Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple dllhost.exe processes consuming memory


  • This topic is locked This topic is locked
21 replies to this topic

#1 MikeJensen

MikeJensen

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 December 2014 - 10:34 PM

Greetings!

 

I have been running into an issue where multiple (I'd estimate at least 100 currently) dllhost.exe processes are running at one point in time. So many start running that my memory is almost 100% consumed, crippling my computer. The problem went away for a while but has now come back. After looking at this report I realized that the last time I tried to fix this problem, one of the steps involved disabling my antivirus, which I forgot to re-enable. I just tried to reenable antivirus (microsoft security essentials) and I was unable to. The error description when I tried to update was "The definition updates couldn't be installed. Please try again later."

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.51.2
Run by Mike at 15:11:08 on 2014-12-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16352.3273 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Outdated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\svchost.exe -k RPCSS
f:\Program Files\Microsoft Security Client\MsMpEng.exe
F:\Windows\system32\atiesrxx.exe
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k LocalService
F:\Windows\system32\svchost.exe -k netsvcs
F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
F:\Windows\system32\atieclxx.exe
F:\Program Files\Tablet\Wacom\WTabletServicePro.exe
F:\Windows\SYSTEM32\WISPTIS.EXE
F:\Windows\system32\svchost.exe -k NetworkService
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
F:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\CrashPlan\CrashPlanService.exe
F:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
F:\Windows\System32\WUDFHost.exe
F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
F:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
F:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
F:\Windows\system32\SearchIndexer.exe
F:\Windows\system32\taskhost.exe
F:\Windows\SYSTEM32\WISPTIS.EXE
F:\Windows\system32\Dwm.exe
F:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
F:\Program Files\Tablet\Wacom\WacomHost.exe
F:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
F:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
F:\Program Files\Microsoft Security Client\msseces.exe
F:\Program Files\Logitech Gaming Software\LCore.exe
F:\Program Files\Ditto\Ditto.exe
F:\Program Files (x86)\Google\Drive\googledrivesync.exe
F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
F:\Program Files\CrashPlan\CrashPlanTray.exe
F:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
F:\Program Files (x86)\Launchy\Launchy.exe
F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F:\Windows\SysWOW64\rundll32.exe
F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
F:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
F:\Program Files\ToggleHiddenFiles\ToggleHiddenFiles.exe
F:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
F:\Windows\system32\wuauclt.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\Program Files (x86)\Google\Drive\googledrivesync.exe
F:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
F:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
F:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
F:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
F:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
F:\Windows\explorer.exe
F:\Program Files\HitmanPro\hmpsched.exe
F:\Windows\system32\taskhost.exe
F:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
F:\Windows\system32\svchost.exe -k imgsvc
F:\Windows\system32\calc.exe
F:\Windows\system32\taskeng.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
F:\Program Files (x86)\TechSmith\Camtasia Studio 8\TSCHelp.exe
F:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe
F:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
F:\Program Files (x86)\Common Files\Adobe\dynamiclink\7.0\dynamiclinkmanager.exe
F:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
F:\Program Files (x86)\Pixologic\ZBrush 4R6\ZBrush.exe
F:\Program Files (x86)\qBittorrent\qbittorrent.exe
F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
F:\Windows\system32\taskmgr.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Windows\system32\wbem\wmiprvse.exe
F:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Ditto] F:\Program Files\Ditto\Ditto.exe
uRun: [GoogleDriveSync] "F:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_AA1026B0738EB23C9D4A63B50E2DCCE0] "F:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "F:\Users\Mike\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [puush] F:\Program Files (x86)\puush\puush.exe
mRun: [StartCCC] "F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "F:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [AdobeCEPServiceManager] "F:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [VirtualCloneDrive] "F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [IJNetworkScannerSelectorEX] F:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: F:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - F:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: F:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - F:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: F:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TOGGLE~1.LNK - F:\Program Files\ToggleHiddenFiles\ToggleHiddenFiles.exe
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - F:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - F:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - F:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - F:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BD12D35C-F6C5-4ED6-AF54-993811820223} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "F:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [MSC] "F:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LCore] F:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\
FF - prefs.js: keyword.URL - 
FF - plugin: F:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: F:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: F:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: F:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: F:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: F:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: F:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;F:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;F:\Windows\System32\atiesrxx.exe [2014-3-23 239616]
R2 CrashPlanService;CrashPlan Backup Service;F:\Program Files\CrashPlan\CrashPlanService.exe [2014-2-19 223232]
R2 HitmanProScheduler;HitmanPro Scheduler;F:\Program Files\HitmanPro\hmpsched.exe [2014-11-27 127752]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;F:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-14 86016]
R2 UsbClientService;UsbClientService;F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2014-1-22 248736]
R2 WTabletServicePro;Wacom Professional Service;F:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-3-23 613688]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;F:\Windows\System32\drivers\AtihdW76.sys [2014-3-23 94208]
R3 busenum;Synology Virtual USB Hub;F:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 hidkmdf;KMDF Driver;F:\Windows\System32\drivers\hidkmdf.sys [2014-3-23 14320]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;F:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;F:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;F:\Windows\System32\drivers\Rt64win7.sys [2014-3-23 888536]
R3 WacHidRouter;Wacom Hid Router;F:\Windows\System32\drivers\wachidrouter.sys [2014-3-23 82416]
R3 wacomrouterfilter;Wacom Router Filter Driver;F:\Windows\System32\drivers\wacomrouterfilter.sys [2014-3-23 15344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-3-23 79360]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-3-23 1471352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;F:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 NisDrv;Microsoft Network Inspection System;F:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
S3 NisSrv;Microsoft Network Inspection;F:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;F:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-23 20992]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-23 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-23 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-23 171416]
S3 TsUsbFlt;TsUsbFlt;F:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;F:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-23 1255736]
.
=============== Created Last 30 ================
.
2014-12-06 23:19:30 -------- d-----w- F:\Users\Mike\AppData\Local\TechSmith
2014-11-27 19:40:06 -------- d-----w- F:\Program Files\HitmanPro
2014-11-27 19:35:48 -------- d-----w- F:\ProgramData\HitmanPro
2014-11-27 19:23:58 129752 ----a-w- F:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-27 19:23:47 93400 ----a-w- F:\Windows\System32\drivers\mbamchameleon.sys
2014-11-27 19:23:47 63704 ----a-w- F:\Windows\System32\drivers\mwac.sys
2014-11-27 19:23:47 -------- d-----w- F:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 19:23:17 -------- d-----w- F:\Users\Mike\AppData\Roaming\Malwarebytes
2014-11-27 18:35:06 -------- d-----w- F:\$RECYCLE.BIN
2014-11-27 18:05:03 98816 ----a-w- F:\Windows\sed.exe
2014-11-27 18:05:03 256000 ----a-w- F:\Windows\PEV.exe
2014-11-27 18:05:03 208896 ----a-w- F:\Windows\MBR.exe
2014-11-27 06:13:52 75888 ----a-w- F:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C6A5C93-689E-41A3-8862-D8B5E67B7F6C}\offreg.dll
2014-11-27 06:10:23 11632448 ----a-w- F:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C6A5C93-689E-41A3-8862-D8B5E67B7F6C}\mpengine.dll
2014-11-26 06:24:06 3981488 ----a-w- F:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-26 06:03:45 11632448 ----a-w- F:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-21 06:09:49 1188440 ----a-w- F:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B0F29D3-8E89-4A96-A4E0-5612FEC17960}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-12-10 14:24:09 71344 ----a-w- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 14:24:09 701104 ----a-w- F:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25:26 275080 ------w- F:\Windows\System32\MpSigStub.exe
2014-10-01 19:11:12 25816 ----a-w- F:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- F:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- F:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- F:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- F:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- F:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- F:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- F:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- F:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- F:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- F:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- F:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- F:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- F:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- F:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- F:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- F:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- F:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- F:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- F:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- F:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- F:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- F:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- F:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- F:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- F:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- F:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- F:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- F:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- F:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- F:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- F:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- F:\Windows\SysWow64\msi.dll
.
============= FINISH: 15:12:22.36 ===============
 

 



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 14 December 2014 - 10:37 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 15 December 2014 - 01:27 AM

Hey RPMcMurphy!

 

Thanks for taking the time to help!

 

Here's the files you requested. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Mike (administrator) on MIKE-PC on 14-12-2014 22:11:01
Running from F:\Users\Mike\Downloads\Chrome
Loaded Profile: Mike (Available profiles: Mike)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) F:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) F:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) F:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) F:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) F:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) F:\Program Files\Bonjour\mDNSResponder.exe
(Code 42 Software) F:\Program Files\CrashPlan\CrashPlanService.exe
() F:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
() F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) F:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) F:\Windows\System32\atieclxx.exe
(Microsoft Corporation) F:\Windows\System32\wisptis.exe
(Microsoft Corporation) F:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) F:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) F:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) F:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) F:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) F:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) F:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) F:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\LCore.exe
() F:\Program Files\Ditto\Ditto.exe
(Google) F:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() F:\Program Files (x86)\puush\puush.exe
(Code 42 Software, Inc.) F:\Program Files\CrashPlan\CrashPlanTray.exe
(Advanced Micro Devices Inc.) F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) F:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) F:\Windows\SysWOW64\rundll32.exe
(Elaborate Bytes AG) F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google) F:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CANON INC.) F:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) F:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
() F:\Program Files (x86)\Launchy\Launchy.exe
(Microsoft Corporation) F:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) F:\Program Files\iPod\bin\iPodService.exe
() F:\Program Files\ToggleHiddenFiles\ToggleHiddenFiles.exe
(Spotify Ltd) F:\Users\Mike\AppData\Roaming\Spotify\spotify.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) F:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
() F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ATI Technologies Inc.) F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) F:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) F:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => F:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => F:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => F:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [AdobeCEPServiceManager] => F:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => F:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [Ditto] => F:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [GoogleDriveSync] => F:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [GoogleChromeAutoLaunch_AA1026B0738EB23C9D4A63B50E2DCCE0] => F:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [Spotify Web Helper] => F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [Spotify] => F:\Users\Mike\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Run: [puush] => F:\Program Files (x86)\puush\puush.exe [567880 2014-11-01] ()
Startup: F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> F:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> F:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: F:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> F:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: F:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> F:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: F:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.lnk
ShortcutTarget: ToggleHiddenFiles.lnk -> F:\Program Files\ToggleHiddenFiles\ToggleHiddenFiles.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - F:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> F:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> F:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> F:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> F:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> F:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> F:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> F:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> F:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3208782842-3415386057-1389697709-1000: wacom.com/WacomTabletPlugin -> F:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: HTTPS-Everywhere - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\https-everywhere@eff.org [2014-11-22]
FF Extension: DownloadHelper - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-16]
FF Extension: AutoPager - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\autopager@mozilla.org.xpi [2014-04-20]
FF Extension: Ghostery - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\firefox@ghostery.com.xpi [2014-04-20]
FF Extension: PriceBlink - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\info@priceblink.com.xpi [2014-04-20]
FF Extension: Reddit Enhancement Suite - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-20]
FF Extension: Locationbar&#178; - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\locationbar2@design-noir.de.xpi [2014-04-20]
FF Extension: Fox To Phone - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\sendtophone@martinezdelizarrondo.com.xpi [2014-04-20]
FF Extension: Session Manager - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-04-20]
FF Extension: NoScript - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-20]
FF Extension: FireFTP - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-04-20]
FF Extension: Search by Image for Google - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2014-04-20]
FF Extension: Adblock Plus - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-20]
FF Extension: Download Statusbar - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-04-20]
FF Extension: Tab Mix Plus - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-20]
FF Extension: Greasemonkey - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lnlkirks.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-20]
FF Extension: No Name - F:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r6zx8yuf.Other Acct\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-04-20]
 
Chrome: 
=======
CHR Profile: F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Adblock Plus) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-27]
CHR Extension: (Image Downloader) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-09-26]
CHR Extension: (Google Search) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (Video Download Helper) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-10-23]
CHR Extension: (Google Wallet) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR Profile: F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Honey) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-03-23]
CHR Extension: (Adblock Plus) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-27]
CHR Extension: (Google Search) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (Session Buddy) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-01-27]
CHR Extension: (Tabs Outliner) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-01-27]
CHR Extension: (The Camelizer - Amazon Price Tracker) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2014-11-06]
CHR Extension: (Pin It Button) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-02-16]
CHR Extension: (Search Tab in Chrome's Omnibox) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcadgemecbojhfgpnbgakadhbmibflnd [2014-06-29]
CHR Extension: (Google Wallet) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Google Chrome to Phone Extension) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-07-19]
CHR Extension: (Gmail) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR Profile: F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.backup2
CHR Extension: (Session Buddy) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.backup2\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-03-23]
CHR Extension: (Google Wallet) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.backup2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Profile: F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken
CHR Extension: (Google Docs) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Search Plus) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\cdpohbejnbclggljmoijjcpdhbaaijfm [2014-03-23]
CHR Extension: (Adblock Plus) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-23]
CHR Extension: (Google Search) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (Session Buddy) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-03-23]
CHR Extension: (Tabs Outliner) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-23]
CHR Extension: (Search Tab in Chrome's Omnibox) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\jcadgemecbojhfgpnbgakadhbmibflnd [2014-03-23]
CHR Extension: (Google Wallet) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1.tabsoutlinerbroken\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR Profile: F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Google Search) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (Tabs Outliner) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-23]
CHR Extension: (Google Wallet) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - F:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - F:\Users\Mike\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CrashPlanService; F:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-19] (Code 42 Software) [File not signed]
S3 Creative Audio Engine Licensing Service; F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; F:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-27] (SurfRight B.V.)
R2 mi-raysat_3dsmax2014_64; F:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R2 MsMpSvc; f:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; f:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 UsbClientService; F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-01-22] ()
R2 WTabletServicePro; F:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; F:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; F:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 WIBUKEY; F:\Windows\System32\DRIVERS\WibuKey64.sys [105008 2014-03-25] (WIBU-SYSTEMS AG)
S3 catchme; \??\F:\ComboFix\catchme.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 22:01 - 2014-12-14 22:01 - 00003758 _____ () F:\Windows\System32\Tasks\AutoKMS
2014-12-14 21:37 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) F:\Windows\system32\mf.dll
2014-12-14 21:37 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mf.dll
2014-12-14 21:37 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) F:\Windows\system32\mfps.dll
2014-12-14 21:37 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) F:\Windows\system32\rrinstaller.exe
2014-12-14 21:37 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) F:\Windows\system32\mfpmp.exe
2014-12-14 21:37 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) F:\Windows\system32\mferror.dll
2014-12-14 21:37 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mfps.dll
2014-12-14 21:37 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) F:\Windows\SysWOW64\rrinstaller.exe
2014-12-14 21:37 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mfpmp.exe
2014-12-14 21:37 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mferror.dll
2014-12-14 21:11 - 2014-12-14 22:11 - 00000000 ____D () F:\FRST
2014-12-13 15:12 - 2014-12-13 19:18 - 00020841 _____ () F:\Users\Mike\Desktop\dds.txt
2014-12-13 15:12 - 2014-12-13 19:17 - 00010677 _____ () F:\Users\Mike\Desktop\attach.txt
2014-12-09 10:52 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) F:\Windows\system32\iedkcs32.dll
2014-12-09 10:52 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 10:52 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) F:\Windows\system32\mshtml.dll
2014-12-09 10:52 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) F:\Windows\system32\mshtml.tlb
2014-12-09 10:52 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) F:\Windows\system32\ieetwcollectorres.dll
2014-12-09 10:52 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) F:\Windows\system32\vbscript.dll
2014-12-09 10:52 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) F:\Windows\system32\iesetup.dll
2014-12-09 10:52 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) F:\Windows\system32\iertutil.dll
2014-12-09 10:52 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) F:\Windows\system32\ieetwproxystub.dll
2014-12-09 10:52 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) F:\Windows\system32\MshtmlDac.dll
2014-12-09 10:52 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) F:\Windows\system32\jsproxy.dll
2014-12-09 10:52 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) F:\Windows\system32\iernonce.dll
2014-12-09 10:52 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) F:\Windows\system32\ieui.dll
2014-12-09 10:52 - 2014-11-21 18:35 - 00144384 _____ (Microsoft Corporation) F:\Windows\system32\ieUnatt.exe
2014-12-09 10:52 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) F:\Windows\system32\ieetwcollector.exe
2014-12-09 10:52 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) F:\Windows\system32\jscript9.dll
2014-12-09 10:52 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) F:\Windows\system32\jscript9diag.dll
2014-12-09 10:52 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) F:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 10:52 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtml.dll
2014-12-09 10:52 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) F:\Windows\system32\dxtmsft.dll
2014-12-09 10:52 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtml.tlb
2014-12-09 10:52 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) F:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 10:52 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) F:\Windows\system32\msrating.dll
2014-12-09 10:52 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) F:\Windows\system32\mshtmled.dll
2014-12-09 10:52 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) F:\Windows\SysWOW64\vbscript.dll
2014-12-09 10:52 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iesetup.dll
2014-12-09 10:52 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 10:52 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) F:\Windows\system32\dxtrans.dll
2014-12-09 10:52 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) F:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 10:52 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iertutil.dll
2014-12-09 10:52 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) F:\Windows\SysWOW64\jsproxy.dll
2014-12-09 10:52 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iernonce.dll
2014-12-09 10:52 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieui.dll
2014-12-09 10:52 - 2014-11-21 17:55 - 00115712 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 10:52 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) F:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 10:52 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) F:\Windows\system32\msfeeds.dll
2014-12-09 10:52 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) F:\Windows\system32\ie4uinit.exe
2014-12-09 10:52 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) F:\Windows\system32\mshtmlmedia.dll
2014-12-09 10:52 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) F:\Windows\system32\inetcpl.cpl
2014-12-09 10:52 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) F:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 10:52 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) F:\Windows\system32\ieframe.dll
2014-12-09 10:52 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) F:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 10:52 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msrating.dll
2014-12-09 10:52 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtmled.dll
2014-12-09 10:52 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) F:\Windows\SysWOW64\dxtrans.dll
2014-12-09 10:52 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) F:\Windows\SysWOW64\jscript9.dll
2014-12-09 10:52 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) F:\Windows\system32\wininet.dll
2014-12-09 10:52 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msfeeds.dll
2014-12-09 10:52 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) F:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 10:52 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 10:52 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) F:\Windows\system32\urlmon.dll
2014-12-09 10:52 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieframe.dll
2014-12-09 10:52 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) F:\Windows\system32\ieapfltr.dll
2014-12-09 10:52 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) F:\Windows\SysWOW64\wininet.dll
2014-12-09 10:52 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) F:\Windows\SysWOW64\urlmon.dll
2014-12-09 10:52 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 10:52 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) F:\Windows\system32\WindowsCodecs.dll
2014-12-09 10:52 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 10:52 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\tdx.sys
2014-12-09 10:52 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) F:\Windows\system32\tzres.dll
2014-12-09 10:52 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) F:\Windows\SysWOW64\tzres.dll
2014-12-09 10:52 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) F:\Windows\system32\charmap.exe
2014-12-09 10:52 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) F:\Windows\SysWOW64\charmap.exe
2014-12-09 10:52 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) F:\Windows\system32\WsmSvc.dll
2014-12-09 10:52 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) F:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 10:52 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) F:\Windows\system32\WsmWmiPl.dll
2014-12-09 10:52 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) F:\Windows\system32\WsmAuto.dll
2014-12-09 10:52 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) F:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 10:52 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 10:52 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 10:52 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 10:52 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 10:52 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) F:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-06 18:40 - 2014-12-06 18:40 - 24883240 _____ () F:\Users\Mike\Desktop\fem5_clay.PSD
2014-12-06 18:27 - 2014-12-06 18:27 - 24883240 _____ () F:\Users\Mike\Desktop\fem5_base.PSD
2014-12-06 15:19 - 2014-12-06 15:19 - 00000000 ____D () F:\Users\Mike\AppData\Local\TechSmith
2014-12-05 19:56 - 2014-12-05 19:57 - 19485633 _____ () F:\Users\Mike\Desktop\fem5_alt_comp.psd
2014-12-04 21:13 - 2014-12-04 21:13 - 00642431 _____ () F:\Users\Mike\Desktop\disp.psd
2014-12-03 22:35 - 2014-12-04 21:17 - 19909920 _____ () F:\Users\Mike\Desktop\comp_001-small.psd
2014-12-03 21:59 - 2014-12-05 19:56 - 145511485 _____ () F:\Users\Mike\Desktop\comp_001.psd
2014-11-30 15:32 - 2014-11-30 15:32 - 04818588 _____ () F:\Users\Mike\Desktop\BPR_Shadow.PSD
2014-11-30 15:31 - 2014-12-03 21:58 - 117870819 _____ () F:\Users\Mike\Desktop\BPR_Render.PSD
2014-11-30 15:31 - 2014-11-30 15:31 - 09637136 _____ () F:\Users\Mike\Desktop\BPR_Depth.PSD
2014-11-30 15:31 - 2014-11-30 15:31 - 04818588 _____ () F:\Users\Mike\Desktop\BPR_Mask.PSD
2014-11-30 15:29 - 2014-11-30 15:29 - 14455684 _____ () F:\Users\Mike\Desktop\test_renderoutline.PSD
2014-11-30 15:28 - 2014-11-30 15:28 - 14455684 _____ () F:\Users\Mike\Desktop\test_render2.PSD
2014-11-30 15:04 - 2014-11-30 15:04 - 14455684 _____ () F:\Users\Mike\Desktop\test_render.PSD
2014-11-27 11:40 - 2014-11-27 11:40 - 00001908 _____ () F:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 11:40 - 2014-11-27 11:40 - 00000000 ____D () F:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-27 11:40 - 2014-11-27 11:40 - 00000000 ____D () F:\Program Files\HitmanPro
2014-11-27 11:35 - 2014-11-27 11:49 - 00000000 ____D () F:\ProgramData\HitmanPro
2014-11-27 11:23 - 2014-11-27 11:24 - 00129752 _____ (Malwarebytes Corporation) F:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 11:23 - 2014-11-27 11:23 - 00000000 ____D () F:\Users\Mike\AppData\Roaming\Malwarebytes
2014-11-27 11:23 - 2014-11-27 11:23 - 00000000 ____D () F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 11:23 - 2014-11-27 11:23 - 00000000 ____D () F:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 11:23 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) F:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 11:23 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) F:\Windows\system32\Drivers\mwac.sys
2014-11-27 11:22 - 2014-11-27 11:22 - 00002112 _____ () F:\Users\Mike\Desktop\Rkill.txt
2014-11-27 10:38 - 2014-11-27 10:38 - 00024805 _____ () F:\ComboFix.txt
2014-11-27 10:05 - 2011-06-25 22:45 - 00256000 _____ () F:\Windows\PEV.exe
2014-11-27 10:05 - 2010-11-07 09:20 - 00208896 _____ () F:\Windows\MBR.exe
2014-11-27 10:05 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) F:\Windows\NIRCMD.exe
2014-11-27 10:05 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) F:\Windows\SWREG.exe
2014-11-27 10:05 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) F:\Windows\SWSC.exe
2014-11-27 10:05 - 2000-08-30 16:00 - 00098816 _____ () F:\Windows\sed.exe
2014-11-27 10:05 - 2000-08-30 16:00 - 00080412 _____ () F:\Windows\grep.exe
2014-11-27 10:05 - 2000-08-30 16:00 - 00068096 _____ () F:\Windows\zip.exe
2014-11-27 10:00 - 2014-11-27 10:38 - 00000000 ____D () F:\Qoobox
2014-11-27 09:59 - 2014-11-27 10:37 - 00000000 ____D () F:\Windows\erdnt
2014-11-27 09:09 - 2014-11-27 09:11 - 00000029 _____ () F:\Users\Mike\Desktop\Kill Photoshop.bat
2014-11-27 08:49 - 2014-03-23 17:46 - 00000026 _____ () F:\Users\Mike\Desktop\Kill Chrome - Copy.bat
2014-11-25 22:24 - 2014-12-10 06:24 - 03981488 _____ (Adobe Systems Incorporated) F:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) F:\Windows\SysWOW64\FM20.DLL
2014-11-18 20:45 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) F:\Windows\system32\kerberos.dll
2014-11-18 20:45 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) F:\Windows\system32\pku2u.dll
2014-11-18 20:45 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) F:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:45 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) F:\Windows\SysWOW64\pku2u.dll
2014-11-18 20:45 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\ksecpkg.sys
2014-11-18 20:45 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) F:\Windows\system32\lsasrv.dll
2014-11-18 20:45 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) F:\Windows\SysWOW64\secur32.dll
2014-11-18 20:45 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) F:\Windows\SysWOW64\sspicli.dll
2014-11-16 17:41 - 2014-11-16 17:41 - 00000000 ____D () F:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 22:11 - 2014-03-23 18:38 - 00000000 ____D () F:\Users\Mike\Downloads\Chrome
2014-12-14 22:10 - 2014-03-23 20:55 - 00000000 ____D () F:\Users\Mike\AppData\Roaming\Ditto
2014-12-14 22:05 - 2009-07-13 20:45 - 00013776 ____H () F:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 22:05 - 2009-07-13 20:45 - 00013776 ____H () F:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 22:03 - 2014-03-23 12:43 - 01695289 _____ () F:\Windows\WindowsUpdate.log
2014-12-14 22:01 - 2009-07-13 21:13 - 00802782 _____ () F:\Windows\system32\PerfStringBackup.INI
2014-12-14 21:59 - 2014-03-23 14:33 - 00000000 ____D () F:\Users\Mike\AppData\Roaming\Spotify
2014-12-14 21:58 - 2014-03-23 13:09 - 00000894 _____ () F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 21:56 - 2014-03-23 13:08 - 00112720 _____ () F:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 21:56 - 2009-07-13 20:45 - 05100368 _____ () F:\Windows\system32\FNTCACHE.DAT
2014-12-14 21:55 - 2009-07-13 21:08 - 00000006 ____H () F:\Windows\Tasks\SA.DAT
2014-12-14 21:55 - 2009-07-13 20:51 - 00041447 _____ () F:\Windows\setupact.log
2014-12-14 21:52 - 2014-03-23 13:18 - 00056604 _____ () F:\Windows\PFRO.log
2014-12-14 21:52 - 2009-07-13 19:20 - 00000000 ____D () F:\Windows\PolicyDefinitions
2014-12-14 21:40 - 2014-03-23 17:02 - 00000000 ____D () F:\ProgramData\Microsoft Help
2014-12-14 21:25 - 2014-03-23 22:32 - 00000000 ____D () F:\ProgramData\Temp
2014-12-14 21:24 - 2014-07-06 09:54 - 00000830 _____ () F:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 20:45 - 2014-03-23 13:09 - 00000898 _____ () F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 16:16 - 2014-06-28 19:13 - 00000000 ____D () F:\Users\Mike\AppData\Local\Spotify
2014-12-14 02:01 - 2014-05-30 18:57 - 00000000 ____D () F:\Program Files\CrashPlan
2014-12-14 02:00 - 2014-03-23 19:57 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume C Task.job
2014-12-13 02:00 - 2014-03-23 16:34 - 00000000 ____D () F:\Users\Mike\AppData\Local\Adobe
2014-12-12 03:00 - 2014-03-23 19:59 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume L Task.job
2014-12-11 03:00 - 2014-03-23 19:59 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume K Task.job
2014-12-10 06:24 - 2014-07-06 09:54 - 00701104 _____ (Adobe Systems Incorporated) F:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 06:24 - 2014-07-06 09:54 - 00071344 _____ (Adobe Systems Incorporated) F:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 06:24 - 2014-07-06 09:54 - 00003768 _____ () F:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 04:54 - 2014-03-23 19:59 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume H Task.job
2014-12-09 22:03 - 2014-03-23 23:29 - 00000000 ____D () F:\Users\Mike\AppData\Roaming\vlc
2014-12-09 02:00 - 2014-03-23 19:59 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume G Task.job
2014-12-08 07:37 - 2014-03-23 19:59 - 00000402 _____ () F:\Windows\Tasks\Defraggler Volume F Task.job
2014-12-04 20:44 - 2014-10-23 20:38 - 00000000 ____D () F:\Users\Mike\AppData\Local\CrashDumps
2014-11-27 11:23 - 2014-03-23 14:36 - 00000000 ____D () F:\ProgramData\Malwarebytes
2014-11-27 11:23 - 2014-03-23 14:36 - 00000000 ____D () F:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-27 10:38 - 2009-07-13 19:20 - 00000000 __RHD () F:\Users\Default
2014-11-27 10:35 - 2009-07-13 18:34 - 00000215 _____ () F:\Windows\system.ini
2014-11-27 10:24 - 2014-03-23 14:30 - 00000000 ____D () F:\Program Files (x86)\Mozilla Maintenance Service
2014-11-27 10:04 - 2014-03-23 14:37 - 00000000 ____D () F:\ProgramData\Spybot - Search & Destroy
2014-11-15 13:29 - 2014-08-11 00:03 - 00000000 ____D () F:\ProgramData\boost_interprocess
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
F:\Windows\System32\winlogon.exe => File is digitally signed
F:\Windows\System32\wininit.exe => File is digitally signed
F:\Windows\SysWOW64\wininit.exe => File is digitally signed
F:\Windows\explorer.exe => File is digitally signed
F:\Windows\SysWOW64\explorer.exe => File is digitally signed
F:\Windows\System32\svchost.exe => File is digitally signed
F:\Windows\SysWOW64\svchost.exe => File is digitally signed
F:\Windows\System32\services.exe => File is digitally signed
F:\Windows\System32\User32.dll => File is digitally signed
F:\Windows\SysWOW64\User32.dll => File is digitally signed
F:\Windows\System32\userinit.exe => File is digitally signed
F:\Windows\SysWOW64\userinit.exe => File is digitally signed
F:\Windows\System32\rpcss.dll => File is digitally signed
F:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 02:36
 
==================== End Of Log ============================

Attached Files


Edited by MikeJensen, 15 December 2014 - 01:28 AM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 15 December 2014 - 10:55 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 16 December 2014 - 12:56 AM

My computer was trying to reboot, but was taking forever, so I hard-rebooted it. Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Mike at 2014-12-15 21:30:06 Run:1
Running from F:\Users\Mike\Downloads\Chrome
Loaded Profile: Mike (Available profiles: Mike)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 5.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 16 December 2014 - 11:49 AM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • MBAR log(s)
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 19 December 2014 - 03:08 PM

Thanks! Here's the mbar-log. I'll attach the system log and the combofix log:

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
 
Database version: v2014.12.16.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Mike :: MIKE-PC [administrator]
 
12/16/2014 7:37:08 PM
mbar-log-2014-12-16 (19-37-08).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 389159
Time elapsed: 33 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

Attached Files



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 19 December 2014 - 11:12 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:
  • adwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 26 December 2014 - 06:27 PM

Sorry for taking so long to respond! Here's my log:

 

# AdwCleaner v4.106 - Report created 26/12/2014 at 12:22:46
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mike - MIKE-PC
# Running from : F:\Users\Mike\Downloads\Chrome\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\APN PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[cyiao86x.third] - Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[cyiao86x.third] - Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [924 octets] - [26/12/2014 12:22:46]
 
########## EOF - F:\AdwCleaner\AdwCleaner[R0].txt - [983 octets] ##########


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 26 December 2014 - 11:24 PM

How is your computer running now?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 January 2015 - 02:25 PM

Hey!

 

I'm having to rerun the ESET scanner, because my computer had another dllhost event, and didn't have enough memory to run anything, so I had to reboot. It's odd the events are intermittent. The second one I had was when I first started this thread, then my computer has been fine up until this point. I tried to see if some of the processes were running from other exe files, but they all pointed to the same dllhost.exe.  Last night I had some 8590 processes running, then when I checked again a few minutes later, it was 8603, so the number was constantly rising. 

 

I'll reply with the ESET log once it finishes.



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 04 January 2015 - 12:03 AM

If you are still having issues with dllhost events, disregard the ESET log and run a new scan with FRST for me and post that log instead.  If you have already run the ESET scan go ahead and post the log.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 04 January 2015 - 06:40 PM

Here's the ESET log. I'll post the new FRST once it's finished:

EDIT -- One thing i forgot to mention last time is that while the dllhost even was happening last time,  I quickly tried creating a batch file containing:

taskkill /F /IM dllhost.exe

 

For several of the tasks, it said unable to end process, and for many more it said that it was ending the processes. But I don't think it actually ended any processes cause the process number in the task manager only went up, not down.

 

ESET log:

 

C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\ProgramData\InstallMate\{1B56A65F-C91E-4BA4-A94F-813CC0B584A9}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{1B56A65F-C91E-4BA4-A94F-813CC0B584A9}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7d4aacff-2a7316e6 multiple threats
C:\Users\Mike\Downloads\ROWENTA DX1700 EFFECTIVE user guide provided through mypdfmanuals.com.exe a variant of Win32/GetNow.B potentially unwanted application
C:\Windows\Installer\{4e7c2758-9578-bbf9-29ee-7a07ece6eed6}\U\00000001.@ Win64/Conedex.G trojan
C:\Windows\Installer\{4e7c2758-9578-bbf9-29ee-7a07ece6eed6}\U\80000000.@ Win64/Sirefef.AL trojan
C:\Windows\Installer\{4e7c2758-9578-bbf9-29ee-7a07ece6eed6}\U\800000cb.@ Win64/Sirefef.AH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\banner_frameCAVLVXZZ.php HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\click[2].js JS/Iframe.FR trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\index2[10].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\index2[11].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\main[3].htm JS/Kryptik.VM trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\main[5].htm JS/Kryptik.PH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\main[6].htm JS/Kryptik.PH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\menshealthbase_passback_300x250[8].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\mx_nan_a[1].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\mx_nan_a[2].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\platotv_com[6].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\platotv_com[7].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\qatestpub2_com[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\qatestpub2_com[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\qatestpub2_com[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\sCA1IFUII.htm JS/Kryptik.VL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\sCA8GYXXK.htm JS/Kryptik.VL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\sCAA8QSWO.htm JS/Kryptik.VL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\sCADAKXGC.htm JS/Kryptik.VL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\sCAGVYN6M.htm JS/Kryptik.VL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00V2HWLH\womenshealthbase_passback_300x250[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGQRRA6\q[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGQRRA6\rcpsetup_adgorithms_728_90_ag_1[1].exe a variant of Win32/Systweak potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGQRRA6\search_result[3].php HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\dvyrysxzypbuj[1].pdf JS/Exploit.Pdfka.PGF.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\iframe3CACGJXXH.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\iframe3CAP3PB4X.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\index[1].php HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\menshealthbase_passback_300x250[8].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\mx_nan_a[1].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\mx_nan_a[2].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\platotv_com[8].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\platotv_com[9].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250CA1080G3.htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250CALE743B.htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[10].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[11].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[8].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TDU3M6M\womenshealthbase_passback_300x250[9].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\banner_frame[1].php HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\firstload_com[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\iframe3CAPT3SVS.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\mx_nan_a[1].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\mx_nan_a[2].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\mx_nan_a[3].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\mx_nan_a[4].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[10].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[11].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[8].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\qatestpub2_com[9].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\q[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\908FWBVF\womenshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG7DX5GS\iframe3CAM1XIVZ.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\firstload_com[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\iframe3CA7SE4VB.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\iframe3CASQGLM8.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\index1[3].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[7].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[8].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\menshealthbase_passback_300x250[9].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\mx_nan_a[1].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\platotv_com[7].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\platotv_com[8].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[3].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[4].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[5].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\qatestpub2_com[6].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\q[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\q[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\q[3].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\setup[1].exe a variant of Win32/Kryptik.AIFB trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\womenshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6CO21L4\womenshealthbase_passback_300x250[2].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1GKPP9B\firstload_com[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1GKPP9B\index7[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1GKPP9B\womenshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\firstload_com[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\iframe3CALB6K1C.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\mx_nan_a[1].txt HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\platotv_com[7].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\q[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ609HMU\showbannerCA8ZVH5K.php HTML/ScrInject.B.Gen virus
F:\Users\Mike\Downloads\Chrome\FileZilla_3.9.0.5_win32-setup.exe a variant of Win32/InstallCore.UQ potentially unwanted application
F:\Users\Mike\Downloads\Chrome\FreeFileSync_6.5_Windows_Setup.exe Win32/OpenCandy potentially unsafe application

Edited by MikeJensen, 04 January 2015 - 06:49 PM.


#14 MikeJensen

MikeJensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 04 January 2015 - 07:08 PM

New FRST scan with Addition text file attached:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Mike at 2015-01-04 15:52:37
Running from F:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
3dem (HKLM-x32\...\{635C3D63-D901-4119-9AD2-852D10DCB937}) (Version: 20.7 - Visualization Software LLC)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AdExDbManager (HKLM\...\{41266321-E469-44A1-A115-CAA7184BBE30}) (Version: 0.0.5.0 - Autodesk)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Agisoft Lens (HKLM\...\{8D6021AA-3AAB-495A-B56A-74173A03C052}) (Version: 0.4.1 - Agisoft)
Agisoft PhotoScan Professional (HKLM\...\{E6452FA8-90ED-4BCF-8285-79FEDDE63B9B}) (Version: 1.0.4 - Agisoft)
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Fusion 360 (HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.1193 - Autodesk, Inc.)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Mudbox 2014 Extension (HKLM\...\Autodesk Mudbox 2014 Extension) (Version: 8.1.0.164 - Autodesk)
Autodesk Mudbox 2014 Extension (Version: 8.1.0.164 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series User Registration (HKLM-x32\...\Canon MX450 series User Registration) (Version:  - ‭Canon Inc.)
Canon Pro9000 II series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CINEMA 4D 15.008 (HKLM\...\MAXONBF46CC41) (Version: 15.008 - MAXON Computer GmbH)
CrashPlan (HKLM\...\{056FE336-5B2D-44A8-B013-EBF0343B0DC5}) (Version: 3.6.3 - Code 42 Software)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Cura 14.07 (HKLM-x32\...\Cura_14.07) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
FWTools 2.4.7 (HKLM-x32\...\FWTools247) (Version:  - )
GLIntercept 0.5 (HKLM-x32\...\GLIntercept_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
headus UVLayout v2 Professional (HKLM-x32\...\{A1086DA0-903E-4DEA-A83F-6317923CC63D}) (Version: 2.08.01 - headus)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
IcoFX 2.6 (HKLM-x32\...\IcoFX 2_is1) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Meshmixer (HKLM\...\Meshmixer_x64) (Version:  - )
MICRODEM Freeware GIS (HKLM-x32\...\{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}) (Version: 12.2.2010 - Petmar Triilobite Breeding Ranch)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OnTopReplica (HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Silhouette Studio (HKLM-x32\...\{36FB379E-8578-4987-B72E-68FBBCDD1CD2}) (Version: 3.1.417 - Silhouette America)
Spotify (HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
V-Ray for 3dsmax 2014 for x64 (HKLM\...\V-Ray for 3dsmax 2014 for x64) (Version: 3.00.03 - Chaos Software Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.11 of 2013-Feb-27 (Build 1057) (Setup) - WIBU-SYSTEMS AG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-3208782842-3415386057-1389697709-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
xNormal 3.18.7 (HKLM\...\xNormal 3.18.7) (Version:  - Santiago Orgaz)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3208782842-3415386057-1389697709-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> F:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3208782842-3415386057-1389697709-1000_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> F:\Users\Mike\AppData\Local\Autodesk\webdeploy\production\c826d0c70b9d03adf76bc3607c560dd99b02534e\NPreview10.dll ()
 
==================== Restore Points  =========================
 
30-12-2014 00:00:02 Scheduled Checkpoint
31-12-2014 23:07:45 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-12-16 23:14 - 00000027 ____A F:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00B2522F-2AFD-4624-9EDB-F435E04A9AD1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D850433-EE60-456D-B732-68D404A10976} - System32\Tasks\Adobe Acrobat Update Task => F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1BC6E8FF-155B-4149-B849-90A390309C42} - System32\Tasks\Defraggler Volume L Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {2539F346-9B38-48CB-9ECA-1DFD606BBC79} - System32\Tasks\Defraggler Volume K Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {361ABFFA-9B02-42D5-8487-87568A92F262} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => F:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {37EC97EE-D2A1-4F20-9078-9A38DC2D2514} - System32\Tasks\AdobeAAMUpdater-1.0-Mike-PC-Mike => F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {48573EB1-9B85-44AC-80DB-1C13FCD0D185} - System32\Tasks\Defraggler Volume H Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {4E78F60A-95B3-4DD4-8338-1E0BA30FD56A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => F:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4F456F0B-BE24-419C-B793-79F3B7AF4E02} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {4F78BE1C-14D0-4893-9751-7AC61A6E3BD3} - System32\Tasks\Defraggler Volume C Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {A6A2C69A-F250-42F8-8B00-DC79871A9717} - System32\Tasks\AutoKMS => F:\Windows\AutoKMS\AutoKMS.exe [2014-03-23] ()
Task: {B0BF63D4-E9F9-4700-918A-FBF2B4C83CCC} - System32\Tasks\Adobe Flash Player Updater => F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {B16285F9-E41D-419B-BC81-3DA9AFCBBFB9} - System32\Tasks\Apple\AppleSoftwareUpdate => F:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6578C3A-AB25-45D4-9C0A-44E203F6FEFD} - System32\Tasks\Defraggler Volume F Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {D9EED92B-90D8-4729-83C7-F242CAB87A68} - System32\Tasks\Defraggler Volume G Task => F:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {DB1F0D68-F3DD-4DC4-BB2D-C37F64D6CB66} - System32\Tasks\GoogleUpdateTaskMachineUA => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {E3600D68-DCC5-4508-B00E-F72C979DC1F2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => F:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {FF462318-1734-4A91-82D4-E5A03FEF7129} - System32\Tasks\GoogleUpdateTaskMachineCore => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: F:\Windows\Tasks\Adobe Flash Player Updater.job => F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: F:\Windows\Tasks\Defraggler Volume C Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\Defraggler Volume F Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\Defraggler Volume G Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\Defraggler Volume H Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\Defraggler Volume K Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\Defraggler Volume L Task.job => F:\Program Files\Defraggler\df64.exe
Task: F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-19 15:17 - 2014-02-19 15:17 - 00014848 _____ () F:\Program Files\CrashPlan\md564.dll
2014-11-08 21:52 - 2014-11-08 21:52 - 00230400 _____ () F:\Program Files\CrashPlan\cpnative64.dll
2011-09-14 20:19 - 2011-09-14 20:19 - 00086016 _____ () F:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2014-01-22 18:53 - 2014-01-22 18:53 - 00248736 _____ () F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () F:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () F:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 06:42 - 2010-01-02 06:42 - 00098304 _____ () F:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-23 21:19 - 2012-11-08 19:17 - 01717872 _____ () F:\Program Files\Ditto\Ditto.exe
2014-03-23 19:46 - 2013-02-08 10:37 - 01185080 _____ () F:\Program Files\Tablet\Wacom\libxml2.dll
2012-01-10 13:41 - 2014-11-01 16:58 - 00567880 _____ () F:\Program Files (x86)\puush\puush.exe
2014-03-23 14:31 - 2010-04-03 13:05 - 00380928 _____ () F:\Program Files (x86)\Launchy\Launchy.exe
2008-11-04 22:33 - 2014-03-23 15:45 - 00307673 _____ () F:\Program Files\ToggleHiddenFiles\ToggleHiddenFiles.exe
2014-03-23 14:33 - 2014-12-14 21:57 - 00374840 _____ () F:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () F:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () F:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-28 01:35 - 2014-03-28 01:35 - 00093696 _____ () F:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () F:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () F:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-23 14:33 - 2014-12-14 21:57 - 36966968 _____ () F:\Users\Mike\AppData\Roaming\Spotify\Data\libcef.dll
2014-03-23 14:31 - 2009-12-16 22:13 - 08314880 _____ () F:\Program Files (x86)\Launchy\QtGui4.dll
2014-03-23 14:31 - 2009-12-16 21:54 - 02236416 _____ () F:\Program Files (x86)\Launchy\QtCore4.dll
2014-03-23 14:31 - 2009-12-16 21:56 - 00712704 _____ () F:\Program Files (x86)\Launchy\QtNetwork4.dll
2014-03-23 14:31 - 2009-12-17 00:18 - 00233472 _____ () F:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2014-03-23 14:31 - 2010-04-03 13:06 - 00081920 _____ () F:\Program Files (x86)\Launchy\plugins\calcy.dll
2014-03-23 14:31 - 2010-04-03 13:05 - 00090112 _____ () F:\Program Files (x86)\Launchy\plugins\controly.dll
2014-03-23 14:31 - 2010-04-03 13:06 - 00024064 _____ () F:\Program Files (x86)\Launchy\plugins\gcalc.dll
2014-03-23 14:31 - 2010-04-03 13:06 - 00094208 _____ () F:\Program Files (x86)\Launchy\plugins\runner.dll
2014-03-23 14:31 - 2010-04-03 13:05 - 00057344 _____ () F:\Program Files (x86)\Launchy\plugins\verby.dll
2014-03-23 14:31 - 2010-04-03 13:05 - 00122880 _____ () F:\Program Files (x86)\Launchy\plugins\weby.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () F:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-03-23 14:37 - 2013-05-16 09:55 - 00113496 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-23 14:37 - 2013-05-16 09:55 - 00416600 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-12 03:49 - 2014-12-05 17:50 - 01077064 _____ () F:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 03:49 - 2014-12-05 17:50 - 00211272 _____ () F:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-03-23 15:08 - 2009-02-06 17:52 - 00073728 _____ () F:\Windows\SysWOW64\CmdRtr.DLL
2014-03-23 15:08 - 2009-03-26 13:46 - 00148480 _____ () F:\Windows\SysWOW64\APOMngr.DLL
2014-12-12 03:49 - 2014-12-05 17:50 - 09009480 _____ () F:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 03:49 - 2014-12-05 17:50 - 01677128 _____ () F:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-02 18:15 - 2015-01-02 18:15 - 00098816 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32api.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00110080 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\pywintypes27.dll
2015-01-02 18:15 - 2015-01-02 18:15 - 00364544 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\pythoncom27.dll
2015-01-02 18:15 - 2015-01-02 18:15 - 00045568 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_socket.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 01160704 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_ssl.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00320512 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32com.shell.shell.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00713216 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_hashlib.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 01175040 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._core_.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00805888 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._gdi_.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00811008 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._windows_.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 01062400 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._controls_.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00735232 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._misc_.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00128512 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_elementtree.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00127488 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\pyexpat.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00557056 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\pysqlite2._sqlite.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00087552 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_ctypes.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00119808 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32file.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00108544 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32security.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00007168 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\hashobjs_ext.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00167936 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32gui.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00018432 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32event.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00038912 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32inet.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00011264 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32crypt.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00070656 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._html2.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00027136 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\_multiprocessing.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00035840 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32process.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00686080 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\unicodedata.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00122368 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._wizard.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00024064 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32pipe.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00025600 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32pdh.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00525640 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\windows._lib_cacheinvalidation.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00010240 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\select.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00017408 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32profile.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00022528 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\win32ts.pyd
2015-01-02 18:15 - 2015-01-02 18:15 - 00078336 _____ () F:\Users\Mike\AppData\Local\Temp\_MEI33002\wx._animate.pyd
2014-08-10 22:27 - 2014-12-14 21:57 - 00867896 _____ () F:\Users\Mike\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-03-23 14:33 - 2014-12-14 21:57 - 00886840 _____ () F:\Users\Mike\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-03-23 14:33 - 2014-12-14 21:57 - 00108600 _____ () F:\Users\Mike\AppData\Roaming\Spotify\Data\libegl.dll
2014-11-16 17:41 - 2014-11-16 17:41 - 03649648 _____ () F:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3208782842-3415386057-1389697709-500 - Administrator - Disabled)
Guest (S-1-5-21-3208782842-3415386057-1389697709-501 - Limited - Disabled)
Mike (S-1-5-21-3208782842-3415386057-1389697709-1000 - Administrator - Enabled) => F:\Users\Mike
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/04/2015 07:17:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/03/2015 00:32:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: F:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/03/2015 00:31:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/02/2015 04:33:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)
 
Error: (01/02/2015 04:33:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)
 
Error: (01/02/2015 04:30:38 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)
 
Error: (01/01/2015 00:31:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/31/2014 02:46:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume External L (L:) was not defragmented because an error was encountered: The device is not ready. (0x80070015)
 
Error: (12/31/2014 02:46:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume External K (K:) was not defragmented because an error was encountered: The device is not ready. (0x80070015)
 
Error: (12/31/2014 11:53:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume External L (L:) was not defragmented because an error was encountered: The device is not ready. (0x80070015)
 
 
System errors:
=============
Error: (01/04/2015 06:43:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.
 
Error: (01/04/2015 06:37:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error: (01/02/2015 06:03:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:00:24 PM on ‎1/‎2/‎2015 was unexpected.
 
Error: (01/02/2015 10:30:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/29/2014 02:41:37 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume F: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/22/2014 02:44:21 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume F: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/19/2014 02:50:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error: (12/16/2014 09:36:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/16/2014 09:36:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/16/2014 09:36:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\F:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (01/04/2015 07:17:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"F:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (01/03/2015 00:32:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestf:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/03/2015 00:31:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"F:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (01/02/2015 04:33:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8007000e
 
Error: (01/02/2015 04:33:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8007000e
 
Error: (01/02/2015 04:30:38 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x80070008
 
Error: (01/01/2015 00:31:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"F:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (12/31/2014 02:46:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: External L (L:)The device is not ready. (0x80070015)
 
Error: (12/31/2014 02:46:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: External K (K:)The device is not ready. (0x80070015)
 
Error: (12/31/2014 11:53:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: External L (L:)The device is not ready. (0x80070015)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-16 21:36:24.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-16 21:36:24.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-16 21:36:24.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-16 21:36:24.320
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-27 10:14:24.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-27 10:14:24.920
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 54%
Total physical RAM: 16352.11 MB
Available physical RAM: 7505.51 MB
Total Pagefile: 32702.39 MB
Available Pagefile: 25921.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows 7) (Fixed) (Total:931.41 GB) (Free:262.93 GB) NTFS
Drive d: (CANON_IJ) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive f: (New Windows) (Fixed) (Total:931.41 GB) (Free:568.95 GB) NTFS
Drive g: (Projects) (Fixed) (Total:931.51 GB) (Free:641.18 GB) NTFS
Drive h: (Overflow) (Fixed) (Total:931.51 GB) (Free:259.56 GB) NTFS
Drive k: (External K) (Fixed) (Total:1863.01 GB) (Free:1250.61 GB) NTFS
Drive l: (External L) (Fixed) (Total:1863.01 GB) (Free:1250.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C119714D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 296982BB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1340DF4A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 296982A7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 04 January 2015 - 10:56 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:
  • MBAR log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users