Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHOST slowing down my clients computer


  • This topic is locked This topic is locked
13 replies to this topic

#1 twitterfon231

twitterfon231

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 15 October 2014 - 04:10 PM

Hello and good day,

 

I have a client in Hawaii who is having technical issues with their front desk computer. I have been trying to avoid having to go through a forum to find a solution to this issue, but after countless hours of researching people with similar problems this seems to be the best bet. 

 

This started a couple of weeks ago when I received a call about a slow desktop computer. Thinking that it was a simple scan and delete problem had me confident that the problem had been resolved but boy was I wrong. The computer was slow beyond usage and mind you I am accessing the computer remotely so this gives me little to no time to work with them because of the computer performance as well as our time difference. I am using a work around right now that i found on one of the posts similar to mine so this gives me a little more wiggle room to get this fixed. 

 

I have already taken the liberty of conducting a FRST scan of the computer since i do not have lots of time to troubleshoot at any given day. Thank you for all of your help.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 19 October 2014 - 06:19 PM

Greetings twitterfon231 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Only a partial FRST report is attached and we need to run a fresh copy anyway. Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 20 October 2014 - 10:46 AM

FRST.txt

 

 
LastRegBack: 2014-04-16 17:33
 
==================== End Of Log ============================

 

ADDITIONAL.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by tom at 2014-10-15 10:20:57
Running from C:\Users\tom\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-8480DN (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0400 - SEIKO EPSON CORPORATION)
EPSON APD4 Point and Print Support (x32 Version: 4.55.0400 - SEIKO EPSON CORPORATION) Hidden
EPSON Port Communication Service (HKLM\...\{41D2226A-AD7F-423E-A85C-A09FBD4B53DE}) (Version: 3.9.0 - SEIKO EPSON CORPORATION)
Glary Utilities 5.9 (HKLM-x32\...\Glary Utilities 5) (Version: 5.9.0.16 - Glarysoft Ltd)
InstPortMon (x32 Version: 1.3.0.0 - InstPortMon) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-10-2014 17:30:34 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 16:34 - 2014-10-03 12:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00541A3E-FABA-4F95-B61D-393063573967} - System32\Tasks\Security Center Update - 445673937 => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [2014-09-06] () <==== ATTENTION
Task: {0E003354-BDC5-4579-89FD-E0276F576DB1} - System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB} => C:\Windows\system32\dmvuum.dll [2014-10-11] ()
Task: {3F7FA0B9-D521-4298-B92F-D87861C12A7A} - \adworld No Task File <==== ATTENTION
Task: {4B645C93-48F0-444D-911C-64C5A44C4F0C} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {51A34A7A-00D8-49A4-A0E1-8A1184FB12C7} - System32\Tasks\0214dUpdateInfo => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [2014-03-24] ()
Task: {702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09} - System32\Tasks\Security Center Update - 4140453936 => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [2014-07-18] () <==== ATTENTION
Task: {8E880F76-CF65-44B6-8054-5E356708A43C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-28] (Glarysoft Ltd)
Task: {9C206909-44AE-4E2F-A897-46CD3FD6F8D2} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-08] ()
Task: {BA321B80-BE52-4149-B568-481B39B09524} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12] (Adobe Systems Incorporated)
Task: {BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0} - System32\Tasks\Security Center Update - 2303538506 => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [2014-09-30] (Marsukafa Corporatien) <==== ATTENTION
Task: {C47BC529-573C-44B9-87A5-D7622D0E082E} - System32\Tasks\Security Center Update - 1598005408 => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [2014-08-16] (Marsukafa Corporatien) <==== ATTENTION
Task: {E50E43F1-6327-4B8C-B5E9-522498BE6048} - System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92} => C:\Windows\system32\gkseo.dll [2014-10-09] ()
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\Security Center Update - 1598005408.job => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2303538506.job => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4140453936.job => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 445673937.job => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-16 08:45 - 2012-12-04 20:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2014-10-11 13:23 - 2014-07-18 01:33 - 00287117 _____ () C:\Windows\SysWOW64\kufyqy.exe
2014-10-11 13:23 - 2014-09-06 15:43 - 00287117 _____ () C:\Windows\SysWOW64\hazubumya.exe
2014-04-16 09:49 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-02-12 06:12 - 2013-08-18 16:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-02-12 06:12 - 2013-08-18 16:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-02-12 06:12 - 2013-08-18 16:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-07-18 01:33 - 2014-07-18 01:33 - 00287117 _____ () C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe
2014-09-28 20:53 - 2014-09-28 20:53 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-02-12 06:04 - 2013-08-21 13:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3247
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3348
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-884667269-1892758044-1726409162-500 - Administrator - Enabled) => C:\Users\Administrator.GSA-pc
concierge (S-1-5-21-884667269-1892758044-1726409162 - Administrator - Enabled)
Guest (S-1-5-21-884667269-1892758044-1726409162-501 - Limited - Disabled)
GuestServices (S-1-5-21-884667269-1892758044-1726409162-1000 - Administrator - Enabled) => C:\Users\GuestServices
tom (S-1-5-21-884667269-1892758044-1726409162-1001 - Administrator - Enabled) => C:\Users\tom
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 10:06:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 07:53:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: noinmu.exe, version: 1.0.0.3, time stamp: 0x5433ee04
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x005a6ce9
Faulting process id: 0x1d30
Faulting application start time: 0xnoinmu.exe0
Faulting application path: noinmu.exe1
Faulting module path: noinmu.exe2
Report Id: noinmu.exe3
 
Error: (10/15/2014 07:49:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/14/2014 07:39:25 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3028) WebCacheLocal: Database recovery/restore failed with unexpected error -1018.
 
Error: (10/14/2014 07:39:25 AM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (3028) WebCacheLocal: Unable to read page 25032 of database C:\Users\concierge\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1018.
 
Error: (10/14/2014 06:52:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/13/2014 09:06:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_ec1f840d.exe, version: 6.3.2491.40887, time stamp: 0x4be492c0
Faulting module name: UpdateFlashPlayer_ec1f840d.exe, version: 6.3.2491.40887, time stamp: 0x4be492c0
Exception code: 0xc0000005
Fault offset: 0x0000a600
Faulting process id: 0x23cc
Faulting application start time: 0xUpdateFlashPlayer_ec1f840d.exe0
Faulting application path: UpdateFlashPlayer_ec1f840d.exe1
Faulting module path: UpdateFlashPlayer_ec1f840d.exe2
Report Id: UpdateFlashPlayer_ec1f840d.exe3
 
Error: (10/13/2014 09:06:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_bcc684c1.exe, version: 6.3.2491.40887, time stamp: 0x4be492c0
Faulting module name: UpdateFlashPlayer_bcc684c1.exe, version: 6.3.2491.40887, time stamp: 0x4be492c0
Exception code: 0xc0000005
Fault offset: 0x0000a600
Faulting process id: 0x1e50
Faulting application start time: 0xUpdateFlashPlayer_bcc684c1.exe0
Faulting application path: UpdateFlashPlayer_bcc684c1.exe1
Faulting module path: UpdateFlashPlayer_bcc684c1.exe2
Report Id: UpdateFlashPlayer_bcc684c1.exe3
 
Error: (10/13/2014 06:52:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 01:22:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_471509c2.exe, version: 0.0.0.0, time stamp: 0x542c3803
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00091368
Faulting process id: 0x243c
Faulting application start time: 0xUpdateFlashPlayer_471509c2.exe0
Faulting application path: UpdateFlashPlayer_471509c2.exe1
Faulting module path: UpdateFlashPlayer_471509c2.exe2
Report Id: UpdateFlashPlayer_471509c2.exe3
 
 
System errors:
=============
Error: (10/15/2014 10:05:06 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/15/2014 10:05:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
%%20
 
Error: (10/15/2014 10:04:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:02:53 AM on ‎10/‎15/‎2014 was unexpected.
 
Error: (10/15/2014 09:17:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/15/2014 09:17:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/15/2014 08:41:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/15/2014 08:09:13 AM) (Source: DCOM) (EventID: 10016) (User: CONCIERGE)
Description: application-specificLocalActivation{943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}{9209B1A6-964A-11D0-9372-00A0C9034910}CONCIERGEconciergeS-1-5-21-884667269-1892758044-1726409162-1002LocalHost (Using LRPC)
 
Error: (10/15/2014 08:08:23 AM) (Source: DCOM) (EventID: 10016) (User: CONCIERGE)
Description: application-specificLocalActivation{943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}{9209B1A6-964A-11D0-9372-00A0C9034910}CONCIERGEconciergeS-1-5-21-884667269-1892758044-1726409162-1002LocalHost (Using LRPC)
 
Error: (10/15/2014 08:08:08 AM) (Source: DCOM) (EventID: 10016) (User: CONCIERGE)
Description: application-specificLocalActivation{943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}{9209B1A6-964A-11D0-9372-00A0C9034910}CONCIERGEconciergeS-1-5-21-884667269-1892758044-1726409162-1002LocalHost (Using LRPC)
 
Error: (10/15/2014 08:07:54 AM) (Source: DCOM) (EventID: 10016) (User: CONCIERGE)
Description: application-specificLocalActivation{943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}{9209B1A6-964A-11D0-9372-00A0C9034910}CONCIERGEconciergeS-1-5-21-884667269-1892758044-1726409162-1002LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (05/15/2014 08:29:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 766 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-03 12:11:54.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-03 12:11:54.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 74%
Total physical RAM: 4014.77 MB
Available physical RAM: 1015.72 MB
Total Pagefile: 8027.73 MB
Available Pagefile: 3091.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.52 GB) (Free:390.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CF619733)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
SYSTEM INFORMATION:
 
OS Name Microsoft Windows 7 Enterprise
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name ADMIN
System Manufacturer Dell Inc.
System Model OptiPlex 390
System Type x64-based PC
Processor Intel® Pentium® CPU G630 @ 2.70GHz, 2700 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. A11, 10/14/2013
SMBIOS Version 2.6
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name TAN\lmillerjr
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.97 GB
Available Physical Memory 1.42 GB
Total Virtual Memory 7.95 GB
Available Virtual Memory 2.75 GB
Page File Space 3.97 GB
Page File C:\pagefile.sys
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 20 October 2014 - 12:34 PM

That is only half of the report. You should have a FRST.txt report as well. 

 

That is not the System Summary report I requested. Please follow the steps outlined.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 20 October 2014 - 02:08 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by tom (administrator) on CONCIERGE on 20-10-2014 08:36:34
Running from C:\Users\tom\Desktop\New folder
Loaded Profile: tom (Available profiles: GuestServices & tom & concierge & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Marsukafa Corporatien) C:\Windows\SysWOW64\uzqiacinl.exe
(Marsukafa Corporatien) C:\Windows\SysWOW64\irbauhok.exe
() C:\Windows\SysWOW64\kufyqy.exe
() C:\Windows\SysWOW64\hazubumya.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
(Marsukafa Corporatien) C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe
(Microsoft) C:\Users\tom\AppData\Local\Temp\conhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe
(Microsoft Corporation) C:\ProgramData\j9tbgsdger04r\defrag.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\ProgramData\j9tbgsdger04r\defrag.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe
(LogMeIn, Inc.) C:\Users\tom\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\tom\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\tom\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
() C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Egnunuhiud] => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM-x32\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [defrag.exe] => C:\ProgramData\j9tbgsdger04r\defrag.exe [336896 2014-10-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-28] (Glarysoft Ltd)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [svchost86x.sys] => C:\Users\tom\AppData\Local\Temp\conhost.exe [153088 2014-10-15] (Microsoft) <===== ATTENTION
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 24.25.227.15 209.18.47.65
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-10] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-29] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 LMIRescue_cc4ab88c-c638-4705-b394-97788fd66ce4; C:\Users\tom\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [3079488 2014-10-20] (LogMeIn, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-29] ()
R2 SecurityCenterServer1598005408; C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer2303538506; C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer4140453936; C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] () [File not signed]
R2 SecurityCenterServer445673937; C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] () [File not signed]
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-29] (SoftThinks SAS)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-01] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-01] ()
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-29] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-16] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-29] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-03-01] (Seiko Epson Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 10:11 - 2014-10-16 10:11 - 00000342 _____ () C:\Windows\Apd4Setup.log
2014-10-16 10:03 - 2014-10-16 10:04 - 00003406 _____ () C:\Windows\DPINST.LOG
2014-10-16 09:59 - 2014-10-16 10:02 - 00000188 _____ () C:\Windows\EAPSetup.log
2014-10-16 07:53 - 2014-10-16 08:02 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-15 10:39 - 2014-09-03 19:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 10:39 - 2014-09-03 19:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 10:38 - 2014-08-18 17:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 10:38 - 2014-08-18 17:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 10:38 - 2014-08-18 17:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 10:38 - 2014-08-18 17:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 10:38 - 2014-08-18 17:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 10:38 - 2014-08-18 17:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 10:38 - 2014-08-18 17:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 10:38 - 2014-08-18 17:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 10:38 - 2014-08-18 17:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 10:38 - 2014-08-18 17:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 10:38 - 2014-08-18 16:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 10:38 - 2014-08-18 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 10:38 - 2014-08-18 16:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 10:38 - 2014-07-06 16:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 10:38 - 2014-07-06 16:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 10:38 - 2014-07-06 16:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 10:38 - 2014-07-06 16:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 10:38 - 2014-07-06 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 10:38 - 2014-07-06 16:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 10:38 - 2014-07-06 16:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 10:38 - 2014-07-06 16:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 10:38 - 2014-07-06 16:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 10:38 - 2014-07-06 16:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 10:38 - 2014-07-06 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 10:38 - 2014-07-06 15:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 10:38 - 2014-07-06 15:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 10:38 - 2014-07-06 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 10:38 - 2014-07-06 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 10:38 - 2014-07-06 15:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 10:38 - 2014-07-06 15:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 10:38 - 2014-07-06 15:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 10:38 - 2014-07-06 15:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 10:38 - 2014-07-06 15:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 10:38 - 2014-07-06 15:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 10:38 - 2014-06-27 14:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 10:38 - 2014-06-27 14:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 10:38 - 2014-06-27 14:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 10:35 - 2014-09-19 19:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 10:35 - 2014-09-19 17:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 10:34 - 2014-09-19 19:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 10:34 - 2014-09-19 19:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 10:34 - 2014-09-19 19:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 10:34 - 2014-09-19 19:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 10:34 - 2014-09-19 19:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 10:34 - 2014-09-19 19:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 10:34 - 2014-09-19 19:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 10:34 - 2014-09-19 17:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 10:34 - 2014-09-19 17:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 10:34 - 2014-09-19 17:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 10:34 - 2014-09-19 17:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 10:34 - 2014-09-19 17:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 10:34 - 2014-09-19 17:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 10:34 - 2014-09-19 16:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 10:34 - 2014-09-19 16:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-15 10:30 - 2014-10-09 16:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 10:30 - 2014-10-09 16:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 10:30 - 2014-10-09 16:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 10:30 - 2014-09-28 14:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 10:30 - 2014-09-12 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 10:30 - 2014-09-12 15:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 10:30 - 2014-07-16 16:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 10:30 - 2014-07-16 16:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 10:30 - 2014-07-16 16:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 10:30 - 2014-07-16 15:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 10:30 - 2014-07-16 15:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 10:30 - 2014-07-16 15:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 10:30 - 2014-07-16 15:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 10:30 - 2014-07-16 15:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 10:30 - 2014-07-16 15:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 10:30 - 2014-07-16 15:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 10:30 - 2014-07-16 15:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 10:30 - 2014-06-18 12:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 10:30 - 2014-06-18 12:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 10:30 - 2014-06-18 12:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 10:30 - 2014-06-18 12:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 10:30 - 2014-06-18 12:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 10:30 - 2014-06-18 12:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 10:29 - 2014-09-17 16:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 10:29 - 2014-09-17 15:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:07 - 2014-10-15 08:07 - 00000027 _____ () C:\Users\concierge\Desktop\blessing in disguise.txt
2014-10-15 07:55 - 2014-10-15 07:56 - 00000027 _____ () C:\Users\concierge\Desktop\work around.bat
2014-10-13 09:28 - 2014-10-13 09:28 - 00000000 _____ () C:\Windows\system32\ekcpzf.dll
2014-10-13 09:04 - 2014-10-13 09:04 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-10-11 13:23 - 2014-10-11 22:00 - 00000822 _____ () C:\Windows\Tasks\Security Center Update - 4140453936.job
2014-10-11 13:23 - 2014-10-11 22:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 445673937.job
2014-10-11 13:23 - 2014-10-11 13:23 - 00003842 _____ () C:\Windows\System32\Tasks\Security Center Update - 4140453936
2014-10-11 13:23 - 2014-10-11 13:23 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 445673937
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Oworos
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Irepwe
2014-10-11 13:23 - 2014-09-06 15:43 - 00287117 _____ () C:\Windows\SysWOW64\hazubumya.exe
2014-10-11 13:23 - 2014-07-18 01:33 - 00287117 _____ () C:\Windows\SysWOW64\kufyqy.exe
2014-10-11 13:22 - 2014-10-11 13:22 - 00081408 _____ () C:\Windows\system32\dmvuum.dll
2014-10-11 13:22 - 2014-10-11 13:22 - 00003858 _____ () C:\Windows\System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB}
2014-10-09 13:02 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 1598005408.job
2014-10-09 13:02 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 1598005408
2014-10-09 13:02 - 2014-10-09 13:02 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-09 13:02 - 2014-10-09 13:02 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Sapiwo
2014-10-09 13:02 - 2014-09-30 16:30 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\irbauhok.exe
2014-10-09 13:02 - 2014-08-16 15:03 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\uzqiacinl.exe
2014-10-09 13:01 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 2303538506.job
2014-10-09 13:01 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 2303538506
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Duxiuf
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 _____ () C:\Windows\system32\umeqlia.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00081408 _____ () C:\Windows\system32\gkseo.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00003856 _____ () C:\Windows\System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92}
2014-10-09 06:40 - 2014-06-26 16:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-09 06:40 - 2014-06-26 15:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-09 06:40 - 2013-12-20 23:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-09 06:40 - 2013-12-20 21:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-08 08:14 - 2014-06-23 17:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-08 08:14 - 2014-06-23 16:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-08 08:14 - 2014-02-03 16:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-08 08:14 - 2014-02-03 16:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-08 08:14 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-08 08:14 - 2013-11-23 08:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-08 08:14 - 2013-11-23 07:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-08 08:14 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-07 22:00 - 2014-10-07 22:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-07 22:00 - 2014-10-07 22:00 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-07 22:00 - 2014-10-07 22:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-07 22:00 - 2014-10-07 22:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-07 22:00 - 2014-10-07 22:00 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-07 22:00 - 2014-10-07 22:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-07 22:00 - 2014-10-07 22:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-07 22:00 - 2014-10-07 22:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-07 21:58 - 2014-10-07 22:03 - 00008814 _____ () C:\Windows\IE10_main.log
2014-10-07 21:56 - 2014-10-07 21:58 - 00003397 _____ () C:\Windows\IE9_main.log
2014-10-03 12:52 - 2014-10-03 12:52 - 00019057 _____ () C:\ComboFix.txt
2014-10-03 11:44 - 2014-10-03 12:52 - 00000000 ____D () C:\Qoobox
2014-10-03 11:44 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-03 11:44 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-03 11:44 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-03 11:44 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-03 11:44 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-03 11:44 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-03 11:44 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-03 11:44 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-03 11:42 - 2014-10-03 12:51 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 11:19 - 2014-10-20 08:36 - 00000000 ____D () C:\Users\tom\Desktop\New folder
2014-10-03 09:56 - 2014-10-20 08:36 - 00000000 ____D () C:\FRST
2014-10-03 05:53 - 2014-10-20 08:30 - 00001671 _____ () C:\Windows\setupact.log
2014-10-03 05:53 - 2014-10-16 09:47 - 00007944 _____ () C:\Windows\PFRO.log
2014-10-03 05:53 - 2014-10-03 05:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 07:44 - 2014-10-02 07:44 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\TuneUp Software
2014-10-02 07:32 - 2014-10-02 07:32 - 00000000 ____D () C:\Users\concierge\AppData\Local\MFAData
2014-10-02 07:05 - 2014-09-24 16:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 07:05 - 2014-09-24 15:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 11:35 - 2014-10-01 11:35 - 00002406 _____ () C:\Windows\system32\.crusader
2014-10-01 11:08 - 2014-10-01 11:36 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-01 11:08 - 2014-10-01 11:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-01 11:05 - 2014-10-01 11:05 - 00000631 _____ () C:\Users\tom\Desktop\JRT.txt
2014-10-01 11:01 - 2014-10-01 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-10-01 10:59 - 2014-10-01 11:35 - 00000000 ____D () C:\AdwCleaner
2014-10-01 10:14 - 2014-10-01 10:14 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\GlarySoft
2014-10-01 09:57 - 2014-10-03 09:49 - 00000000 ____D () C:\Users\tom\AppData\Local\CrashDumps
2014-10-01 09:40 - 2014-10-01 09:40 - 00109296 _____ () C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 09:37 - 2014-10-01 09:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-10-01 09:36 - 2014-10-20 08:35 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-10-01 09:36 - 2014-10-20 08:34 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-10-01 09:36 - 2014-10-01 09:36 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-10-01 09:36 - 2014-10-01 09:36 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-10-01 09:36 - 2014-10-01 09:36 - 00001094 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-10-01 09:36 - 2014-10-01 09:36 - 00001082 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-10-01 09:36 - 2014-10-01 09:36 - 00000000 ____D () C:\Users\tom\AppData\Roaming\GlarySoft
2014-10-01 09:36 - 2014-10-01 09:36 - 00000000 ____D () C:\Users\tom\AppData\Roaming\DiskDefrag
2014-10-01 09:36 - 2014-10-01 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-09-29 10:38 - 2014-10-01 09:41 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 11:51 - 2014-10-01 09:22 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Urpaika
2014-09-28 11:50 - 2014-09-29 07:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Ucsuna
2014-09-24 06:33 - 2014-09-09 12:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 06:33 - 2014-09-09 11:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 06:47 - 2014-09-23 06:47 - 00061440 _____ () C:\Users\concierge\Desktop\Molokai Rodeo Program Work Sheet.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 08:44 - 2014-04-16 09:01 - 00000000 ____D () C:\Users\concierge
2014-10-20 08:38 - 2009-07-13 18:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:38 - 2009-07-13 18:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:35 - 2014-06-26 10:18 - 00000000 ____D () C:\Users\tom\AppData\Local\LogMeIn Rescue Applet
2014-10-20 08:34 - 2014-02-12 21:55 - 01193352 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:31 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 14:04 - 2014-05-12 10:04 - 00000000 ____D () C:\Users\concierge\AppData\Local\CrashDumps
2014-10-16 17:28 - 2009-07-13 18:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 12:21 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 10:07 - 2014-02-12 06:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-16 10:04 - 2014-02-12 06:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 10:02 - 2014-05-29 10:33 - 00000000 ____D () C:\Program Files\EPSON
2014-10-16 09:57 - 2014-05-29 10:33 - 00000000 ____D () C:\ProgramData\epson
2014-10-16 09:03 - 2014-02-12 21:55 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-16 08:38 - 2009-07-13 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 08:22 - 2014-06-26 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 08:17 - 2009-07-13 18:45 - 00413672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 08:14 - 2014-05-06 22:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 08:14 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 08:14 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 07:44 - 2014-07-14 07:05 - 00000000 ____D () C:\Users\concierge\AppData\Local\Citrix
2014-10-11 18:41 - 2011-02-10 04:33 - 00798884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 16:21 - 2014-04-16 14:44 - 00000000 ____D () C:\Users\concierge\Desktop\FEnglish
2014-10-09 09:35 - 2014-04-16 10:33 - 00000000 ____D () C:\Users\concierge\Desktop\Ambrosia-Pualoke
2014-10-08 06:41 - 2014-04-16 09:01 - 00001415 _____ () C:\Users\concierge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 06:38 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-08 06:38 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-08 06:38 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-08 06:38 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-08 06:38 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-06 11:34 - 2011-02-10 04:25 - 00000000 ____D () C:\Windows\panther
2014-10-03 12:52 - 2009-07-13 17:20 - 00000000 __RHD () C:\Users\Default
2014-10-03 12:50 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 05:53 - 2014-04-16 09:13 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-03 05:53 - 2014-04-16 09:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-02 12:03 - 2014-04-16 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\roomMaster for Windows
2014-10-02 07:48 - 2014-04-16 09:14 - 00000000 ____D () C:\Users\concierge\AppData\Local\Avg2014
2014-10-02 07:45 - 2014-04-16 09:13 - 00000000 ____D () C:\$AVG
2014-10-01 09:47 - 2014-02-12 06:12 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-29 17:00 - 2014-04-21 06:58 - 00000000 ____D () C:\Users\concierge\Desktop\Kalaupapa
2014-09-29 16:44 - 2009-07-13 19:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 07:46 - 2014-04-16 17:06 - 00000000 ____D () C:\Users\concierge\Desktop\gsa 2014
2014-09-28 12:28 - 2014-04-16 10:10 - 00002277 _____ () C:\Users\concierge\Desktop\rw5main - Shortcut.lnk
2014-09-26 15:29 - 2014-05-07 07:24 - 00000000 __SHD () C:\Users\concierge\AppData\Local\EmieUserList
 
Files to move or delete:
====================
C:\Users\tom\AppData\Local\Temp\conhost.exe
 
 
Some content of TEMP:
====================
C:\Users\concierge\AppData\Local\Temp\conhost.exe
C:\Users\concierge\AppData\Local\Temp\fpd.dll
C:\Users\concierge\AppData\Local\Temp\fpl.dll
C:\Users\concierge\AppData\Local\Temp\obupdat.exe
C:\Users\concierge\AppData\Local\Temp\omo.dll
C:\Users\concierge\AppData\Local\Temp\rlj.dll
C:\Users\concierge\AppData\Local\Temp\s.dll
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_42bb7dea.exe
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_acd34fdc.exe
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_bcc684c1.exe
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_c633ae24.exe
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_e5266b7f.exe
C:\Users\concierge\AppData\Local\Temp\UpdateFlashPlayer_ec1f840d.exe
C:\Users\tom\AppData\Local\Temp\conhost.exe
C:\Users\tom\AppData\Local\Temp\mkm.dll
C:\Users\tom\AppData\Local\Temp\obupdat.exe
C:\Users\tom\AppData\Local\Temp\omg.dll
C:\Users\tom\AppData\Local\Temp\som.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-16 17:33
 
==================== End Of Log ============================
 
ADDITIONAL.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by tom at 2014-10-20 08:48:09
Running from C:\Users\tom\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-8480DN (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Glary Utilities 5.9 (HKLM-x32\...\Glary Utilities 5) (Version: 5.9.0.16 - Glarysoft Ltd)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
16-10-2014 19:50:25 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
16-10-2014 19:54:59 Removed EPSON Advanced Printer Driver 4
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 16:34 - 2014-10-03 12:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00541A3E-FABA-4F95-B61D-393063573967} - System32\Tasks\Security Center Update - 445673937 => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [2014-09-06] () <==== ATTENTION
Task: {0E003354-BDC5-4579-89FD-E0276F576DB1} - System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB} => C:\Windows\system32\dmvuum.dll [2014-10-11] ()
Task: {3F7FA0B9-D521-4298-B92F-D87861C12A7A} - \adworld No Task File <==== ATTENTION
Task: {4B645C93-48F0-444D-911C-64C5A44C4F0C} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {51A34A7A-00D8-49A4-A0E1-8A1184FB12C7} - System32\Tasks\0214dUpdateInfo => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [2014-03-24] ()
Task: {702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09} - System32\Tasks\Security Center Update - 4140453936 => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [2014-07-18] () <==== ATTENTION
Task: {8E880F76-CF65-44B6-8054-5E356708A43C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-28] (Glarysoft Ltd)
Task: {9C206909-44AE-4E2F-A897-46CD3FD6F8D2} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-08] ()
Task: {BA321B80-BE52-4149-B568-481B39B09524} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12] (Adobe Systems Incorporated)
Task: {BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0} - System32\Tasks\Security Center Update - 2303538506 => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [2014-09-30] (Marsukafa Corporatien) <==== ATTENTION
Task: {C47BC529-573C-44B9-87A5-D7622D0E082E} - System32\Tasks\Security Center Update - 1598005408 => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [2014-08-16] (Marsukafa Corporatien) <==== ATTENTION
Task: {E50E43F1-6327-4B8C-B5E9-522498BE6048} - System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92} => C:\Windows\system32\gkseo.dll [2014-10-09] ()
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\Security Center Update - 1598005408.job => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2303538506.job => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4140453936.job => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 445673937.job => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-16 08:45 - 2012-12-04 20:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2014-10-11 13:23 - 2014-07-18 01:33 - 00287117 _____ () C:\Windows\SysWOW64\kufyqy.exe
2014-10-11 13:23 - 2014-09-06 15:43 - 00287117 _____ () C:\Windows\SysWOW64\hazubumya.exe
2014-02-12 06:12 - 2013-08-18 16:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-02-12 06:12 - 2013-08-18 16:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-06 15:43 - 2014-09-06 15:43 - 00287117 _____ () C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe
2014-02-12 06:04 - 2013-08-21 13:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-28 20:53 - 2014-09-28 20:53 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3247
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3348
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-884667269-1892758044-1726409162-500 - Administrator - Enabled) => C:\Users\Administrator.GSA-pc
concierge (S-1-5-21-884667269-1892758044-1726409162 - Administrator - Enabled)
Guest (S-1-5-21-884667269-1892758044-1726409162-501 - Limited - Disabled)
GuestServices (S-1-5-21-884667269-1892758044-1726409162-1000 - Administrator - Enabled) => C:\Users\GuestServices
tom (S-1-5-21-884667269-1892758044-1726409162-1001 - Administrator - Enabled) => C:\Users\tom
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2014 08:32:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/18/2014 02:54:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2014 02:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: noinmu.exe, version: 1.0.0.3, time stamp: 0x5433ee04
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x005a6ce9
Faulting process id: 0x2680
Faulting application start time: 0xnoinmu.exe0
Faulting application path: noinmu.exe1
Faulting module path: noinmu.exe2
Report Id: noinmu.exe3
 
Error: (10/17/2014 01:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: noinmu.exe, version: 1.0.0.3, time stamp: 0x5433ee04
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x005a6ce9
Faulting process id: 0x1558
Faulting application start time: 0xnoinmu.exe0
Faulting application path: noinmu.exe1
Faulting module path: noinmu.exe2
Report Id: noinmu.exe3
 
Error: (10/17/2014 01:52:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: noinmu.exe, version: 1.0.0.3, time stamp: 0x5433ee04
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x005a5a2f
Faulting process id: 0x2ba8
Faulting application start time: 0xnoinmu.exe0
Faulting application path: noinmu.exe1
Faulting module path: noinmu.exe2
Report Id: noinmu.exe3
 
Error: (10/17/2014 01:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: defrag.exe, version: 9.0.21022.8, time stamp: 0x542ec089
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0xffc
Faulting application start time: 0xdefrag.exe0
Faulting application path: defrag.exe1
Faulting module path: defrag.exe2
Report Id: defrag.exe3
 
Error: (10/17/2014 09:32:04 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: CTLCN BrtCTLCN: [2014/10/17 09:32:04.921]: [00004784]: brccMCtl.exe: ErrorMessage.cpp (0241)                  : -------- error code is [0x03031f04].
 
Error: (10/17/2014 09:31:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: CTLCN BrtCTLCN: [2014/10/17 09:31:34.446]: [00004784]: brccFCtl.dll: ### ERROR ### Scanning-Image Failed! lErrCode = 0x3031F04
 
Error: (10/17/2014 08:54:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2014 06:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/20/2014 08:31:02 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/20/2014 08:30:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:28:00 AM on ‎10/‎20/‎2014 was unexpected.
 
Error: (10/18/2014 02:53:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/17/2014 05:12:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (10/17/2014 05:12:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
 
Error: (10/17/2014 10:05:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (10/17/2014 09:00:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/17/2014 08:53:30 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (10/17/2014 08:53:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:51:12 AM on ‎10/‎17/‎2014 was unexpected.
 
Error: (10/17/2014 06:47:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (05/15/2014 08:29:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 766 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-03 12:11:54.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-03 12:11:54.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 90%
Total physical RAM: 4014.77 MB
Available physical RAM: 381.08 MB
Total Pagefile: 8027.73 MB
Available Pagefile: 2726.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.52 GB) (Free:394.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CF619733)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 20 October 2014 - 02:49 PM

Greetings and thank you for the information.

You need to either cut/paste FRST.exe onto the desktop or save fixlist.txt in the New folder directory.
 

Running from C:\Users\tom\Desktop\New folder


This computer is seriously infected. I have a step for you to take but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Windows\SysWOW64\kufyqy.exe
C:\Windows\SysWOW64\hazubumya.exe
C:\Users\concierge\AppData\Roaming\Duxiuf
C:\Users\concierge\AppData\Roaming\Irepwe
C:\Users\concierge\AppData\Roaming\Oworos
C:\Users\concierge\AppData\Roaming\Sapiwo
C:\ProgramData\j9tbgsdger04r
C:\Users\tom\AppData\Local\Temp
C:\Windows\system32\ekcpzf.dll
C:\Windows\system32\gkseo.dll
HKLM\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Egnunuhiud] => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM-x32\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [defrag.exe] => C:\ProgramData\j9tbgsdger04r\defrag.exe [336896 2014-10-13] (Microsoft Corporation)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [svchost86x.sys] => C:\Users\tom\AppData\Local\Temp\conhost.exe [153088 2014-10-15] (Microsoft) <===== ATTENTION
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
R2 SecurityCenterServer1598005408; C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer2303538506; C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer4140453936; C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] () [File not signed]
R2 SecurityCenterServer445673937; C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
2014-10-11 13:23 - 2014-10-11 22:00 - 00000822 _____ () C:\Windows\Tasks\Security Center Update - 4140453936.job
2014-10-11 13:23 - 2014-10-11 22:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 445673937.job
2014-10-11 13:23 - 2014-10-11 13:23 - 00003842 _____ () C:\Windows\System32\Tasks\Security Center Update - 4140453936
2014-10-11 13:23 - 2014-10-11 13:23 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 445673937
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Oworos
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Irepwe
2014-10-11 13:23 - 2014-09-06 15:43 - 00287117 _____ () C:\Windows\SysWOW64\hazubumya.exe
2014-10-11 13:23 - 2014-07-18 01:33 - 00287117 _____ () C:\Windows\SysWOW64\kufyqy.exe
2014-10-11 13:22 - 2014-10-11 13:22 - 00081408 _____ () C:\Windows\system32\dmvuum.dll
2014-10-11 13:22 - 2014-10-11 13:22 - 00003858 _____ () C:\Windows\System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB}
2014-10-09 13:02 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 1598005408.job
2014-10-09 13:02 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 1598005408
2014-10-09 13:02 - 2014-10-09 13:02 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-09 13:02 - 2014-10-09 13:02 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Sapiwo
2014-10-09 13:02 - 2014-09-30 16:30 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\irbauhok.exe
2014-10-09 13:02 - 2014-08-16 15:03 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\uzqiacinl.exe
2014-10-09 13:01 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 2303538506.job
2014-10-09 13:01 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 2303538506
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Duxiuf
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 _____ () C:\Windows\system32\umeqlia.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00081408 _____ () C:\Windows\system32\gkseo.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00003856 _____ () C:\Windows\System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92}
2014-09-28 11:51 - 2014-10-01 09:22 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Urpaika
2014-09-28 11:50 - 2014-09-29 07:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Ucsuna
C:\Users\concierge\AppData\Local\Temp
Task: {00541A3E-FABA-4F95-B61D-393063573967} - System32\Tasks\Security Center Update - 445673937 => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [2014-09-06] () <==== ATTENTION
Task: {0E003354-BDC5-4579-89FD-E0276F576DB1} - System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB} => C:\Windows\system32\dmvuum.dll [2014-10-11] ()
Task: {3F7FA0B9-D521-4298-B92F-D87861C12A7A} - \adworld No Task File <==== ATTENTION
Task: {702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09} - System32\Tasks\Security Center Update - 4140453936 => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [2014-07-18] () <==== ATTENTION
Task: {BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0} - System32\Tasks\Security Center Update - 2303538506 => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [2014-09-30] (Marsukafa Corporatien) <==== ATTENTION
Task: {C47BC529-573C-44B9-87A5-D7622D0E082E} - System32\Tasks\Security Center Update - 1598005408 => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [2014-08-16] (Marsukafa Corporatien) <==== ATTENTION
Task: {E50E43F1-6327-4B8C-B5E9-522498BE6048} - System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92} => C:\Windows\system32\gkseo.dll [2014-10-09] ()
Task: C:\Windows\Tasks\Security Center Update - 1598005408.job => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2303538506.job => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4140453936.job => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 445673937.job => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3247
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3348
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is the computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 22 October 2014 - 11:42 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by tom at 2014-10-20 10:46:22 Run:2
Running from C:\Users\tom\Desktop\New folder
Loaded Profile: tom (Available profiles: GuestServices & tom & concierge & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Windows\SysWOW64\kufyqy.exe
C:\Windows\SysWOW64\hazubumya.exe
C:\Users\concierge\AppData\Roaming\Duxiuf
C:\Users\concierge\AppData\Roaming\Irepwe
C:\Users\concierge\AppData\Roaming\Oworos
C:\Users\concierge\AppData\Roaming\Sapiwo
C:\ProgramData\j9tbgsdger04r
C:\Users\tom\AppData\Local\Temp
C:\Windows\system32\ekcpzf.dll
C:\Windows\system32\gkseo.dll
HKLM\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Egnunuhiud] => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien)
HKLM-x32\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKLM-x32\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
HKLM-x32\...\Run: [defrag.exe] => C:\ProgramData\j9tbgsdger04r\defrag.exe [336896 2014-10-13] (Microsoft Corporation)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Doedehpoy] => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] ()
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Egxasy] => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien)
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [svchost86x.sys] => C:\Users\tom\AppData\Local\Temp\conhost.exe [153088 2014-10-15] (Microsoft) <===== ATTENTION
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\...\Run: [Ycurfeci] => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] ()
R2 SecurityCenterServer1598005408; C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [282188 2014-08-16] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer2303538506; C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [282188 2014-09-30] (Marsukafa Corporatien) [File not signed]
R2 SecurityCenterServer4140453936; C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [287117 2014-07-18] () [File not signed]
R2 SecurityCenterServer445673937; C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [287117 2014-09-06] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
2014-10-11 13:23 - 2014-10-11 22:00 - 00000822 _____ () C:\Windows\Tasks\Security Center Update - 4140453936.job
2014-10-11 13:23 - 2014-10-11 22:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 445673937.job
2014-10-11 13:23 - 2014-10-11 13:23 - 00003842 _____ () C:\Windows\System32\Tasks\Security Center Update - 4140453936
2014-10-11 13:23 - 2014-10-11 13:23 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 445673937
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Oworos
2014-10-11 13:23 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Irepwe
2014-10-11 13:23 - 2014-09-06 15:43 - 00287117 _____ () C:\Windows\SysWOW64\hazubumya.exe
2014-10-11 13:23 - 2014-07-18 01:33 - 00287117 _____ () C:\Windows\SysWOW64\kufyqy.exe
2014-10-11 13:22 - 2014-10-11 13:22 - 00081408 _____ () C:\Windows\system32\dmvuum.dll
2014-10-11 13:22 - 2014-10-11 13:22 - 00003858 _____ () C:\Windows\System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB}
2014-10-09 13:02 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 1598005408.job
2014-10-09 13:02 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 1598005408
2014-10-09 13:02 - 2014-10-09 13:02 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-09 13:02 - 2014-10-09 13:02 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Sapiwo
2014-10-09 13:02 - 2014-09-30 16:30 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\irbauhok.exe
2014-10-09 13:02 - 2014-08-16 15:03 - 00282188 _____ (Marsukafa Corporatien) C:\Windows\SysWOW64\uzqiacinl.exe
2014-10-09 13:01 - 2014-10-09 21:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 2303538506.job
2014-10-09 13:01 - 2014-10-09 13:02 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 2303538506
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Duxiuf
2014-10-09 13:01 - 2014-10-09 13:01 - 00000000 _____ () C:\Windows\system32\umeqlia.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00081408 _____ () C:\Windows\system32\gkseo.dll
2014-10-09 13:00 - 2014-10-09 13:00 - 00003856 _____ () C:\Windows\System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92}
2014-09-28 11:51 - 2014-10-01 09:22 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Urpaika
2014-09-28 11:50 - 2014-09-29 07:23 - 00000000 ____D () C:\Users\concierge\AppData\Roaming\Ucsuna
C:\Users\concierge\AppData\Local\Temp
Task: {00541A3E-FABA-4F95-B61D-393063573967} - System32\Tasks\Security Center Update - 445673937 => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe [2014-09-06] () <==== ATTENTION
Task: {0E003354-BDC5-4579-89FD-E0276F576DB1} - System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB} => C:\Windows\system32\dmvuum.dll [2014-10-11] ()
Task: {3F7FA0B9-D521-4298-B92F-D87861C12A7A} - \adworld No Task File <==== ATTENTION
Task: {702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09} - System32\Tasks\Security Center Update - 4140453936 => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe [2014-07-18] () <==== ATTENTION
Task: {BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0} - System32\Tasks\Security Center Update - 2303538506 => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe [2014-09-30] (Marsukafa Corporatien) <==== ATTENTION
Task: {C47BC529-573C-44B9-87A5-D7622D0E082E} - System32\Tasks\Security Center Update - 1598005408 => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe [2014-08-16] (Marsukafa Corporatien) <==== ATTENTION
Task: {E50E43F1-6327-4B8C-B5E9-522498BE6048} - System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92} => C:\Windows\system32\gkseo.dll [2014-10-09] ()
Task: C:\Windows\Tasks\Security Center Update - 1598005408.job => C:\Users\concierge\AppData\Roaming\Sapiwo\apugk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2303538506.job => C:\Users\concierge\AppData\Roaming\Duxiuf\ylmis.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4140453936.job => C:\Users\concierge\AppData\Roaming\Oworos\noinmu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 445673937.job => C:\Users\concierge\AppData\Roaming\Irepwe\ixpuq.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3247
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3348
*****************
 
"C:\Windows\SysWOW64\kufyqy.exe" => File/Directory not found.
"C:\Windows\SysWOW64\hazubumya.exe" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Duxiuf" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Irepwe" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Oworos" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Sapiwo" => File/Directory not found.
"C:\ProgramData\j9tbgsdger04r" => File/Directory not found.
 
"C:\Users\tom\AppData\Local\Temp" directory move:
 
Could not move "C:\Users\tom\AppData\Local\Temp\conhost.exe" => Scheduled to move on reboot.
C:\Users\tom\AppData\Local\Temp\dat4ED3.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat4F41.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat4F52.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat4F62.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat4FC1.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat543B.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat8C16.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dat91E4.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\datC761.tmp => Moved successfully.
C:\Users\tom\AppData\Local\Temp\dnp.dll => Moved successfully.
Could not move "C:\Users\tom\AppData\Local\Temp\fla5247.tmp" => Scheduled to move on reboot.
Could not move "C:\Users\tom\AppData\Local\Temp\fla6A29.tmp" => Scheduled to move on reboot.
Could not move "C:\Users\tom\AppData\Local\Temp\flaC718.tmp" => Scheduled to move on reboot.
Could not move "C:\Users\tom\AppData\Local\Temp\flaDE29.tmp" => Scheduled to move on reboot.
Could not move "C:\Users\tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\tom\AppData\Local\Temp\obupdat.exe => Moved successfully.
Could not move "C:\Users\tom\AppData\Local\Temp\~DFE04B60DA7730A3F9.TMP" => Scheduled to move on reboot.
Could not move "C:\Users\tom\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\ekcpzf.dll" => Scheduled to move on reboot.
"C:\Windows\system32\gkseo.dll" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Egxasy => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Doedehpoy => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ycurfeci => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Egxasy => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Egnunuhiud => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Doedehpoy => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ycurfeci => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\defrag.exe => Value not found.
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Doedehpoy => Value not found.
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Egxasy => value deleted successfully.
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchost86x.sys => value deleted successfully.
HKU\S-1-5-21-884667269-1892758044-1726409162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ycurfeci => value deleted successfully.
SecurityCenterServer1598005408 => Service not found.
SecurityCenterServer2303538506 => Service not found.
SecurityCenterServer4140453936 => Service not found.
SecurityCenterServer445673937 => Service not found.
catchme => Service not found.
IntcAzAudAddService => Service not found.
"C:\Windows\Tasks\Security Center Update - 4140453936.job" => File/Directory not found.
"C:\Windows\Tasks\Security Center Update - 445673937.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Security Center Update - 4140453936" => File/Directory not found.
"C:\Windows\System32\Tasks\Security Center Update - 445673937" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Oworos" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Irepwe" => File/Directory not found.
"C:\Windows\SysWOW64\hazubumya.exe" => File/Directory not found.
"C:\Windows\SysWOW64\kufyqy.exe" => File/Directory not found.
"C:\Windows\system32\dmvuum.dll" => File/Directory not found.
"C:\Windows\System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB}" => File/Directory not found.
"C:\Windows\Tasks\Security Center Update - 1598005408.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Security Center Update - 1598005408" => File/Directory not found.
"C:\Windows\SysWOW64\u" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Sapiwo" => File/Directory not found.
"C:\Windows\SysWOW64\irbauhok.exe" => File/Directory not found.
"C:\Windows\SysWOW64\uzqiacinl.exe" => File/Directory not found.
"C:\Windows\Tasks\Security Center Update - 2303538506.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Security Center Update - 2303538506" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Duxiuf" => File/Directory not found.
Could not move "C:\Windows\system32\umeqlia.dll" => Scheduled to move on reboot.
"C:\Windows\system32\gkseo.dll" => File/Directory not found.
"C:\Windows\System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92}" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Urpaika" => File/Directory not found.
"C:\Users\concierge\AppData\Roaming\Ucsuna" => File/Directory not found.
"C:\Users\concierge\AppData\Local\Temp" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00541A3E-FABA-4F95-B61D-393063573967}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00541A3E-FABA-4F95-B61D-393063573967}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 445673937 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 445673937" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E003354-BDC5-4579-89FD-E0276F576DB1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E003354-BDC5-4579-89FD-E0276F576DB1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C7976CF-472A-10C7-CD25-5F3DEDA30DAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F7FA0B9-D521-4298-B92F-D87861C12A7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7FA0B9-D521-4298-B92F-D87861C12A7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\adworld" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{702BBC8A-DC6F-4DEA-9A69-3DC7B5D1EB09}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4140453936 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4140453936" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAF8D792-2BCD-4D5C-85F7-E5809F4EEEE0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2303538506 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2303538506" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C47BC529-573C-44B9-87A5-D7622D0E082E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C47BC529-573C-44B9-87A5-D7622D0E082E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1598005408 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1598005408" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E50E43F1-6327-4B8C-B5E9-522498BE6048}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E50E43F1-6327-4B8C-B5E9-522498BE6048}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B2A220B-BBBB-A784-3EF9-F785CD8CBD92}" => Key deleted successfully.
C:\Windows\Tasks\Security Center Update - 1598005408.job not found.
C:\Windows\Tasks\Security Center Update - 2303538506.job not found.
C:\Windows\Tasks\Security Center Update - 4140453936.job not found.
C:\Windows\Tasks\Security Center Update - 445673937.job not found.
C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3247" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3348" ADS removed successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-20 10:49:18)<=
 
C:\Users\tom\AppData\Local\Temp\conhost.exe => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\fla5247.tmp => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\fla6A29.tmp => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\flaC718.tmp => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\flaDE29.tmp => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\tom\AppData\Local\Temp\~DFE04B60DA7730A3F9.TMP => Is moved successfully.
C:\Users\tom\AppData\Local\Temp => Is moved successfully.
C:\Windows\system32\ekcpzf.dll => Is moved successfully.
C:\Windows\system32\umeqlia.dll => Is moved successfully.
 
==== End of Fixlog ====
 
The computer is operating significantly faster but theres still several processes running larger than normal. "svchost.exe x 12 and  cipher.exe x 11"


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 22 October 2014 - 12:38 PM

Great, we made some progress. Please do this.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 26 October 2014 - 01:59 PM

Greetings,

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 29 October 2014 - 02:26 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 31 October 2014 - 05:32 AM

Sorry i have been out of work for the past couple of days. I will perform all tests today once i clock in.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 31 October 2014 - 07:52 AM

Thanks for the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 04 November 2014 - 09:42 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 PM

Posted 06 November 2014 - 03:09 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users