Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLhost and fff5ee.com errors


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lcampbell

Lcampbell

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 November 2014 - 01:25 AM

Working on a machine from a friend with a lot of popups. Started it up and tried to kill malware programs but they continued to restart. Rebooted to safemode. Ran malware bytes and removed some programs. Rebooted, updated mailwarebytes and ran again where it quarantied 55 programs and 100+ adware. Rebooted again and noticed no antivirus was loaded. Looking closer it appeared that at sometime AVG had been removed. Machine was purchased (refurbished) around April, posibily on the 17. Noticed many programs installed at that time. Also noticed windows update was disabled. Re-enabled required programs for windows update and ran update. From control panel removed a couple of programs (mypcbackup and BeFrugal toolbar) Temp directory had about 1000 folders (4 digit names). Temp folder emptied (from safemode). Last windows update was 4/17 so either the vendor is a very poor vendor or someone infected the device almost immediatly. after reboot malwarebytes could find no problems but would popup with a block to various ip addresses from dllhost, fff5ee etc. Mailwarebytes logs attached. ffst logs attached, dds logs attached. No other changes are planned(waiting for your response) and pc is turned off.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 13 November 2014 - 01:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555223 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 14 November 2014 - 07:56 PM

Greetings Lcampbell and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me so that I may be able to review the most current information.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 November 2014 - 08:13 PM

FSRT files already uploaded. Summary data appended.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 14 November 2014 - 08:17 PM

Please read the instructions carefully. I need the 2 FRST logs copied and pasted in your reply. The msinfo information is not attached.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 November 2014 - 08:22 PM

I am sorry - I did not see the attach files button. Here are the files.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014
Ran by Lenovo (administrator) on LEN-M57-01 on 07-11-2014 23:17:58
Running from E:\
Loaded Profile: Lenovo (Available profiles: Lenovo)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Capital Intellect, Inc.) C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Capital Intellect, Inc.) C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BFHP] => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe [929936 2014-08-08] (Capital Intellect, Inc.)
HKLM\...\Run: [NetworkInformer] => C:\Users\Lenovo\AppData\Local\Temp\temp536476995.exe <===== ATTENTION
HKLM\...\Run: [Wilizynoexahu] => "C:\Users\Lenovo\AppData\Roaming\Utubxy\gidodua.exe"
HKLM\...\Run: [Zibypaom] => C:\Users\Lenovo\AppData\Roaming\Tyerado\piifa.exe
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [EPSON NX410 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [199680 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Obics] => C:\Users\Lenovo\AppData\Local\Obics\zhcumgv.exe
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Icsoft] => regsvr32.exe C:\Users\Lenovo\AppData\Local\Icsoft\DesignReviewCore.dll <===== ATTENTION
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [IWsoft] => C:\Windows\System32\regsvr32.exe C:\Users\Lenovo\AppData\Local\Obics\pjbpumhkgedsp.dll
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [certxpps] => C:\Windows\system32\Apphmapi.exe
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [XileqVurwa] => regsvr32.exe "C:\ProgramData\XileqVurwa\XileqVurwa.dat"
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [IiktAxih] => regsvr32.exe "C:\ProgramData\IiktAxih\IiktAxih.dat"
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Wilizynoexahu] => C:\Users\Lenovo\AppData\Roaming\Utubxy\gidodua.exe
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [LubeNanf] => regsvr32.exe "C:\ProgramData\LubeNanf\LubeNanf.dat"
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [ivijios] => rundll32 "C:\Users\Lenovo\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [Zibypaom] => C:\Users\Lenovo\AppData\Roaming\Tyerado\piifa.exe
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...\Run: [XetqEpru] => regsvr32.exe "C:\ProgramData\XetqEpru\XetqEpru.dat"
HKU\S-1-5-21-1970254496-3783136834-1932615703-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x21A1ADC75CF8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyCtCzyzy0EyDyC0E0BtB0FtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByEyC0C0B0ByB0CtGtD0DyD0FtGyEyEtCzztGyEzzzzzytGyD0CtAyDzz0FyEtC0FtC0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0D0EtBtAzztDtGtAtCyCtBtG0FtB0BtCtG0EtCyD0BtGyE0Dzy0DzytAyByCtAyB0BtB2Q&cr=1763815390&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyCtCzyzy0EyDyC0E0BtB0FtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByEyC0C0B0ByB0CtGtD0DyD0FtGyEyEtCzztGyEzzzzzytGyD0CtAyDzz0FyEtC0FtC0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0D0EtBtAzztDtGtAtCyCtBtG0FtB0BtCtG0EtCyD0BtGyE0Dzy0DzytAyByCtAyB0BtB2Q&cr=1763815390&ir=
SearchScopes: HKCU - DefaultScope {C410E9E8-CEEA-4C97-A807-BB5A5CA17AE4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyCtCzyzy0EyDyC0E0BtB0FtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByEyC0C0B0ByB0CtGtD0DyD0FtGyEyEtCzztGyEzzzzzytGyD0CtAyDzz0FyEtC0FtC0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0D0EtBtAzztDtGtAtCyCtBtG0FtB0BtCtG0EtCyD0BtGyE0Dzy0DzytAyByCtAyB0BtB2Q&cr=1763815390&ir=
SearchScopes: HKCU - {C410E9E8-CEEA-4C97-A807-BB5A5CA17AE4} URL = https://www.google.com/search?q={searchTerms}
BHO: BeFrugalIEHelper -> {2335A057-CBA6-40F6-A712-C6A7C98F7813} -> C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BeFrugal.com Toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.17.49.1
Tcpip\..\Interfaces\{9CB0C9F7-5F8E-4912-9249-1532B7DC8802}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Microsoft.CLRAdmin.CAbout) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-30]
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (WOT) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-04-17]
CHR Extension: (Adblock Plus) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-17]
CHR Extension: (savuEITkkeeeepo.) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkmnpileceenpkaibpgemojealpcdlg [2014-06-08]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-04-17]
CHR Extension: (Mozilla Gecko Tab) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icoloanbecehinobmflpeglknkplbfbm [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BeFrugal.com Service; C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe [425616 2014-08-08] (Capital Intellect, Inc.)
S2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-05-20] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [69632 2006-02-28] (CrypKey (Canada) Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2006-08-22] (SafeNet, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [31846 2006-01-09] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [33504 2006-08-22] (SafeNet, Inc.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ADIHdAud.sys 98ADC1F2B4EFEE3CFC83CCCEF0190466
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\System32\DRIVERS\e1e6232.sys 0535BFBEDB9378DDD15BDF9957D57D71
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys 0BF1D760B05CAAAF231123D53C4789E2
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 9467514EA189475A6E7FDC5D7BDE9D3F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
C:\Windows\system32\drivers\mwac.sys 7A6526C8BD114DB7CA8930AB22D52A0B
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\ckldrv.sys AC1070B9B4902EB6E56466056AB0159B
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfswin7.sys 437B3AFBD82658CC615B7926D392B840
C:\Windows\System32\DRIVERS\Sftplaywin7.sys F7489556C6E21C62EB2468F28BB68865
C:\Windows\System32\DRIVERS\Sftredirwin7.sys F91874D5C14184AC60B64F0234EA16D1
C:\Windows\System32\DRIVERS\Sftvolwin7.sys DABC26764F836651C232A4F9AA419CBB
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SNTNLUSB.SYS 1475A9533649935A048EA5E27F8C3B37
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys 5AD05191DC8B444A7BA4D79B76C42A30
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 23:17 - 2014-11-07 23:18 - 00000000 ____D () C:\FRST
2014-11-07 22:48 - 2014-11-07 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-07 22:48 - 2014-10-03 10:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 22:46 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-07 22:46 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-07 22:46 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-07 22:46 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-07 22:46 - 2012-02-29 23:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-11-07 22:46 - 2012-02-29 23:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-11-07 22:34 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-07 22:34 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-07 22:34 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-07 22:34 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-07 22:34 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-07 22:34 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-07 22:34 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-07 22:34 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-07 22:34 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-07 22:34 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-07 22:34 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-07 22:34 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-07 22:34 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-07 22:34 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-07 22:34 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-07 22:34 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-07 22:34 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-07 22:34 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-07 22:34 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-07 22:34 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-07 22:34 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-07 22:34 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-07 22:34 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-07 22:34 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-07 22:34 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-07 22:34 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-07 22:34 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-07 22:34 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-07 22:34 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-07 22:34 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-07 22:27 - 2013-04-12 07:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-11-07 22:26 - 2014-06-15 19:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-07 22:26 - 2014-06-15 19:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-11-07 22:26 - 2014-06-15 19:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-11-07 22:26 - 2014-06-03 03:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-07 22:26 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-07 22:26 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-07 22:26 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-07 22:26 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-11-07 22:26 - 2013-10-11 20:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-11-07 22:26 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-11-07 22:26 - 2012-06-05 23:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-11-07 22:24 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-07 22:24 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-07 22:24 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-07 22:24 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-07 22:24 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-07 22:24 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-07 22:24 - 2014-07-06 19:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-07 22:24 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-07 22:24 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-07 22:24 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-07 22:24 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-07 22:24 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-07 22:24 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-11-07 22:24 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-07 22:24 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-11-07 22:24 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-11-07 22:24 - 2013-02-14 21:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-07 22:24 - 2012-04-25 22:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-11-07 22:24 - 2012-04-25 22:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-11-07 22:22 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-11-07 22:22 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-07 22:22 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-11-07 22:22 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-07 22:22 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-07 22:22 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-11-07 22:22 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-11-07 22:22 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-11-07 22:22 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-11-07 22:22 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-11-07 22:22 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-11-07 22:22 - 2013-10-03 19:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-11-07 22:22 - 2013-10-03 19:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-11-07 22:22 - 2013-07-25 19:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-11-07 22:22 - 2013-07-12 04:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-11-07 22:22 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-11-07 22:22 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-11-07 22:22 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-11-07 22:22 - 2013-07-04 05:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-11-07 22:22 - 2013-05-12 21:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-11-07 22:22 - 2013-05-12 21:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-11-07 22:22 - 2012-11-01 23:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-11-07 22:22 - 2012-05-13 22:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-07 22:22 - 2011-08-16 22:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-11-07 22:22 - 2011-08-16 22:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-11-07 22:22 - 2011-04-28 20:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-11-07 22:22 - 2011-04-28 20:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-11-07 22:22 - 2011-04-28 20:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-11-07 22:22 - 2011-03-02 23:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-07 22:22 - 2011-03-02 23:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-07 22:22 - 2011-03-02 23:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-11-07 22:22 - 2010-12-22 23:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-11-07 22:22 - 2010-12-22 23:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-11-07 22:22 - 2010-12-22 23:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-11-07 22:21 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-07 22:21 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-07 22:21 - 2014-08-22 19:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-07 22:21 - 2014-07-13 19:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-07 22:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-07 22:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-07 22:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-07 22:21 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-07 22:21 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-07 22:21 - 2014-05-30 00:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-07 22:21 - 2014-04-04 20:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-07 22:21 - 2014-04-04 20:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-07 22:21 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-11-07 22:21 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-07 22:21 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-11-07 22:21 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-11-07 22:21 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-11-07 22:21 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-11-07 22:21 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-11-07 22:21 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-11-07 22:21 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-07 22:21 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-11-07 22:21 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-07 22:21 - 2013-07-02 22:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-11-07 22:21 - 2013-07-02 21:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-11-07 22:21 - 2013-07-02 21:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-11-07 22:21 - 2013-06-05 22:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-11-07 22:21 - 2013-06-05 22:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-11-07 22:21 - 2013-06-05 22:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-11-07 22:21 - 2013-06-05 21:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-11-07 22:21 - 2013-06-05 21:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-11-07 22:21 - 2013-04-25 22:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-07 22:21 - 2013-04-09 17:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-11-07 22:21 - 2013-02-26 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-07 22:21 - 2013-02-11 21:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-11-07 22:21 - 2012-09-25 16:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-11-07 22:21 - 2012-07-04 15:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-11-07 22:21 - 2012-07-04 15:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-11-07 22:21 - 2012-07-04 15:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-11-07 22:21 - 2011-12-16 01:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-11-07 22:21 - 2011-11-16 23:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-11-07 22:21 - 2011-10-25 22:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-11-07 22:21 - 2011-10-25 22:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-07 22:21 - 2011-10-14 23:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-11-07 22:21 - 2011-05-02 22:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-07 22:21 - 2011-03-10 23:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-11-07 22:21 - 2011-03-10 23:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-11-07 22:21 - 2011-02-11 23:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-11-07 22:20 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-07 22:20 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-11-07 22:20 - 2014-04-11 20:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-07 22:20 - 2014-04-11 20:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-07 22:20 - 2014-04-11 20:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-07 22:20 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-07 22:20 - 2014-04-11 20:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-07 22:20 - 2014-04-11 20:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-07 22:20 - 2014-03-04 03:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-11-07 22:20 - 2013-08-01 19:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 18:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-11-07 22:20 - 2013-08-01 18:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 18:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-11-07 22:20 - 2013-08-01 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-11-07 22:20 - 2013-07-20 04:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-07 22:20 - 2013-07-04 06:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-07 22:20 - 2013-06-25 16:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-11-07 22:20 - 2012-11-28 16:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-11-07 22:20 - 2012-11-28 16:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-11-07 22:20 - 2012-11-28 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-11-07 22:20 - 2012-03-17 01:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-11-07 22:20 - 2011-08-26 22:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-07 22:20 - 2011-08-26 22:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-11-07 22:20 - 2011-07-08 20:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-11-07 22:20 - 2011-06-15 02:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2014-11-07 22:20 - 2011-06-15 02:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-11-07 22:20 - 2011-06-15 02:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-11-07 22:20 - 2011-06-15 02:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-11-07 22:20 - 2011-06-15 02:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-11-07 22:20 - 2011-05-24 04:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-11-07 22:20 - 2011-04-26 20:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-11-07 22:20 - 2011-04-26 20:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-11-07 22:20 - 2011-02-22 22:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-11-07 22:16 - 2011-04-08 23:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-11-07 22:05 - 2014-05-14 10:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-07 22:05 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-07 22:05 - 2014-05-14 10:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-07 22:05 - 2014-05-14 10:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-07 22:05 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-07 22:05 - 2014-05-14 10:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-07 22:05 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-07 22:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-07 22:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-07 21:20 - 2014-11-07 21:21 - 00080199 _____ () C:\malwareissues.txt
2014-11-07 21:13 - 2014-11-07 23:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-07 21:13 - 2014-11-07 21:13 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-07 21:13 - 2014-11-07 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 21:13 - 2014-11-07 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 21:13 - 2014-11-07 21:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-07 21:13 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-07 21:13 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-07 21:13 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 20:20 - 2014-11-07 21:33 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Racuhea
2014-11-04 20:20 - 2014-11-07 21:30 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Rucozyo
2014-11-04 20:19 - 2014-11-07 21:33 - 00000000 ____D () C:\ProgramData\QifoZhidc
2014-11-04 20:19 - 2014-11-07 21:21 - 00000000 ____D () C:\ProgramData\TagcEshe
2014-11-04 15:50 - 2014-11-07 21:33 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Esanwun
2014-11-04 15:50 - 2014-11-07 21:33 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Cyosyw
2014-11-04 13:38 - 2014-11-07 21:33 - 00000000 ____D () C:\ProgramData\XetqEpru
2014-11-04 13:38 - 2014-11-07 21:33 - 00000000 ____D () C:\ProgramData\LubeNanf
2014-11-02 17:35 - 2014-11-07 21:33 - 00000000 ____D () C:\ProgramData\XileqVurwa
2014-11-02 17:35 - 2014-11-02 17:35 - 00000000 ____D () C:\ProgramData\IiktAxih
2014-11-02 16:22 - 2014-11-07 21:32 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Tyerado
2014-11-02 16:04 - 2014-11-07 21:33 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Utubxy
2014-11-02 15:59 - 2014-11-04 20:20 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-02 15:58 - 2014-11-02 15:58 - 00000120 _____ () C:\Windows\system32\Ä
2014-10-30 18:23 - 2014-10-30 18:23 - 00008562 _____ () C:\Users\Lenovo\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:23 - 2014-10-30 18:23 - 00008562 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:23 - 2014-10-30 18:23 - 00008562 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:23 - 2014-10-30 18:23 - 00004224 _____ () C:\Users\Lenovo\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:23 - 2014-10-30 18:23 - 00004224 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:23 - 2014-10-30 18:23 - 00004224 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:23 - 2014-10-30 18:23 - 00000276 _____ () C:\Users\Lenovo\INSTALL_TOR.URL
2014-10-30 18:23 - 2014-10-30 18:23 - 00000276 _____ () C:\Users\INSTALL_TOR.URL
2014-10-30 18:23 - 2014-10-30 18:23 - 00000276 _____ () C:\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Lenovo\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Lenovo\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Lenovo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Lenovo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Lenovo\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Default\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Default\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Default\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Default User\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\Users\Default User\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Lenovo\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Lenovo\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Lenovo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Lenovo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Lenovo\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Default\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Default\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Default\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Default User\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\Users\Default User\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Lenovo\Downloads\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Lenovo\Documents\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Lenovo\AppData\Roaming\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Lenovo\AppData\Local\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Lenovo\AppData\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Default\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Default\AppData\Local\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Default\AppData\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Default User\AppData\Local\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\Users\Default User\AppData\INSTALL_TOR.URL
2014-10-30 18:22 - 2014-10-30 18:22 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-30 18:19 - 2014-11-04 21:45 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 18:19 - 2014-11-04 21:45 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 18:18 - 2014-10-30 18:18 - 00000448 ____H () C:\Users\Lenovo\AppData\Roaming\麽鎒駓覜
2014-10-30 18:18 - 2014-10-30 18:18 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\FrameworkUpdate7
2014-10-30 16:04 - 2014-11-02 15:03 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Obics
2014-10-30 16:04 - 2014-10-30 18:22 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Icsoft
2014-10-21 09:56 - 2014-10-21 09:56 - 00000000 _____ () C:\Windows\system32\debug.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 23:17 - 2014-06-14 11:30 - 00126841 _____ () C:\Windows\error.log
2014-11-07 23:17 - 2009-07-13 22:34 - 00024288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 23:17 - 2009-07-13 22:34 - 00024288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 23:17 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-07 23:17 - 2009-07-13 20:04 - 00000423 _____ () C:\Windows\win.ini
2014-11-07 23:16 - 2014-09-13 11:33 - 00000406 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job
2014-11-07 23:16 - 2014-04-17 13:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 23:15 - 2014-06-14 11:30 - 00002316 _____ () C:\Windows\errord.log
2014-11-07 23:15 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 23:15 - 2009-07-13 22:39 - 00047895 _____ () C:\Windows\setupact.log
2014-11-07 23:11 - 2009-07-13 22:33 - 00306656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-07 23:09 - 2014-04-17 02:56 - 01790064 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 23:09 - 2011-04-11 20:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-07 23:09 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-07 23:09 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-07 22:44 - 2014-04-17 13:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 22:42 - 2014-05-20 12:37 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-11-07 22:22 - 2014-09-17 17:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 22:11 - 2010-11-20 15:01 - 00714754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 21:36 - 2010-11-20 15:48 - 00204534 _____ () C:\Windows\PFRO.log
2014-11-07 21:22 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\security
2014-11-07 21:21 - 2014-05-20 12:42 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Systweak
2014-11-07 21:21 - 2014-05-20 12:37 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\UpdaterEX
2014-11-07 21:21 - 2014-05-20 12:37 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-11-06 10:28 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\SoftGrid Client
2014-11-04 14:30 - 2014-04-17 13:16 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 13:02 - 2014-05-20 12:42 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-04 12:37 - 2014-05-20 12:37 - 00000118 _____ () C:\Users\Lenovo\AppData\Roaming\WB.CFG
2014-10-30 18:23 - 2014-04-17 12:56 - 00000000 ____D () C:\Users\Lenovo
2014-10-30 18:22 - 2014-09-13 11:33 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Mozilla
2014-10-30 18:22 - 2014-06-14 11:33 - 00000000 ____D () C:\Users\Lenovo\Desktop\designs
2014-10-30 18:22 - 2014-06-14 11:29 - 00000000 ____D () C:\Designer's Gallery
2014-10-30 18:22 - 2014-06-14 11:23 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Broderbund Software
2014-10-30 18:22 - 2014-06-03 19:54 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Minute Menu
2014-10-30 18:22 - 2014-05-20 12:42 - 00000000 ____D () C:\Users\Lenovo\Documents\Optimizer Pro
2014-10-30 18:22 - 2014-05-19 17:07 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Microsoft Games
2014-10-30 18:22 - 2014-05-19 16:48 - 00000000 ____D () C:\ProgramData\EPSON
2014-10-30 18:22 - 2014-05-14 15:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-30 18:22 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Google
2014-10-30 18:22 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-10-27 17:37 - 2009-07-13 22:53 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 09:56 - 2014-04-17 13:15 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Adobe
2014-10-20 16:24 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {b656ef97-be8b-11e3-9d5d-00218622b570}
displayorder            {current}
                        {b656ef99-be8b-11e3-9d5d-00218622b570}
toolsdisplayorder       {memdiag}
timeout                 5

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {b656ef9a-be8b-11e3-9d5d-00218622b570}
recoveryenabled         No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b656ef97-be8b-11e3-9d5d-00218622b570}
nx                      OptIn
bootstatuspolicy        IgnoreAllFailures

Windows Boot Loader
-------------------
identifier              {b656ef99-be8b-11e3-9d5d-00218622b570}

Windows Boot Loader
-------------------
identifier              {b656ef9a-be8b-11e3-9d5d-00218622b570}

Resume from Hibernate
---------------------
identifier              {b656ef97-be8b-11e3-9d5d-00218622b570}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             System Restore
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \boot\boot.sdi

Device options
--------------
identifier              {b656ef9b-be8b-11e3-9d5d-00218622b570}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\b656ef9a-be8b-11e3-9d5d-00218622b570\boot.sdi



LastRegBack: 2014-10-26 13:30

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014
Ran by Lenovo at 2014-11-07 23:18:46
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
BeFrugal.com Toolbar (HKLM\...\BeFrugal.com Toolbar_is1) (Version: 2013.3.14.1 - BeFrugal.com)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Designer's Gallery MasterWorks II (HKLM\...\{1B820A15-6CFB-42FF-9142-599CC44993B6}) (Version: 2.0.0.1850 - Pulse Microsystems Ltd)
Designer's Gallery MasterWorks II ClipArt (HKLM\...\{53ACC868-F821-42E3-9CC2-F6145AF84892}) (Version: 1.00.0000 - Pulse)
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
EPSON NX410 Series Printer Uninstall (HKLM\...\EPSON NX410 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Guild Wars (HKLM\...\Guild Wars) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
K-Lite Codec Pack 10.4.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7122.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Minute Menu Kids (HKLM\...\SkyHillKIDSforWindows_is1) (Version:  - Minute Menu Systems, LLC)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PrintMaster 12 (HKLM\...\{2A304FDE-F4E3-446D-AA0D-31425C897B71}) (Version:  - Broderbund LLC)
Sentinel Keys Protection Installer 1.0.2 (English) (HKLM\...\{F9F33778-C720-475B-9483-6B0EDF2B50EB}) (Version: 1.0.2 - SafeNet, Inc.)
Shockwave (HKLM\...\Shockwave) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970254496-3783136834-1932615703-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2014-11-04 20:20 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15C20AF0-086B-4C7A-B03E-4CF5F7F7BF3F} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {1D76857D-05F9-43B8-B973-FD3602EA70D8} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2014-08-08] (Capital Intellect, Inc.)
Task: {26CC593E-13B2-4502-9E3D-FBF91FE0F245} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {302B476B-0D15-4264-8D50-AFEF35A286DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {30EB2FB9-352A-41BC-8232-3A7EE6612D9F} - \Speedial No Task File <==== ATTENTION
Task: {3C06E03F-CD99-43D6-94F8-597BAB867111} - System32\Tasks\Security Center Update - 3535193073 => C:\Users\Lenovo\AppData\Roaming\Esanwun\finuwuy.exe <==== ATTENTION
Task: {4064E25A-9407-45A0-B942-77016980A3F1} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4E684882-50ED-44BF-855E-783B7F7068EE} - \pricemetertask No Task File <==== ATTENTION
Task: {7CFA67A1-2BBC-4EF4-B97B-8859E66234D9} - System32\Tasks\Security Center Update - 4248118356 => C:\Users\Lenovo\AppData\Roaming\Cyosyw\xeybake.exe <==== ATTENTION
Task: {8AB002F0-B9BC-4177-9AE1-936212CA420A} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {8FD1750A-8434-4677-B659-A0448C54DBE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {9B303CE1-A4C4-4CC9-AB8E-246F0E8C9787} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {9F2BDC75-AD3A-4625-96E6-22874256BD5F} - System32\Tasks\UpdaterEX => C:\Users\Lenovo\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A01274AF-2E3C-4380-8440-E6A031417D01} - System32\Tasks\Security Center Update - 770542652 => C:\Users\Lenovo\AppData\Roaming\Tyerado\piifa.exe <==== ATTENTION
Task: {AD448CF8-D2A6-404B-9F1A-F3D4308290B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {B6110B81-E2E3-4340-AB22-B6FAA09E347A} - System32\Tasks\Security Center Update - 2992118736 => C:\Users\Lenovo\AppData\Roaming\Utubxy\gidodua.exe <==== ATTENTION
Task: {DBED75D3-EA79-44A8-8F7E-FDF7DCF44B2A} - System32\Tasks\Security Center Update - 233441348 => C:\Users\Lenovo\AppData\Roaming\Racuhea\hevua.exe <==== ATTENTION
Task: {DDCE16E4-4D18-43CE-AB4C-96733C8DB21E} - System32\Tasks\Security Center Update - 2667775612 => C:\Users\Lenovo\AppData\Roaming\Rucozyo\ywohut.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Lenovo\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1970254496-3783136834-1932615703-500 - Administrator - Disabled)
Guest (S-1-5-21-1970254496-3783136834-1932615703-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1970254496-3783136834-1932615703-1002 - Limited - Enabled)
Lenovo (S-1-5-21-1970254496-3783136834-1932615703-1000 - Administrator - Enabled) => C:\Users\Lenovo

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 11:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: update /queue.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:3.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.


System errors:
=============
Error: (11/07/2014 11:17:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/07/2014 11:15:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:31 PM on ‎11/‎7/‎2014 was unexpected.

Error: (11/07/2014 11:13:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:12:01 PM on ‎11/‎7/‎2014 was unexpected.

Error: (11/07/2014 10:56:12 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (11/07/2014 10:31:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/07/2014 10:23:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BeFrugal.com Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/07/2014 10:08:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/07/2014 10:01:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/07/2014 09:38:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/07/2014 09:36:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/07/2014 11:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: update /queue.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: install "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:3.  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.

Error: (11/07/2014 11:14:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was A system shutdown is in progress. (Exception from HRESULT: 0x8007045B)
.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 33%
Total physical RAM: 3061.3 MB
Available physical RAM: 2027.74 MB
Total Pagefile: 6120.89 MB
Available Pagefile: 5056.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.59 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.26 GB) (Free:889.25 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:0.17 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 531DCB6D)
Partition 1: (Active) - (Size=21.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=910.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 71BE3A93)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================

Attached Files

  • Attached File  scan.zip   36.8KB   2 downloads
  • Attached File  sum.zip   68.7KB   1 downloads

Edited by Oh My!, 14 November 2014 - 09:07 PM.
Posted logs


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 14 November 2014 - 09:17 PM

I don't mind continuing to clean this computer but it is still severely infected despite your efforts already. The infections is known as a Backdoor Trojan and although it is up to you, my recommendation would be to wipe the hard drive and reinstall the operating system if you have the means to do that.  Here is some information about the Backdoor.  Let me know what you think.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Edited by Oh My!, 14 November 2014 - 09:17 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 November 2014 - 09:47 PM

That was kinda what I was thinking too.
She does not have any installation disks. She will call the company tomorrow to see if she can get it reloaded. Meanwhile I will try to extract any data (sewing patterns only apparently). Otherwise I don't have any good options other than to fix it. Unfortunately she had used it for banking so I relayed your message. She has a vista laptop but as it is Vista I would not guarantee that it that it is clean. It would be hard to tell as it is slow anyway. I will know by tomorrow whether we need to clean this box. Thanks for taking a look and I will inform you tomorrow the status of this case.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 14 November 2014 - 10:04 PM

Sounds good, I will wait to hear. Sorry to bring such bad news.....
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 November 2014 - 11:25 PM

Arg it looks like this machine got hit by cryptowall too. Reformatting is looking more and more as the best option.



#11 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 November 2014 - 12:39 PM

Ok I think we can close this. (supposedly there is a restore partition but I did not see it. Also there should be a disk inside the machine). However I am open to suggestions as to protect it. I think she has AVG. Now I am even more paranoid on my own machine but I don't want to inflict my solution on her except maybe a host file.
My protections include:
I log on with a non-administator id.
A sandbox if the software is questionable.
A host file setting a bunch of known malicious (and adware) sites to null address (and a linux firewall with an automatically updated host list doing the same used as a DNS).
Noscript loaded on firefox and used to prevent scripts from automatically running.
I thought I had comodo loaded but I don't see it. hum.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 15 November 2014 - 04:18 PM

At your suggestion I will close the topic but you can send me a Personal Message if you need to.

Here is some information for you to consider in regards to protecting your computer going forward.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:43 AM

Posted 15 November 2014 - 04:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users