-CC8195D76F5F} - System32\Tasks\Robin DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-11-08] (Seagate Technology LLC)
Task: {9E802B59-EBAF-4659-90F3-ACEF37DE0D7F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {9F445BD8-9CD5-4A42-B39C-C67B5E5C6C81} - System32\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7448268-6B98-466B-A491-88CAFF2CC5EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {A92F2BDB-E40F-4AA7-B408-73B86BF0BA24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {AB838322-D404-4DA7-B021-4924657142B5} - System32\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CBBA8C46-57B7-464A-ABE0-23EE34F43A86} - System32\Tasks\Robin Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {DBB713DB-B671-42B0-8BF7-DCDD9E8AF89E} - System32\Tasks\Robin => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\EPSON XP-410 Series Invitation {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Invitation {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Update {029BABD7-8D8F-4F08-BF80-D1C732A7D563}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\EPSON XP-410 Series Update {49697430-FEDA-4647-9A4A-0D89A0485EE4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-26 00:58 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07877480 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-07-25 13:44 - 2012-07-25 13:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 13:44 - 2012-07-25 13:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2012-07-25 13:44 - 2012-07-25 13:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd
2012-08-08 11:22 - 2012-08-08 11:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00332128 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 03094880 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 02157928 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07554400 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00689000 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 01403224 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00091976 _____ () C:\Users\Robin\AppData\Local\DIRECTV Player\z.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKCU\...\StartupApproved\Run: => "eajmmimb"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1537218251-1274046669-3348939743-500 - Administrator - Disabled)
Guest (S-1-5-21-1537218251-1274046669-3348939743-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1537218251-1274046669-3348939743-1003 - Limited - Enabled)
Robin (S-1-5-21-1537218251-1274046669-3348939743 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 11:49:30 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/13/2014 11:41:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061233
Faulting process id: 0x3e30
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 11:29:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x41e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 11:23:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x4374
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 11:14:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1c40
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 11:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x32cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 10:43:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x38d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 10:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061233
Faulting process id: 0x5200
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 10:32:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x3f4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/13/2014 09:58:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: MSHTML.dll, version: 10.0.9200.16458, time stamp: 0x50a47b1f
Exception code: 0xc00000fd
Fault offset: 0x00073593
Faulting process id: 0x9fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
 
System errors:
=============
Error: (10/13/2014 11:46:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (10/13/2014 11:46:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (10/13/2014 11:46:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (10/13/2014 11:46:32 AM) (Source: DCOM) (EventID: 10010) (User: ROBIN)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/13/2014 11:45:20 AM) (Source: DCOM) (EventID: 10010) (User: ROBIN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/13/2014 11:44:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/13/2014 11:43:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Dashboard Services service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/13/2014 11:43:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/13/2014 11:43:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/13/2014 11:43:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 35%
Total physical RAM: 3550.25 MB
Available physical RAM: 2298.31 MB
Total Pagefile: 7134.25 MB
Available Pagefile: 5700.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:455.51 GB) (Free:377.34 GB) NTFS
Drive e: () (Removable) (Total:3.8 GB) (Free:1.6 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 8A109495)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)
 
==================== End Of Log ============================


#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 13 October 2014 - 02:14 PM


warning.gif SpyHunter warning!

I see that you are running SpyHunter. This software doesn't have a good reputation here. Enigma Software vendor has been well-known for applying very aggressive advertising policy and misleading the users. You may read about it here. We consider this program as a dubious and ineffective one. My best advice would be to uninstall it.



5204fb054866c-TFC_nieuw_25x25.png Clean Temporary Files with TFC

Please download TFC by OldTimer and save it to your desktop.

  • Right-click on 5204fb054866c-TFC_nieuw_25x25.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Close any open programs and save your current work.
  • Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.


Also please update me how is your machine behaving.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2014 - 04:40 PM

System is running fine with no unknown processes and low CPU.  I had unistalled Spyhunter and deleted the installer.  Any recommendations to keep viruses/trojans off the system?



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 13 October 2014 - 04:46 PM

Yes, there will be some. But first I need to get some more reports to make sure that everything is gone.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2014 - 10:48 PM

malwarebytes reported no threats but eset found six with the following report

 

C:\Users\All Users\Windows Genuine Advantage\{2B2C5BEB-3611-46ED-A010-CD359D8C4889}\msiexec.exe Win32/TrojanDownloader.Cerabit.A trojan
C:\Users\All Users\Windows Genuine Advantage\{65AE1C78-4B5D-4894-BF7C-D2C4916F5909}\msiexec.exe Win32/TrojanDownloader.Cerabit.A trojan
C:\FRST\Quarantine\C\Users\Robin\AppData\Roaming\qyzdup.dll.xBAD a variant of MSIL/Injector.FTG trojan cleaned by deleting - quarantined
C:\ProgramData\Windows Genuine Advantage\{2B2C5BEB-3611-46ED-A010-CD359D8C4889}\msiexec.exe Win32/TrojanDownloader.Cerabit.A trojan cleaned by deleting - quarantined
C:\ProgramData\Windows Genuine Advantage\{65AE1C78-4B5D-4894-BF7C-D2C4916F5909}\msiexec.exe Win32/TrojanDownloader.Cerabit.A trojan cleaned by deleting - quarantined


#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 14 October 2014 - 01:08 AM

Since you have already removed them, I wouldn't worry.



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 14 October 2014 - 10:55 AM

Here is the security check report

 

 Results of screen317's Security Check version 0.99.88  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 11.9.900.170 Flash Player out of Date!  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MsMpEng.exe   
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 15 October 2014 - 02:01 AM

Hi :)


updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

adobe-flash-player.jpeg.png Updating Adobe Flash Player manually

  • Visit Adobe website.
  • You will see a download option there for the newest Adobe Flash Player version.
  • In the center part you will be prompted to install Google Chrome as a recommended bundled installation. This is foistware. Remember to leave the box for Chrome UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Adobe_Reader_v9-0_icon.png Updating Adobe manually

  • Visit Adobe website.
  • You will see a download option there for the newest Adobe Acrobat version.
  • In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.

InternetSexplorer.png Updating Internet Explorer manually
IE is an integrated part of Windows core. Leaving it without updates is a great risk for your data security, even if you don't use it!

  • Visit THISwebsite.
  • You will find there IE 11 to be downloaded nad installed.

Remember to keep these always updated.


51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 stewmando

stewmando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 15 October 2014 - 06:08 PM

Ok I updated all applications to latest version,  to get latest IE I updated to Windows 8.1 to get IE 11.  Here is the log

 

# DelFix v10.8 - Logfile created 15/10/2014 at 16:05:32
# Updated 29/07/2014 by Xplode
# Username : Robin - ROBIN
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\Robin\Desktop\mbar
Deleted : C:\TDSSKiller.3.0.0.40_07.10.2014_20.57.55_log.txt
Deleted : C:\Users\Robin\Desktop\Addition.txt
Deleted : C:\Users\Robin\Desktop\dds (1).com
Deleted : C:\Users\Robin\Desktop\dds.txt
Deleted : C:\Users\Robin\Desktop\Fixlog.txt
Deleted : C:\Users\Robin\Desktop\FRST.txt
Deleted : C:\Users\Robin\Desktop\FRST64.exe
Deleted : C:\Users\Robin\Desktop\SecurityCheck.exe
Deleted : C:\Users\Robin\Desktop\TFC.exe
Deleted : C:\Users\Robin\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Robin\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 16 October 2014 - 03:47 AM

Subject to no further problems, I think that you are ready to go :)



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?




Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!
btn_donate_SM.gif


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.




Minion-Bye-smaller.jpg


Stay safe,
Naat :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:07 AM

Posted 17 October 2014 - 12:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users