Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 hooterbif

hooterbif

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 October 2014 - 01:33 PM

I notice a dozen or so dllhost processes in taskmanager. They take up a lot of memory and CPU power. When I kill them all, they start back up about 5 minutes later. 

 

I have attached dds.txt, frst.txt, and addition.txt.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 20 October 2014 - 01:57 PM

Please uninstall:-

- Savings Bond Wizard

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 October 2014 - 02:34 PM

Thank you for your help. I did the four steps. Here are the logs.

 

# AdwCleaner v4.000 - Report created 20/10/2014 at 15:10:52
# Updated 12/10/2014 by Xplode
# Database : 2014-10-19.11
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : dffpci - PREDATOR
# Running from : C:\Users\dffpci\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\AGI
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Playbryte
Folder Found : C:\ProgramData\AGI
Folder Found : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Found : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Found : C:\Users\dffpci\AppData\Local\Temp\Spigot
Folder Found : C:\Users\dffpci\AppData\LocalLow\AGI
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\AGI
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AGI
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222092200}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.10
Key Found : HKLM\SOFTWARE\Playbryte
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [5316 octets] - [20/10/2014 15:10:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5376 octets] ##########
 
# AdwCleaner v4.000 - Report created 20/10/2014 at 15:14:03
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : dffpci - PREDATOR
# Running from : C:\Users\dffpci\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\Program Files (x86)\AGI
Folder Deleted : C:\Users\dffpci\AppData\LocalLow\AGI
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Users\dffpci\AppData\Local\Temp\Spigot
Folder Deleted : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Deleted : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\END
File Deleted : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222092200}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AGI
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.10
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.104
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5500 octets] - [20/10/2014 15:10:52]
AdwCleaner[S0].txt - [5115 octets] - [20/10/2014 15:14:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5175 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/20/2014
Scan Time: 3:16:14 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.20.04
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: dffpci
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 534168
Time Elapsed: 10 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Enterprise x64
Ran by dffpci on Mon 10/20/2014 at 15:28:00.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] couponprinterservice 
Successfully deleted: [Service] couponprinterservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\dffpci\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/20/2014 at 15:30:26.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by dffpci (administrator) on PREDATOR on 20-10-2014 15:31:33
Running from C:\Users\dffpci\Desktop\New folder
Loaded Profiles: dffpci & UpdatusUser (Available profiles: dffpci & Chiara & Gem & UpdatusUser & temp)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Retrospect, Inc) C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Akamai Technologies, Inc.) C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7620\Webshots.scr
(Dell) C:\Users\dffpci\AppData\Local\Apps\2.0\WCXWABCB.GOT\6RPTZXO6.EZT\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-03-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-01] ()
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Akamai NetSession Interface] => C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Google Update] => C:\Users\dffpci\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-13] (Google Inc.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [DellSystemDetect] => C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Google+ Auto Backup] => "C:\Users\dffpci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [GoogleChromeAutoLaunch_5C6A19454B043F2CB7AC6D5BBFC6B3DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\MountPoints2: {83687d14-5ddf-11e3-98f1-74e54355db0f} - J:\MI.exe
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
Startup: C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDAADEC3642A9CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IEHlprObj Class -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\lotus\org6\organize\iehelper.dll ()
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} http://192.168.1.14:88/FSIPCam.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {98703E7E-E705-4043-8FCE-E828D9C1EEAD} http://67.247.182.8:89/IPCWebComponents.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://axis8e2f25.axiscam.net/activex/AMC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [77824 2001-04-11] (Qualcomm Inc.)
Tcpip\Parameters: [DhcpNameServer] 129.21.3.17 129.21.4.18
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dffpci\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dffpci\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dffpci\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dffpci\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/news
CHR StartupUrls: Default -> "", "hxxp://www.google.com/"
CHR Profile: C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ZIG Scroll Bar - Pure CSS (Wider Version)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\amecdgjendemfplkokhllpbmmlpddoaf [2014-06-10]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-06-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10]
CHR Extension: (Adblock Plus) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-10]
CHR Extension: (Google Search) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10]
CHR Extension: (Vimium) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2014-06-10]
CHR Extension: (Stylish) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-06-10]
CHR Extension: (Full Screen Weather) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-06-10]
CHR Extension: (Atari - Centipede) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh [2014-06-10]
CHR Extension: (Yesware Email Tracking) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-07-04]
CHR Extension: (IE Tab) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-10]
CHR Extension: (Google Voice (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-10]
CHR Extension: (Atari - Battlezone) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlhdokojmnkodfdbmcmkefgomjfmemj [2014-06-10]
CHR Extension: (Atari - Tempest) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdjocancddgfnbhedkaefjdomdcaf [2014-06-10]
CHR Extension: (SparkChess 7) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-06-10]
CHR Extension: (Auto HD For YouTube™) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-06-10]
CHR Extension: (Google Maps) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-10]
CHR Extension: (Ghostery) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-10]
CHR Extension: (Hangouts) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-10]
CHR Extension: (Google Wallet) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-06-10]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-06-10]
CHR Extension: (Atari - Missile Command) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg [2014-06-10]
CHR Extension: (Page Monitor) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-10]
CHR Extension: (Gmail) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-11-01] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RetroLauncher; C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe [128896 2012-03-02] (Retrospect, Inc)
S2 Retrospect Helper; C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe [213888 2012-03-02] (Retrospect, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-10-13] (Broadcom Corporation.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-17] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-11-01] (NVIDIA Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 15:27 - 2014-10-20 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 15:10 - 2014-10-20 15:14 - 00000000 ____D () C:\AdwCleaner
2014-10-20 15:10 - 2014-10-20 15:13 - 00000000 ____D () C:\Users\dffpci\Desktop\dllhost infection - Virus, Trojan, Spyware, and Malware Removal Logs_files
2014-10-20 14:30 - 2014-10-20 14:30 - 00002014 _____ () C:\Users\dffpci\Downloads\fixlist (1).txt
2014-10-20 14:26 - 2014-10-20 15:31 - 00000000 ____D () C:\Users\dffpci\Desktop\New folder
2014-10-20 14:06 - 2014-10-20 14:06 - 00001228 _____ () C:\Users\dffpci\Downloads\fixlist.txt
2014-10-20 14:03 - 2014-10-20 15:31 - 00000000 ____D () C:\FRST
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\KSafe
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\ProgramData\KSafe
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\Program Files (x86)\DllTool
2014-10-20 13:55 - 2014-10-20 13:55 - 08473440 _____ ( ) C:\Users\dffpci\Downloads\DllTool.exe
2014-10-20 13:50 - 2014-10-20 13:50 - 32601272 _____ (Microsoft Corporation) C:\Users\dffpci\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-20 13:45 - 2014-10-20 13:45 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\dffpci\Downloads\tdsskiller.exe
2014-10-20 11:32 - 2014-10-20 15:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 11:32 - 2014-10-20 11:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 11:32 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 11:32 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 11:31 - 2014-10-20 11:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\dffpci\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 13:05 - 1999-12-14 08:54 - 32957848 _____ () C:\Users\dffpci\Desktop\CHEVY.AVI
2014-10-18 13:00 - 2014-10-18 13:13 - 31961704 _____ () C:\Users\dffpci\Desktop\NASA briefing 10-28-2014 v2.pptx
2014-10-18 12:36 - 2014-10-17 18:26 - 09483284 _____ () C:\Users\dffpci\Desktop\ESO briefing 11-03-2014.pptx
2014-10-16 09:37 - 2014-10-16 09:37 - 10926080 _____ () C:\Users\dffpci\Downloads\PN junction, diodes, transistors, circuits.ppt
2014-10-15 16:43 - 2014-10-15 16:43 - 00072261 _____ () C:\Users\dffpci\Downloads\Copy of NSF grants list2.xlsx
2014-10-15 09:42 - 2014-10-17 18:12 - 18348747 _____ () C:\Users\dffpci\Desktop\Raytheon briefing 10-30-2014.pptx
2014-10-15 06:57 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 06:57 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 06:57 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 06:57 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 06:57 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 06:57 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 06:57 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 06:57 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 06:57 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 06:57 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 06:57 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 06:57 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 06:57 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 06:57 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 06:57 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 06:57 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 06:57 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 06:57 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 06:57 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 06:57 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 06:57 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 06:57 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 06:57 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 06:57 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 06:57 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:57 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 06:57 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 06:57 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:57 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 06:57 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 06:57 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 06:57 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 06:57 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 06:57 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 06:57 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 06:57 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 06:57 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 06:57 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 06:57 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 06:57 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 06:57 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 06:57 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:57 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 06:57 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 06:57 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 06:57 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 06:57 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 06:57 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 06:57 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 06:57 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 06:57 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 06:57 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 06:57 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 06:57 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 06:57 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 06:57 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 06:57 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 06:57 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 06:57 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 06:57 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 06:57 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 06:57 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 06:57 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 06:57 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 06:57 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 06:57 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 06:57 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 06:57 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 06:57 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 06:57 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 06:57 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 06:57 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 06:57 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 06:57 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 06:57 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 06:57 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 06:57 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 06:57 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 06:57 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 06:56 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 06:56 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 06:56 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 06:56 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 06:56 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 06:56 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 06:56 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 06:56 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 06:56 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 06:56 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 06:56 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 06:56 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 06:56 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 06:56 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 06:56 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 06:56 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 06:56 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 17:39 - 2014-10-14 17:43 - 00000029 _____ () C:\Users\dffpci\Desktop\skaneatles.txt
2014-10-09 12:05 - 2014-10-09 12:05 - 00000778 _____ () C:\Users\dffpci\Downloads\onky-bgswitch.js
2014-10-07 22:41 - 2014-10-07 22:41 - 00303802 _____ () C:\Users\dffpci\Downloads\HW7 Download Oct 7, 2014 1041 PM.zip
2014-10-06 10:22 - 2014-10-15 17:04 - 00000122 _____ () C:\Users\dffpci\Desktop\props.txt
2014-10-04 10:47 - 2014-10-04 10:47 - 00141440 _____ () C:\Users\dffpci\Downloads\Technology Gaps for GM-APD Array-based Detectors.pptx
2014-10-03 10:35 - 2014-10-03 10:35 - 00004096 ____H () C:\Users\dffpci\AppData\Local\keyfile3.drm
2014-10-02 15:08 - 2014-10-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 09:54 - 2014-10-02 10:43 - 00014269 _____ () C:\Users\dffpci\Documents\estimate.xlsx
2014-10-01 10:55 - 2014-10-01 13:51 - 00000044 _____ () C:\Users\dffpci\Desktop\todo.txt
2014-10-01 10:23 - 2014-10-01 10:23 - 55303020 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 3.mp4
2014-10-01 10:23 - 2014-10-01 10:23 - 50926980 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 2.mp4
2014-10-01 10:23 - 2014-10-01 10:23 - 50737265 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 1.mp4
2014-10-01 06:55 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:55 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 19:44 - 2014-09-30 19:45 - 07222741 _____ () C:\Users\dffpci\Downloads\FI9821W V2.zip
2014-09-30 10:10 - 2014-09-30 10:11 - 12941875 _____ () C:\Users\dffpci\Downloads\FI9821W V2-2.11.2.8-20140408.zip
2014-09-30 08:24 - 2014-09-30 08:25 - 17469986 _____ () C:\Users\dffpci\Downloads\FI9821W V2-2.11.1.6-20140219.zip
2014-09-30 08:17 - 2014-09-30 08:17 - 07222741 _____ () C:\Users\dffpci\Downloads\2.x.1.10-20140516 for all HD cameras.zip
2014-09-26 15:57 - 2014-09-26 15:57 - 00324990 _____ () C:\Users\dffpci\Downloads\VIRGO-F3 Forward Bias.pptx
2014-09-26 14:30 - 2014-09-26 14:30 - 00000000 ____D () C:\67.247.182.8
2014-09-26 12:41 - 2014-09-26 13:18 - 00000462 _____ () C:\Users\dffpci\Desktop\notes.txt
2014-09-25 10:55 - 2014-09-25 10:56 - 00000220 _____ () C:\Users\dffpci\Desktop\probe.txt
2014-09-24 14:36 - 2014-09-24 14:36 - 00594162 _____ () C:\Users\dffpci\Downloads\HW5 Download Sep 24, 2014 236 PM.zip
2014-09-24 06:54 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 06:54 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:52 - 2014-09-23 13:52 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-22 11:13 - 2014-09-22 11:13 - 00000000 ____D () C:\Users\dffpci\.ocs15
2014-09-22 09:53 - 2014-09-22 09:55 - 84877663 _____ () C:\Users\dffpci\Downloads\pit_2015A.1.1.0_windows.exe
2014-09-20 22:36 - 2014-09-20 22:36 - 00000151 _____ () C:\Users\dffpci\Desktop\Peter Thiel- the billionaire tech entrepreneur on a mission to cheat death - Telegraph.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 15:31 - 2012-10-12 22:16 - 01334784 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 15:30 - 2012-10-12 23:59 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-10-20 15:28 - 2013-04-20 13:47 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-10-20 15:22 - 2009-07-14 00:45 - 00012416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 15:22 - 2009-07-14 00:45 - 00012416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 15:21 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 15:15 - 2012-10-12 23:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 15:15 - 2012-10-12 23:42 - 00000000 ____D () C:\Users\dffpci\AppData\Local\Deployment
2014-10-20 15:14 - 2013-08-13 21:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-20 15:14 - 2012-10-12 23:47 - 00665456 _____ () C:\Windows\PFRO.log
2014-10-20 15:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 15:14 - 2009-07-14 00:51 - 00063218 _____ () C:\Windows\setupact.log
2014-10-20 15:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2014-10-20 14:54 - 2013-02-27 17:44 - 00000000 ____D () C:\Users\dffpci\Documents\Outlook Files
2014-10-20 14:52 - 2012-10-12 23:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 14:41 - 2012-10-19 15:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000UA.job
2014-10-20 13:10 - 2012-10-13 20:53 - 00000000 ____D () C:\Users\dffpci\Documents\Retrospect Catalog Files
2014-10-20 13:10 - 2012-10-13 11:34 - 00000000 ____D () C:\ProgramData\Retrospect
2014-10-20 13:08 - 2012-12-08 16:36 - 00007626 _____ () C:\Users\dffpci\AppData\Local\Resmon.ResmonCfg
2014-10-20 12:28 - 2009-07-14 03:23 - 00000000 ____D () C:\Windows\CSC
2014-10-20 11:41 - 2012-10-13 00:23 - 00000000 ____D () C:\Users\dffpci\AppData\Local\Broadcom
2014-10-20 11:41 - 2009-07-14 03:23 - 00000000 ____D () C:\Windows\ShellNew
2014-10-20 11:32 - 2012-10-30 19:38 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Malwarebytes
2014-10-20 11:32 - 2012-10-30 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 08:50 - 2012-10-13 00:29 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Azureus
2014-10-19 16:41 - 2012-10-19 15:32 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000Core.job
2014-10-19 16:24 - 2012-10-13 01:53 - 00002300 ____H () C:\Users\dffpci\Documents\Default.rdp
2014-10-19 15:37 - 2012-10-13 01:21 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Skype
2014-10-19 12:21 - 2014-06-12 14:42 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-19 12:21 - 2012-10-13 01:57 - 00006997 _____ () C:\Windows\system32\lvcoinst.log
2014-10-19 10:51 - 2012-10-13 15:51 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\vlc
2014-10-18 16:47 - 2012-10-12 23:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 16:47 - 2012-10-12 23:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 16:36 - 2012-10-19 15:32 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000UA
2014-10-18 16:36 - 2012-10-19 15:32 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000Core
2014-10-18 13:05 - 2013-03-07 11:27 - 00008704 _____ () C:\Users\dffpci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-15 19:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 07:46 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 07:44 - 2009-07-14 00:45 - 05031392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 07:44 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 07:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 07:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 07:09 - 2012-10-12 23:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 07:07 - 2013-07-20 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 06:57 - 2012-10-13 02:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-09 14:35 - 2012-11-01 10:37 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Mozilla
2014-10-03 16:06 - 2014-01-10 10:25 - 00000133 _____ () C:\Users\dffpci\Desktop\NETGEAR Router WNDR3700v3.url
2014-10-03 16:04 - 2014-01-06 16:07 - 00000122 _____ () C:\Users\dffpci\Desktop\IPCam Client remote 89.url
2014-10-03 16:04 - 2013-12-13 11:26 - 00000122 _____ () C:\Users\dffpci\Desktop\IPCam Client remote 88.url
2014-10-02 18:15 - 2012-12-17 16:52 - 00011376 _____ () C:\Users\dffpci\gsview64.ini
2014-10-02 15:08 - 2012-12-03 14:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 15:08 - 2012-10-13 01:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:11 - 2012-10-30 19:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-26 14:33 - 2012-10-13 00:20 - 00000000 ____D () C:\figerdev
2014-09-23 13:52 - 2013-10-16 08:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 13:52 - 2012-10-19 00:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 11:13 - 2012-10-12 22:14 - 00000000 ____D () C:\Users\dffpci
2014-09-22 09:57 - 2013-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini
2014-09-22 09:57 - 2013-09-20 10:15 - 00000000 ____D () C:\Program Files (x86)\Gemini
 
Some content of TEMP:
====================
C:\Users\dffpci\AppData\Local\Temp\6_Offer_17.exe
C:\Users\dffpci\AppData\Local\Temp\HPInstaller.exe
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\dffpci\AppData\Local\Temp\nvStInst.exe
C:\Users\dffpci\AppData\Local\Temp\Quarantine.exe
C:\Users\dffpci\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\dffpci\AppData\Local\Temp\sqlite3.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite18544.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite21408.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite23224.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite40388.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite43609.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite55483.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite82150.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite83463.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90472.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90649.dll
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:00
 
==================== End Of Log ============================
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 20 October 2014 - 03:12 PM

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 October 2014 - 03:52 PM

I did those two steps. Here are the logs.
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by dffpci at 2014-10-20 16:19:43 Run:1
Running from C:\Users\dffpci\Desktop\New folder
Loaded Profiles: dffpci & UpdatusUser (Available profiles: dffpci & Chiara & Gem & UpdatusUser & temp)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\MountPoints2: {83687d14-5ddf-11e3-98f1-74e54355db0f} - J:\MI.exe
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\dffpci\AppData\Local\Temp\6_Offer_17.exe
C:\Users\dffpci\AppData\Local\Temp\HPInstaller.exe
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\dffpci\AppData\Local\Temp\nvStInst.exe
C:\Users\dffpci\AppData\Local\Temp\Quarantine.exe
C:\Users\dffpci\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\dffpci\AppData\Local\Temp\sqlite3.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite18544.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite21408.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite23224.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite40388.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite43609.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite55483.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite82150.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite83463.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90472.dll
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90649.dll
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.5-win32.exe
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-4114197926-80728629-3053230720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83687d14-5ddf-11e3-98f1-74e54355db0f}" => Key deleted successfully.
"HKCR\CLSID\{83687d14-5ddf-11e3-98f1-74e54355db0f}" => Key not found.
"HKU\S-1-5-21-4114197926-80728629-3053230720-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4114197926-80728629-3053230720-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
C:\Users\dffpci\AppData\Local\Temp\6_Offer_17.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\HPInstaller.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite18544.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite21408.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite23224.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite40388.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite43609.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite55483.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite82150.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite83463.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90472.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\System.Data.SQLite90649.dll => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\dffpci\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
EmptyTemp: => Removed 6.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by dffpci (administrator) on PREDATOR on 20-10-2014 16:49:42
Running from C:\Users\dffpci\Desktop\New folder
Loaded Profile: dffpci (Available profiles: dffpci & Chiara & Gem & UpdatusUser & temp)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Retrospect, Inc) C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Akamai Technologies, Inc.) C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google Inc.) C:\Users\dffpci\AppData\Local\Google\Update\GoogleUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Google Inc.) C:\Users\dffpci\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe
(Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7620\Webshots.scr
(Dell) C:\Users\dffpci\AppData\Local\Apps\2.0\WCXWABCB.GOT\6RPTZXO6.EZT\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\dffpci\AppData\Local\IE Tab\7.7.2.1\ietabhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-03-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-01] ()
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Akamai NetSession Interface] => C:\Users\dffpci\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Google Update] => C:\Users\dffpci\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-13] (Google Inc.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [DellSystemDetect] => C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [Google+ Auto Backup] => "C:\Users\dffpci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4114197926-80728629-3053230720-1000\...\Run: [GoogleChromeAutoLaunch_5C6A19454B043F2CB7AC6D5BBFC6B3DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\dffpci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
Startup: C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDAADEC3642A9CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IEHlprObj Class -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\lotus\org6\organize\iehelper.dll ()
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} http://192.168.1.14:88/FSIPCam.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {98703E7E-E705-4043-8FCE-E828D9C1EEAD} http://67.247.182.8:89/IPCWebComponents.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://axis8e2f25.axiscam.net/activex/AMC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [77824 2001-04-11] (Qualcomm Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dffpci\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dffpci\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dffpci\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dffpci\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dffpci\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/news
CHR StartupUrls: Default -> "", "hxxp://www.google.com/"
CHR Profile: C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ZIG Scroll Bar - Pure CSS (Wider Version)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\amecdgjendemfplkokhllpbmmlpddoaf [2014-06-10]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-06-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10]
CHR Extension: (Adblock Plus) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-10]
CHR Extension: (Google Search) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10]
CHR Extension: (Vimium) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2014-06-10]
CHR Extension: (Stylish) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-06-10]
CHR Extension: (Full Screen Weather) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-06-10]
CHR Extension: (Atari - Centipede) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh [2014-06-10]
CHR Extension: (Yesware Email Tracking) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-07-04]
CHR Extension: (IE Tab) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-10]
CHR Extension: (Google Voice (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-10]
CHR Extension: (Atari - Battlezone) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlhdokojmnkodfdbmcmkefgomjfmemj [2014-06-10]
CHR Extension: (Atari - Tempest) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdjocancddgfnbhedkaefjdomdcaf [2014-06-10]
CHR Extension: (SparkChess 7) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-06-10]
CHR Extension: (Auto HD For YouTube™) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-06-10]
CHR Extension: (Google Maps) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-10]
CHR Extension: (Ghostery) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-10]
CHR Extension: (Hangouts) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-10]
CHR Extension: (Google Wallet) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-06-10]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-06-10]
CHR Extension: (Atari - Missile Command) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg [2014-06-10]
CHR Extension: (Page Monitor) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-10]
CHR Extension: (Gmail) - C:\Users\dffpci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-11-01] (NVIDIA Corporation)
S2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RetroLauncher; C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe [128896 2012-03-02] (Retrospect, Inc)
S2 Retrospect Helper; C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe [213888 2012-03-02] (Retrospect, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-10-13] (Broadcom Corporation.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-17] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-11-01] (NVIDIA Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 16:17 - 2014-10-20 16:17 - 00000021 _____ () C:\Users\dffpci\Desktop\post job.txt
2014-10-20 15:27 - 2014-10-20 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 15:10 - 2014-10-20 15:14 - 00000000 ____D () C:\AdwCleaner
2014-10-20 15:10 - 2014-10-20 15:13 - 00000000 ____D () C:\Users\dffpci\Desktop\dllhost infection - Virus, Trojan, Spyware, and Malware Removal Logs_files
2014-10-20 14:30 - 2014-10-20 14:30 - 00002014 _____ () C:\Users\dffpci\Downloads\fixlist (1).txt
2014-10-20 14:26 - 2014-10-20 16:49 - 00000000 ____D () C:\Users\dffpci\Desktop\New folder
2014-10-20 14:06 - 2014-10-20 14:06 - 00001228 _____ () C:\Users\dffpci\Downloads\fixlist.txt
2014-10-20 14:03 - 2014-10-20 16:49 - 00000000 ____D () C:\FRST
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\KSafe
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\ProgramData\KSafe
2014-10-20 13:56 - 2014-10-20 13:56 - 00000000 ____D () C:\Program Files (x86)\DllTool
2014-10-20 13:55 - 2014-10-20 13:55 - 08473440 _____ ( ) C:\Users\dffpci\Downloads\DllTool.exe
2014-10-20 13:50 - 2014-10-20 13:50 - 32601272 _____ (Microsoft Corporation) C:\Users\dffpci\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-20 13:45 - 2014-10-20 13:45 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\dffpci\Downloads\tdsskiller.exe
2014-10-20 11:32 - 2014-10-20 15:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 11:32 - 2014-10-20 11:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 11:32 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 11:32 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 11:31 - 2014-10-20 11:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\dffpci\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 13:05 - 1999-12-14 08:54 - 32957848 _____ () C:\Users\dffpci\Desktop\CHEVY.AVI
2014-10-18 13:00 - 2014-10-18 13:13 - 31961704 _____ () C:\Users\dffpci\Desktop\NASA briefing 10-28-2014 v2.pptx
2014-10-18 12:36 - 2014-10-17 18:26 - 09483284 _____ () C:\Users\dffpci\Desktop\ESO briefing 11-03-2014.pptx
2014-10-16 09:37 - 2014-10-16 09:37 - 10926080 _____ () C:\Users\dffpci\Downloads\PN junction, diodes, transistors, circuits.ppt
2014-10-15 16:43 - 2014-10-15 16:43 - 00072261 _____ () C:\Users\dffpci\Downloads\Copy of NSF grants list2.xlsx
2014-10-15 09:42 - 2014-10-17 18:12 - 18348747 _____ () C:\Users\dffpci\Desktop\Raytheon briefing 10-30-2014.pptx
2014-10-15 06:57 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 06:57 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 06:57 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 06:57 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 06:57 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 06:57 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 06:57 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 06:57 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 06:57 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 06:57 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 06:57 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 06:57 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 06:57 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 06:57 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 06:57 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 06:57 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 06:57 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 06:57 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 06:57 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 06:57 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 06:57 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 06:57 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 06:57 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 06:57 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 06:57 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 06:57 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:57 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 06:57 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 06:57 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:57 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 06:57 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 06:57 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 06:57 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 06:57 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 06:57 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 06:57 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 06:57 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 06:57 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 06:57 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 06:57 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 06:57 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 06:57 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 06:57 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 06:57 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:57 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 06:57 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 06:57 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 06:57 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 06:57 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 06:57 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 06:57 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 06:57 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 06:57 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 06:57 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 06:57 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 06:57 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 06:57 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 06:57 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 06:57 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 06:57 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 06:57 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 06:57 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 06:57 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 06:57 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 06:57 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 06:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 06:57 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 06:57 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 06:57 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 06:57 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 06:57 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 06:57 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 06:57 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 06:57 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 06:57 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 06:57 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 06:57 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 06:57 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 06:57 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 06:57 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 06:57 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 06:57 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 06:57 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 06:57 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 06:57 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 06:57 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 06:57 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 06:57 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 06:57 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 06:56 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 06:56 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 06:56 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 06:56 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 06:56 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 06:56 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 06:56 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 06:56 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 06:56 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 06:56 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 06:56 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 06:56 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 06:56 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 06:56 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 06:56 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 06:56 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 06:56 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 06:56 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 06:56 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 17:39 - 2014-10-14 17:43 - 00000029 _____ () C:\Users\dffpci\Desktop\skaneatles.txt
2014-10-09 12:05 - 2014-10-09 12:05 - 00000778 _____ () C:\Users\dffpci\Downloads\onky-bgswitch.js
2014-10-07 22:41 - 2014-10-07 22:41 - 00303802 _____ () C:\Users\dffpci\Downloads\HW7 Download Oct 7, 2014 1041 PM.zip
2014-10-06 10:22 - 2014-10-15 17:04 - 00000122 _____ () C:\Users\dffpci\Desktop\props.txt
2014-10-04 10:47 - 2014-10-04 10:47 - 00141440 _____ () C:\Users\dffpci\Downloads\Technology Gaps for GM-APD Array-based Detectors.pptx
2014-10-03 10:35 - 2014-10-03 10:35 - 00004096 ____H () C:\Users\dffpci\AppData\Local\keyfile3.drm
2014-10-02 15:08 - 2014-10-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 09:54 - 2014-10-02 10:43 - 00014269 _____ () C:\Users\dffpci\Documents\estimate.xlsx
2014-10-01 10:55 - 2014-10-01 13:51 - 00000044 _____ () C:\Users\dffpci\Desktop\todo.txt
2014-10-01 10:23 - 2014-10-01 10:23 - 55303020 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 3.mp4
2014-10-01 10:23 - 2014-10-01 10:23 - 50926980 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 2.mp4
2014-10-01 10:23 - 2014-10-01 10:23 - 50737265 _____ () C:\Users\dffpci\Downloads\The Search For Cosmic Clusters (The Universe 4) part 1.mp4
2014-10-01 06:55 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:55 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 19:44 - 2014-09-30 19:45 - 07222741 _____ () C:\Users\dffpci\Downloads\FI9821W V2.zip
2014-09-30 10:10 - 2014-09-30 10:11 - 12941875 _____ () C:\Users\dffpci\Downloads\FI9821W V2-2.11.2.8-20140408.zip
2014-09-30 08:24 - 2014-09-30 08:25 - 17469986 _____ () C:\Users\dffpci\Downloads\FI9821W V2-2.11.1.6-20140219.zip
2014-09-30 08:17 - 2014-09-30 08:17 - 07222741 _____ () C:\Users\dffpci\Downloads\2.x.1.10-20140516 for all HD cameras.zip
2014-09-26 15:57 - 2014-09-26 15:57 - 00324990 _____ () C:\Users\dffpci\Downloads\VIRGO-F3 Forward Bias.pptx
2014-09-26 14:30 - 2014-09-26 14:30 - 00000000 ____D () C:\67.247.182.8
2014-09-26 12:41 - 2014-09-26 13:18 - 00000462 _____ () C:\Users\dffpci\Desktop\notes.txt
2014-09-25 10:55 - 2014-09-25 10:56 - 00000220 _____ () C:\Users\dffpci\Desktop\probe.txt
2014-09-24 14:36 - 2014-09-24 14:36 - 00594162 _____ () C:\Users\dffpci\Downloads\HW5 Download Sep 24, 2014 236 PM.zip
2014-09-24 06:54 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 06:54 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:52 - 2014-09-23 13:52 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-22 11:13 - 2014-09-22 11:13 - 00000000 ____D () C:\Users\dffpci\.ocs15
2014-09-22 09:53 - 2014-09-22 09:55 - 84877663 _____ () C:\Users\dffpci\Downloads\pit_2015A.1.1.0_windows.exe
2014-09-20 22:36 - 2014-09-20 22:36 - 00000151 _____ () C:\Users\dffpci\Desktop\Peter Thiel- the billionaire tech entrepreneur on a mission to cheat death - Telegraph.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 16:49 - 2012-10-12 23:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 16:49 - 2012-10-12 23:42 - 00000000 ____D () C:\Users\dffpci\AppData\Local\Deployment
2014-10-20 16:47 - 2013-08-13 21:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-20 16:47 - 2012-10-12 23:47 - 01335922 _____ () C:\Windows\PFRO.log
2014-10-20 16:47 - 2012-10-12 22:16 - 01336329 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 16:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 16:47 - 2009-07-14 00:51 - 00063274 _____ () C:\Windows\setupact.log
2014-10-20 16:41 - 2012-10-19 15:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000UA.job
2014-10-20 16:41 - 2012-10-19 15:32 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000Core.job
2014-10-20 16:28 - 2013-04-20 13:47 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-10-20 16:26 - 2012-10-12 23:59 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-10-20 15:52 - 2012-10-12 23:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 15:45 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 15:22 - 2009-07-14 00:45 - 00012416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 15:22 - 2009-07-14 00:45 - 00012416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 15:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2014-10-20 14:54 - 2013-02-27 17:44 - 00000000 ____D () C:\Users\dffpci\Documents\Outlook Files
2014-10-20 13:10 - 2012-10-13 20:53 - 00000000 ____D () C:\Users\dffpci\Documents\Retrospect Catalog Files
2014-10-20 13:10 - 2012-10-13 11:34 - 00000000 ____D () C:\ProgramData\Retrospect
2014-10-20 13:08 - 2012-12-08 16:36 - 00007626 _____ () C:\Users\dffpci\AppData\Local\Resmon.ResmonCfg
2014-10-20 12:28 - 2009-07-14 03:23 - 00000000 ____D () C:\Windows\CSC
2014-10-20 11:41 - 2012-10-13 00:23 - 00000000 ____D () C:\Users\dffpci\AppData\Local\Broadcom
2014-10-20 11:41 - 2009-07-14 03:23 - 00000000 ____D () C:\Windows\ShellNew
2014-10-20 11:32 - 2012-10-30 19:38 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Malwarebytes
2014-10-20 11:32 - 2012-10-30 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 08:50 - 2012-10-13 00:29 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Azureus
2014-10-19 16:24 - 2012-10-13 01:53 - 00002300 ____H () C:\Users\dffpci\Documents\Default.rdp
2014-10-19 15:37 - 2012-10-13 01:21 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Skype
2014-10-19 12:21 - 2014-06-12 14:42 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-19 12:21 - 2012-10-13 01:57 - 00006997 _____ () C:\Windows\system32\lvcoinst.log
2014-10-19 10:51 - 2012-10-13 15:51 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\vlc
2014-10-18 16:47 - 2012-10-12 23:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 16:47 - 2012-10-12 23:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 16:36 - 2012-10-19 15:32 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000UA
2014-10-18 16:36 - 2012-10-19 15:32 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4114197926-80728629-3053230720-1000Core
2014-10-18 13:05 - 2013-03-07 11:27 - 00008704 _____ () C:\Users\dffpci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-15 19:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 07:46 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 07:44 - 2009-07-14 00:45 - 05031392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 07:44 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 07:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 07:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 07:09 - 2012-10-12 23:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 07:07 - 2013-07-20 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 06:57 - 2012-10-13 02:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-09 14:35 - 2012-11-01 10:37 - 00000000 ____D () C:\Users\dffpci\AppData\Roaming\Mozilla
2014-10-03 16:06 - 2014-01-10 10:25 - 00000133 _____ () C:\Users\dffpci\Desktop\NETGEAR Router WNDR3700v3.url
2014-10-03 16:04 - 2014-01-06 16:07 - 00000122 _____ () C:\Users\dffpci\Desktop\IPCam Client remote 89.url
2014-10-03 16:04 - 2013-12-13 11:26 - 00000122 _____ () C:\Users\dffpci\Desktop\IPCam Client remote 88.url
2014-10-02 18:15 - 2012-12-17 16:52 - 00011376 _____ () C:\Users\dffpci\gsview64.ini
2014-10-02 15:08 - 2012-12-03 14:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 15:08 - 2012-10-13 01:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:11 - 2012-10-30 19:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-26 14:33 - 2012-10-13 00:20 - 00000000 ____D () C:\figerdev
2014-09-23 13:52 - 2013-10-16 08:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 13:52 - 2012-10-19 00:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 11:13 - 2012-10-12 22:14 - 00000000 ____D () C:\Users\dffpci
2014-09-22 09:57 - 2013-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini
2014-09-22 09:57 - 2013-09-20 10:15 - 00000000 ____D () C:\Program Files (x86)\Gemini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:00
 
==================== End Of Log ============================
 
 

 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 20 October 2014 - 03:53 PM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 October 2014 - 08:59 PM

I notice the the dllhost processes have been gone since some of the earlier steps. Here is the ESET log.

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\figerdev\images\houses\home\movies\house.exe a variant of Generik.GWZTJVB trojan cleaned by deleting - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\DC1996.EXE Win32/Magistr.24876 virus cleaned - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\dwarf4you.exe Win32/Hybris worm cleaned by deleting - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS2.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS21.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS22.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS23.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS24.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LINKS25.VBS VBS/FreeLink.A virus deleted - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LOVE-LETTER-FOR-YOU.TXT.vbs VBS/LoveLetter.A worm cleaned by deleting - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\LOVE-LETTER-FOR-YOU.TXT1.vbs VBS/LoveLetter.A worm cleaned by deleting - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\Very Funny.vbs VBS/LoveLetter.D worm cleaned by deleting - quarantined
C:\Program Files\Qualcomm\Eudora\Attach\Very Funny1.vbs VBS/LoveLetter.D worm cleaned by deleting - quarantined
C:\Program Files (x86)\Ghostery IE\ButtonUtil.dll a variant of Win32/Toolbar.CrossRider.G potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Ghostery IE\ButtonUtil64.dll a variant of Win64/Toolbar.Crossrider.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Ghostery IE\Ghostery IE-bg.exe a variant of Win32/Toolbar.CrossRider.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Ghostery IE\Ghostery IE.exe a variant of Win32/Toolbar.CrossRider.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Ghostery IE\Ghostery IEGui.exe a variant of Win32/Toolbar.CrossRider.F potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Ghostery IE\Uninstall.exe Win32/Packed.ScrambleWrapper.A potentially unwanted application deleted - quarantined
C:\Users\dffpci\AppData\Local\KTSo_VHD267 via AnySend.exe Win32/AnySend.A potentially unwanted application deleted - quarantined
C:\Users\dffpci\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder\in.old\2006\241C07A7-00000F5C.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined
C:\Users\dffpci\Downloads\cbsidlm-cbsi188-Free_ISO_to_USB-SEO-75880271.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
E:\WLM\Storage Folders\Imported Folder\in.old\2006\241C07A7-00000F5C.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined
J:\figerdev\images\houses\home\movies\house.exe a variant of Generik.GWZTJVB trojan cleaned by deleting - quarantined
J:\predator duplicate old e drive\figerdev\images\houses\home\movies\house.exe a variant of Generik.GWZTJVB trojan cleaned by deleting - quarantined
J:\predator duplicate old e drive\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.DX trojan deleted - quarantined
J:\predator duplicate old e drive\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Bamital.DX trojan deleted - quarantined
J:\predator duplicate old e drive\Windows Live Mail\Storage Folders\Imported Folder\Storage Folders\Inbox.old\2006\241C07A7-00000F5C.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined
J:\predator duplicate old e drive\Windows Live Mail\Storage Folders\Recovered items (2)\08-10-2012  f3e\Storage Fol d6c\Recovered items\08-10-2012  823\Storage Folders\Imported Folder\Storage Folders\Inbox.old\2006\0B63762C-FB637BA7.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined
J:\predator duplicate old e drive\Windows Live Mail\Storage Folders (2)\Recovered items\08-13-2012  c54\Storage Folders\Imported Folder\Storage Folders\Inbox.old\2006\04B61E4B-E456C25B.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined
J:\predator duplicate old e drive\Windows Live Mail\Storage Folders (2)\Recovered items\08-13-2012  c54\Storage Folders\Imported Folder\Storage Folders\Inbox.old\2006\46261CDF-EBE600D2.eml HTML/Phishing.gen trojan cleaned by deleting - quarantined


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 21 October 2014 - 01:26 PM

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 October 2014 - 01:44 PM

Perfect. You are the man - thanks!



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 21 October 2014 - 01:52 PM

Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 October 2014 - 01:58 PM

Thanks!

 

# DelFix v10.8 - Logfile created 21/10/2014 at 14:57:53
# Updated 29/07/2014 by Xplode
# Username : dffpci - PREDATOR
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.40_20.10.2014_13.45.41_log.txt
Deleted : C:\Users\dffpci\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
########## - EOF - ##########


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 21 October 2014 - 02:00 PM

Any further questions before I close the topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 October 2014 - 02:04 PM

One last question. What is the best free anti-malware that you recommend? I have Malwarebytes, but I do not believe that the free version does real-time protection. 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:02 PM

Posted 21 October 2014 - 02:17 PM

I recommend EmsiSoft.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 hooterbif

hooterbif
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 October 2014 - 02:17 PM

Thanks. That's all!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users