Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe and "Host Process for Windows Services" issues


  • This topic is locked This topic is locked
11 replies to this topic

#1 rbozzell

rbozzell

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 02 March 2015 - 08:21 PM

I have a had a few issues over the last couple of days with svchost.exe constantly accessing my disk, Windows 7 getting low on memory windows errors (referring to the need to stop host process for windows services) and Microsoft Security Essentials finding a few odd viruses which it Quarantined.  As I feared there was a deeper issue which wasn't being eradicated with the quarantines, I did the following:
- uninstalled and reinstalled MSE. 
- Ran RogueKiller which generated the following report, (including having killed two active processes one of which was svchost.exe!!!). 
 
I'm not sure what I have or how serious it is, but MSE doesn't appear to have caught it.  Help!
 
RogueKiller V10.5.0.0 [Mar  2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : The Bozzells [Administrator]
Mode : Scan -- Date : 03/02/2015  19:37:20
¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ALconnect.exe(4004) -- E:\Users\The Bozzells\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(13540) -- C:\Windows\System32\svchost.exe[7] -> Killed [TermProc]
¤¤¤ Registry : 25 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed?  : E:\Users\The Bozzells\Application Data\{0000008C-68CB-74A5-4412-196162079230}.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | ALconnect : C:\Users\Richard\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "E:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c  -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "E:\Users\Richard\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart  -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "E:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | ALconnect : C:\Users\Richard\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "E:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c  -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "E:\Users\Richard\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart  -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "E:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Windows\CurrentVersion\Run | ALconnect : E:\Users\The Bozzells\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Windows\CurrentVersion\Run | ALconnect : E:\Users\The Bozzells\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe  -> Found
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_E_29A3\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe  -> Found
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_E_29A3\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe  -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\RK_Richard_ON_E_5660\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] HP Photo Creations Messager.job -- E:\ProgramData\HP Photo Creations\MessageCheck.exe -> Found
[Suspicious.Path] \\HP Photo Creations Messager -- E:\ProgramData\HP Photo Creations\MessageCheck.exe -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA Samsung SSD 840 SCSI Disk Device +++++
--- User ---
[MBR] 79e461474f99f05697fdcce68b6516a5
[BSP] f8fda3a1c5254236d245a11a0e2bd8e2 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ATA WDC WD1002FAEX-0 SCSI Disk Device +++++
--- User ---
[MBR] ec4caf7435f99318eaf82a64cb9cef09
[BSP] 7fd1017350e23bf697d5d6122df3c380 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by Queen-Evie, 02 March 2015 - 10:01 PM.
moved from Windows 7 to Malware Removal Logs. RogueKiller logs are allowed only in MRL


BC AdBot (Login to Remove)

 


m

#2 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 02 March 2015 - 11:23 PM

The offending svchost.exe seems to be auto restarting. Once RogueKiller kills it, another one appears within a few minutes. And if I rerun Roguekiller, it will kill it again. Each time, the offending instance seems to be chewing up memory (it is grabs 1Gb within a minute of starting and keeps adding). It also appears to be establishing about 100 TCP Connections according to resource manager. I've suspended the process to try to control it for now. Any assistance would be appreciated.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 06 March 2015 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the RogueKiller tool and remove this item.

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed? : E:\Users\The Bozzells\Application Data\{0000008C-68CB-74A5-4412-196162079230}.exe -> Found
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#4 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 06 March 2015 - 04:47 PM

Thanks for the instructions. I won't be able to run them until tomorrow evening as I am away, but I wanted to let you know that my computer was little sluggish in general until I suspended the questionable process, but not unusable. As I indicated, I was getting a few "low on memory" errors which caused Windows to shut down a Host Process for Windows Services, but my guess it was auto-restarting. I also could hear a ton of disk activity and resource monitor pointed to th svchost.exe process as the culprit. I'll post the logs tomorrow evening.

#5 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 07 March 2015 - 05:16 PM

I have run the steps above. Here is the AdwCleaner log:

# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : The Bozzells - ACDC
# Running from : E:\Users\The Bozzells\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : E:\Users\The Bozzells\AppData\Local\PackageAware
Folder Deleted : E:\Users\The Bozzells\AppData\LocalLow\iac

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\deltafaucet.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.deltafaucet.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v41.0.2272.76

[E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2270 bytes] - [07/03/2015 17:04:10]
AdwCleaner[S0].txt - [2177 bytes] - [07/03/2015 17:06:17]

########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [2236 bytes] ##########

Here is the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by The Bozzells (administrator) on ACDC on 07-03-2015 17:10:38
Running from E:\Users\The Bozzells\Desktop
Loaded Profiles: The Bozzells (Available profiles: The Bozzells)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Koninklijke Philips Electronics N.V.) E:\Users\The Bozzells\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Synology Inc.) C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\Run: [ALconnect] => E:\Users\The Bozzells\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [11587584 2010-09-15] (Synology Inc.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\Run: [Google Update] => E:\Users\The Bozzells\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-13] (Google Inc.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\MountPoints2: {6791f9c7-aa12-11e3-95a3-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\MountPoints2: {6791f9c8-aa12-11e3-95a3-806e6f6e6963} - G:\Installer.exe
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\MountPoints2: {75b24cb4-aae8-11e3-9236-74d02ba3555c} - L:\LaunchU3.exe -a
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\...\MountPoints2: {ec395633-aa24-11e3-9dfa-806e6f6e6963} - F:\Bin\ASSETUP.exe
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: E:\Users\The Bozzells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: E:\Users\The Bozzells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1419972423-3273679860-2966919592-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1419972423-3273679860-2966919592-1000 -> {6739A79D-78CB-4A63-BED6-656EDCC77C7C} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us-hbr2.dbrasweb.db.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.2.5203600\npmathplugin.dll [2014-12-02] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1419972423-3273679860-2966919592-1000: @talk.google.com/GoogleTalkPlugin -> E:\Users\The Bozzells\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1419972423-3273679860-2966919592-1000: @talk.google.com/O1DPlugin -> E:\Users\The Bozzells\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1419972423-3273679860-2966919592-1000: @tools.google.com/Google Update;version=3 -> E:\Users\The Bozzells\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1419972423-3273679860-2966919592-1000: @tools.google.com/Google Update;version=9 -> E:\Users\The Bozzells\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: E:\Users\The Bozzells\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: E:\Users\The Bozzells\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)

Chrome:
=======
CHR Profile: E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Google Search) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Google Sheets) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Google Wallet) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - E:\Users\The Bozzells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [380928 2010-06-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S1 fkthdidj; \??\C:\Windows\system32\drivers\fkthdidj.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 17:10 - 2015-03-07 17:10 - 02094592 _____ (Farbar) E:\Users\The Bozzells\Desktop\FRST64.exe
2015-03-07 17:10 - 2015-03-07 17:10 - 00021485 _____ () E:\Users\The Bozzells\Desktop\FRST.txt
2015-03-07 16:59 - 2015-03-07 16:59 - 02126848 _____ () E:\Users\The Bozzells\Desktop\adwcleaner_4.111.exe
2015-03-07 16:56 - 2015-03-07 16:56 - 18732632 _____ () E:\Users\The Bozzells\Downloads\RogueKillerX64.exe
2015-03-03 22:10 - 2015-03-03 22:10 - 10427256 _____ () E:\Users\The Bozzells\Desktop\svchost.dmp
2015-03-03 21:48 - 2015-03-03 21:48 - 00000000 ____D () C:\Program Files (x86)\Process Explorer
2015-03-02 21:34 - 2015-03-02 23:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 21:34 - 2015-03-02 21:34 - 00000978 _____ () E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 21:34 - 2015-03-02 21:34 - 00000000 ____D () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 21:34 - 2015-03-02 21:34 - 00000000 ____D () E:\ProgramData\Malwarebytes
2015-03-02 21:34 - 2015-03-02 21:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-02 21:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-02 21:34 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-02 21:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-02 21:09 - 2015-03-07 17:10 - 00000000 ____D () C:\FRST
2015-03-02 19:57 - 2015-03-03 22:24 - 00000000 ____D () E:\Users\The Bozzells\AppData\Local\CrashDumps
2015-03-02 19:32 - 2015-03-07 16:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-02 19:32 - 2015-03-02 21:24 - 00000000 ____D () E:\ProgramData\RogueKiller
2015-03-02 18:01 - 2015-03-02 18:01 - 00001983 _____ () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-02 18:01 - 2015-03-02 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-02 18:01 - 2015-03-02 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-28 17:48 - 2015-03-05 00:28 - 00144091 _____ () E:\Users\The Bozzells\Documents\Master Bath Plan - 3 Gerard Ct V3.pptx
2015-02-28 13:07 - 2015-02-28 13:07 - 00122824 ____N (Intuit) E:\Users\The Bozzells\Downloads\TTCleanStates.exe
2015-02-28 10:12 - 2015-02-28 10:12 - 00002357 _____ () E:\Users\Public\Desktop\TurboTax 2014.lnk
2015-02-28 10:12 - 2015-02-28 10:12 - 00000000 ____D () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-02-27 03:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-27 03:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 19:52 - 2015-03-01 19:16 - 00016059 ____N () E:\Users\The Bozzells\Documents\Master Bath List.xlsx
2015-02-24 12:46 - 2015-02-24 12:46 - 00006656 __RSH () E:\Users\The Bozzells\AppData\Roaming\{0000008C-68CB-74A5-4412-196162079230}.exe
2015-02-23 09:51 - 2015-02-23 09:51 - 00013308 ____N () E:\Users\The Bozzells\Documents\Book1 (Autosaved).xlsx
2015-02-21 08:24 - 2015-02-21 08:24 - 00001671 _____ () E:\Users\Public\Desktop\iTunes.lnk
2015-02-21 08:24 - 2015-02-21 08:24 - 00000000 ____D () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 08:24 - 2015-02-21 08:24 - 00000000 ____D () E:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 08:24 - 2015-02-21 08:24 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 08:24 - 2015-02-21 08:24 - 00000000 ____D () C:\Program Files\iPod
2015-02-21 08:24 - 2015-02-21 08:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-19 18:04 - 2015-02-19 18:04 - 00000000 ____D () E:\Users\The Bozzells\Documents\OneNote Notebooks
2015-02-15 19:09 - 2015-02-18 18:59 - 00009501 ____N () E:\Users\The Bozzells\Documents\Credit Score History.xlsx
2015-02-12 08:45 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 08:45 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 08:45 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 08:45 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 08:18 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 08:18 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 08:18 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-12 08:18 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 22:09 - 2015-02-11 22:09 - 00000000 ____D () C:\Windows\Temp82C9203F-CA9A-AFC3-E72C-44B64D502308-Signatures
2015-02-11 22:04 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-11 22:03 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-11 22:03 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-11 22:03 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 22:03 - 2015-02-05 16:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-11 22:01 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-11 22:01 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-11 19:55 - 2015-02-11 20:43 - 00000000 ____D () E:\Users\The Bozzells\AppData\Local\Mathematica
2015-02-11 19:55 - 2015-02-11 19:55 - 00000000 ____D () E:\Users\The Bozzells\AppData\Roaming\Mathematica
2015-02-11 19:55 - 2015-02-11 19:55 - 00000000 ____D () E:\Users\The Bozzells\AppData\Local\Wolfram Research
2015-02-11 19:54 - 2015-02-11 19:55 - 00000000 ____D () E:\ProgramData\Mathematica
2015-02-11 19:54 - 2015-02-11 19:54 - 00000000 ____D () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2015-02-11 19:54 - 2015-02-11 19:54 - 00000000 ____D () C:\Program Files\Extras
2015-02-11 19:54 - 2015-02-11 19:54 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2015-02-11 14:58 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 14:58 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 14:58 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 14:58 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 14:58 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 14:58 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 14:58 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 14:58 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 14:58 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:58 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 14:58 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 14:58 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 14:58 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 14:58 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 14:58 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 14:58 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 14:58 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 14:58 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 14:58 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 14:58 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 14:58 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 14:58 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 14:58 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 14:58 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 14:58 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 14:58 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 14:58 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 14:58 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 14:58 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 14:58 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 14:58 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 14:58 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:58 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:58 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 14:58 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 14:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 14:58 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 14:58 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 14:58 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 14:58 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 14:58 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 14:58 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 14:58 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 14:58 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 14:58 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 14:58 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 14:58 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 14:58 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 14:58 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 14:58 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:58 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 14:58 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 14:58 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:58 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 14:58 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 14:58 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 14:58 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 14:58 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:58 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:58 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 14:58 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 14:58 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 14:58 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 14:58 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 14:58 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 14:58 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 14:58 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 14:58 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 14:58 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 14:58 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 14:58 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 14:58 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:58 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 14:58 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 14:58 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 14:58 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 14:58 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 14:58 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 14:58 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:58 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 14:58 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 14:58 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 14:58 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 14:58 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 14:58 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 14:58 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 14:58 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 14:58 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 14:58 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 14:58 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 14:58 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 14:58 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 14:58 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 14:58 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 14:58 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 14:58 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 14:58 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-07 12:06 - 2015-02-24 19:52 - 00095681 ____N () E:\Users\The Bozzells\Documents\Master Bath Plan - 3 Gerard Ct V2.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 17:10 - 2014-03-12 15:34 - 02040669 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 17:07 - 2015-02-01 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 17:07 - 2014-04-04 19:49 - 00000000 ____D () E:\Users\The Bozzells\AppData\Roaming\Skype
2015-03-07 17:07 - 2010-11-20 22:47 - 00263204 _____ () C:\Windows\PFRO.log
2015-03-07 17:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 17:07 - 2009-07-13 23:51 - 00064113 _____ () C:\Windows\setupact.log
2015-03-07 17:00 - 2014-12-13 21:08 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419972423-3273679860-2966919592-1000UA.job
2015-03-07 16:58 - 2014-12-13 21:08 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1419972423-3273679860-2966919592-1000Core.job
2015-03-07 16:53 - 2014-03-12 15:35 - 00000000 ____D () E:\Users\The Bozzells\Documents\Outlook Files
2015-03-07 16:52 - 2015-02-01 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 16:46 - 2014-03-15 09:57 - 00000312 _____ () C:\Windows\Tasks\Synology Data Replicator 3-ACDC-The Bozzells.job
2015-03-04 22:52 - 2009-07-14 00:13 - 00877178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 22:19 - 2014-03-13 11:34 - 00007604 _____ () E:\Users\The Bozzells\AppData\Local\Resmon.ResmonCfg
2015-03-03 08:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 06:39 - 2011-06-02 15:56 - 00000000 ____D () E:\Users\The Bozzells\Documents\Andrew
2015-03-02 22:59 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 22:59 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 18:01 - 2014-03-12 14:54 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-28 21:17 - 2014-04-10 15:42 - 00000000 __SHD () C:\AI_RecycleBin
2015-02-28 13:10 - 2011-07-05 11:48 - 00000000 ____D () E:\Users\The Bozzells\Documents\TurboTax
2015-02-28 10:11 - 2014-03-29 09:28 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-02-27 12:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-27 05:17 - 2014-04-04 19:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-27 05:17 - 2014-04-04 19:49 - 00000000 ____D () E:\ProgramData\Skype
2015-02-24 19:55 - 2014-03-12 15:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 19:55 - 2014-03-12 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-21 17:33 - 2014-03-29 09:28 - 00000789 _____ () E:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-21 08:24 - 2014-03-13 15:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-14 11:05 - 2014-03-13 08:54 - 00000000 ____D () E:\Users\The Bozzells\Documents\Quicken
2015-02-13 11:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 08:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 08:14 - 2009-07-13 23:45 - 00417048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:13 - 2014-12-11 03:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:13 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 22:11 - 2014-09-16 17:58 - 00000000 ____D () E:\ProgramData\Package Cache
2015-02-11 22:10 - 2014-03-12 15:12 - 00000000 ____D () E:\ProgramData\Microsoft Help
2015-02-11 22:10 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 22:09 - 2014-03-12 13:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:07 - 2014-03-12 13:45 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 22:04 - 2014-03-12 13:26 - 00000000 ____D () E:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-11 22:03 - 2014-03-12 13:27 - 00000000 ____D () E:\ProgramData\NVIDIA
2015-02-08 03:01 - 2014-03-12 13:15 - 00869300 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-07 09:55 - 2014-12-13 21:08 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1419972423-3273679860-2966919592-1000UA
2015-02-07 09:55 - 2014-12-13 21:08 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1419972423-3273679860-2966919592-1000Core
2015-02-07 09:54 - 2012-11-08 21:02 - 00024064 ____N () E:\Users\The Bozzells\Documents\Ids and Passwords.xlsx
2015-02-05 16:01 - 2014-03-12 13:31 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 16:01 - 2014-03-12 13:26 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-05 16:01 - 2014-03-12 13:26 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 16:01 - 2014-03-12 13:26 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 16:01 - 2014-03-12 13:25 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 16:01 - 2014-03-12 13:22 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 16:01 - 2014-03-12 13:22 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 14:07 - 2014-03-12 13:26 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 14:07 - 2014-03-12 13:26 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 14:07 - 2014-03-12 13:26 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 14:07 - 2014-03-12 13:26 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 14:07 - 2014-03-12 13:26 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 14:06 - 2014-03-12 13:26 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 07:50 - 2014-03-12 13:26 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2015-02-24 12:46 - 2015-02-24 12:46 - 0006656 __RSH () E:\Users\The Bozzells\AppData\Roaming\{0000008C-68CB-74A5-4412-196162079230}.exe
2015-02-02 16:42 - 2015-02-02 16:42 - 0000755 ____N () E:\Users\The Bozzells\AppData\Local\recently-used.xbel
2014-03-13 11:34 - 2015-03-03 22:19 - 0007604 _____ () E:\Users\The Bozzells\AppData\Local\Resmon.ResmonCfg
2014-03-13 15:48 - 2014-03-13 15:48 - 0000057 _____ () E:\ProgramData\Ament.ini
2014-03-29 09:28 - 2015-02-21 17:33 - 0000789 _____ () E:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
E:\Users\The Bozzells\AppData\Local\Temp\dllnt_dump.dll
E:\Users\The Bozzells\AppData\Local\Temp\dsHostCheckerSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-8u31-windows-au.exe
E:\Users\The Bozzells\AppData\Local\Temp\JuniperSetupClientInstaller.exe
E:\Users\The Bozzells\AppData\Local\Temp\nvSCPAPI.dll
E:\Users\The Bozzells\AppData\Local\Temp\nvStInst.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00000.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00001.exe
E:\Users\The Bozzells\AppData\Local\Temp\Quarantine.exe
E:\Users\The Bozzells\AppData\Local\Temp\SkypeSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\sqlite3.dll
E:\Users\The Bozzells\AppData\Local\Temp\swt-win32-3349.dll
E:\Users\The Bozzells\AppData\Local\Temp\_is1506.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 00:46

==================== End Of Log ============================

And, I have attached the Addition.txt file

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 08 March 2015 - 07:44 AM

ATTENTION: System Restore is disabled.


Turn on your System restore.
How to:
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

Was this removed with the running of the RogueKiller tool?
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed? : E:\Users\The Bozzells\Application Data\{0000008C-68CB-74A5-4412-196162079230}.exe -> Found
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S1 fkthdidj; \??\C:\Windows\system32\drivers\fkthdidj.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
E:\Users\The Bozzells\AppData\Local\Temp\dllnt_dump.dll
E:\Users\The Bozzells\AppData\Local\Temp\dsHostCheckerSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-8u31-windows-au.exe
E:\Users\The Bozzells\AppData\Local\Temp\JuniperSetupClientInstaller.exe
E:\Users\The Bozzells\AppData\Local\Temp\nvSCPAPI.dll
E:\Users\The Bozzells\AppData\Local\Temp\nvStInst.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00000.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00001.exe
E:\Users\The Bozzells\AppData\Local\Temp\SkypeSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\sqlite3.dll
E:\Users\The Bozzells\AppData\Local\Temp\swt-win32-3349.dll
E:\Users\The Bozzells\AppData\Local\Temp\_is1506.exe
AlternateDataStreams: E:\Users\The Bozzells\Documents\Why Men are not Secretaries....eml:OECustomProperty

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#7 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 March 2015 - 08:53 AM

The Registry entry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed? : E:\Users\The Bozzells\Application Data\{0000008C-68CB-74A5-4412-196162079230}.exe is now gone.  I did find an exe file with this name in AppData\Roaming.

 

There is no longer a svchost.exe process running under my user id (the regular services are still running) and the computer is working okay.  I would like to find out what this was and if any information or activity I did is at risk of having been shared.

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 01
Ran by The Bozzells at 2015-03-08 09:39:39 Run:1
Running from E:\Users\The Bozzells\Desktop
Loaded Profiles: The Bozzells (Available profiles: The Bozzells)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S1 fkthdidj; \??\C:\Windows\system32\drivers\fkthdidj.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
E:\Users\The Bozzells\AppData\Local\Temp\dllnt_dump.dll
E:\Users\The Bozzells\AppData\Local\Temp\dsHostCheckerSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
E:\Users\The Bozzells\AppData\Local\Temp\jre-8u31-windows-au.exe
E:\Users\The Bozzells\AppData\Local\Temp\JuniperSetupClientInstaller.exe
E:\Users\The Bozzells\AppData\Local\Temp\nvSCPAPI.dll
E:\Users\The Bozzells\AppData\Local\Temp\nvStInst.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00000.exe
E:\Users\The Bozzells\AppData\Local\Temp\ose00001.exe
E:\Users\The Bozzells\AppData\Local\Temp\SkypeSetup.exe
E:\Users\The Bozzells\AppData\Local\Temp\sqlite3.dll
E:\Users\The Bozzells\AppData\Local\Temp\swt-win32-3349.dll
E:\Users\The Bozzells\AppData\Local\Temp\_is1506.exe
AlternateDataStreams: E:\Users\The Bozzells\Documents\Why Men are not Secretaries....eml:OECustomProperty

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
fkthdidj => Service deleted successfully.
MSICDSetup => Service deleted successfully.
E:\Users\The Bozzells\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\dsHostCheckerSetup.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\JuniperSetupClientInstaller.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\nvStInst.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\ose00000.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\ose00001.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\sqlite3.dll => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
E:\Users\The Bozzells\AppData\Local\Temp\_is1506.exe => Moved successfully.
E:\Users\The Bozzells\Documents\Why Men are not Secretaries....eml => ":OECustomProperty" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog 09:39:52 ====

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 08 March 2015 - 09:29 AM

There is no way for us to know how you got infected.

Is the restore point working?

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#9 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 March 2015 - 11:34 AM

Restore point is working

 

SecurityCheck checkup.txt below:

 

 Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Reader XI 
 Google Chrome (40.0.2214.115)
 Google Chrome (41.0.2272.76)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 08 March 2015 - 01:01 PM

You have the latest version of Java.

===

If all is well.

to learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 rbozzell

rbozzell
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 09 March 2015 - 07:45 AM

Thanks for your help!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 09 March 2015 - 01:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users