TechSpot

Problems with Internet Explorer & running slow

By glhglh
May 23, 2014
  1. Notebook will not open internet explorer.

    also, dss gets message that dss not designed to run in compatibility mode.

    Running windows 8, how do I get dss to run?

    Mbam log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/23/2014
    Scan Time: 7:25:15 PM
    Logfile: Mbam Log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.05.24.01
    Rootkit Database: v2014.05.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: garyh

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 405173
    Time Elapsed: 17 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Dss won't run.

    Ran Rogue Killer twice:

    Log 1:
    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : garyh [Admin rights]
    Mode : Shortcuts HJfix -- Date : 05/23/2014 20:15:54
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DashlanePlugin.exe -- C:\Users\garyh\AppData\Roaming\Dashlane\DashlanePlugin.exe [7] -> KILLED [Tree]

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 0 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 0 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 0 / Fail 1
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\HarddiskVolume7 -- 0x2 --> Restored

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[0]_SC_05232014_201554.txt >>

    Log number 2:

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : garyh [Admin rights]
    Mode : Shortcuts HJfix -- Date : 05/23/2014 20:20:06
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DashlanePlugin.exe -- C:\Users\garyh\AppData\Roaming\Dashlane\DashlanePlugin.exe [7] -> KILLED [Tree]

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 0 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 0 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 0 / Fail 1
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\HarddiskVolume7 -- 0x2 --> Restored

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[0]_SC_05232014_202006.txt >>
    RKreport[0]_D_05232014_201943.txt;RKreport[0]_H_05232014_201953.txt;RKreport[0]_S_05232014_201912.txt
     
  3. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    mbar:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.05.24.01

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.17107
    garyh :: GLH-DELL [administrator]

    5/23/2014 8:42:48 PM
    mbar-log-2014-05-23 (20-42-48).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 400124
    Time elapsed: 17 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  5. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    AdwCleaner log:


    # AdwCleaner v3.210 - Report created 24/05/2014 at 17:58:47

    # Updated 19/05/2014 by Xplode

    # Operating System : Windows 8.1 Pro (64 bits)

    # Username : garyh - GLH-DELL

    # Running from : C:\Users\garyh\Desktop\Virus Scans\adwcleaner_3.210.exe

    # Option : Clean


    ***** [ Services ] *****



    ***** [ Files / Folders ] *****



    ***** [ Shortcuts ] *****



    ***** [ Registry ] *****



    ***** [ Browsers ] *****


    -\\ Internet Explorer v11.0.9600.17037



    -\\ Google Chrome v35.0.1916.114


    [ File : C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\preferences ]



    *************************


    AdwCleaner[R0].txt - [752 octets] - [01/09/2013 11:08:28]

    AdwCleaner[R10].txt - [2917 octets] - [24/04/2014 18:38:05]

    AdwCleaner[R11].txt - [2078 octets] - [02/05/2014 22:22:25]

    AdwCleaner[R12].txt - [2633 octets] - [16/05/2014 16:17:54]

    AdwCleaner[R13].txt - [2325 octets] - [24/05/2014 17:56:51]

    AdwCleaner[R1].txt - [1747 octets] - [13/10/2013 17:59:17]

    AdwCleaner[R2].txt - [1209 octets] - [29/11/2013 21:43:12]

    AdwCleaner[R3].txt - [1169 octets] - [29/12/2013 15:39:02]

    AdwCleaner[R4].txt - [1300 octets] - [13/01/2014 00:19:51]

    AdwCleaner[R5].txt - [1344 octets] - [13/01/2014 00:37:41]

    AdwCleaner[R6].txt - [1464 octets] - [18/01/2014 17:15:15]

    AdwCleaner[R7].txt - [1653 octets] - [27/03/2014 18:41:52]

    AdwCleaner[R8].txt - [1806 octets] - [01/04/2014 22:46:28]

    AdwCleaner[R9].txt - [2741 octets] - [10/04/2014 19:47:41]

    AdwCleaner[S0].txt - [812 octets] - [01/09/2013 11:08:59]

    AdwCleaner[S10].txt - [3003 octets] - [24/04/2014 18:40:18]

    AdwCleaner[S11].txt - [2141 octets] - [02/05/2014 22:24:39]

    AdwCleaner[S12].txt - [2703 octets] - [16/05/2014 16:18:50]

    AdwCleaner[S13].txt - [1706 octets] - [24/05/2014 17:58:47]

    AdwCleaner[S1].txt - [1830 octets] - [13/10/2013 18:00:47]

    AdwCleaner[S2].txt - [1279 octets] - [29/11/2013 21:44:07]

    AdwCleaner[S3].txt - [1192 octets] - [29/12/2013 15:40:42]

    AdwCleaner[S4].txt - [1323 octets] - [13/01/2014 00:20:43]

    AdwCleaner[S5].txt - [1406 octets] - [13/01/2014 00:39:51]

    AdwCleaner[S6].txt - [1526 octets] - [18/01/2014 17:16:43]

    AdwCleaner[S7].txt - [1716 octets] - [27/03/2014 18:43:23]

    AdwCleaner[S8].txt - [1830 octets] - [01/04/2014 22:47:22]

    AdwCleaner[S9].txt - [2828 octets] - [10/04/2014 19:50:24]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2307 octets] ##########



    JRT Log:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.3 (03.23.2014:1)

    OS: Windows 8.1 Pro x64

    Ran by garyh on Sat 05/24/2014 at 18:22:09.77

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





    ~~~ Services




    ~~~ Registry Values





    ~~~ Registry Keys




    ~~~ Files




    ~~~ Folders




    ~~~ Event Viewer Logs were cleared






    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Sat 05/24/2014 at 18:27:39.68

    Computer was rebooted

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    FRIST Log:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1

    Ran by garyh (administrator) on GLH-DELL on 24-05-2014 18:29:43

    Running from C:\Users\garyh\Desktop\Virus Scans

    Platform: Windows 8.1 Pro (X64) OS Language: English(US)

    Internet Explorer Version 11

    Boot Mode: Normal


    The only official download link for FRST:

    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    Download link from any site other than Bleeping Computer is unpermitted or outdated.

    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


    ==================== Processes (Whitelisted) =================


    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe

    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    () C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe

    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe

    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe

    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

    (Xerox Corporation) C:\Program Files (x86)\SuppliesAssistant\SuppliesAssistantClient.exe

    (Xerox Corporation) C:\Program Files (x86)\SuppliesAssistant\SuppliesAssistantClient.exe

    (SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe

    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

    (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

    (Intel Corporation) C:\Windows\System32\hkcmd.exe

    (Intel Corporation) C:\Windows\System32\igfxpers.exe

    (Akamai Technologies, Inc.) C:\Users\garyh\AppData\Local\Akamai\netsession_win.exe

    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe

    (Google Inc.) C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe

    () C:\Users\garyh\AppData\Roaming\Dashlane\Dashlane.exe

    (Akamai Technologies, Inc.) C:\Users\garyh\AppData\Local\Akamai\netsession_win.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

    (Dropbox, Inc.) C:\Users\garyh\AppData\Roaming\Dropbox\bin\Dropbox.exe

    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    () C:\Users\garyh\AppData\Roaming\Dashlane\DashlanePlugin.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



    ==================== Registry (Whitelisted) ==================


    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor)

    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

    HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)

    HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)

    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)

    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-05] (Google Inc.)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\garyh\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [DellSystemDetect] => C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [Google Update] => C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-28] (Google Inc.)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [VideoAcceleratorCommTest] => C:\Program Files (x86)\SpeedBit Video Accelerator\CommTest.exe [1380520 2014-04-29] (SPEEDbit)

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1000\...\Run: [Dashlane] => C:\Users\garyh\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-04-08] ()

    HKU\S-1-5-21-2128454943-2381797511-2457621860-1002\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)

    Startup: C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

    ShortcutTarget: Dropbox.lnk -> C:\Users\garyh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    Startup: C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 7500 E910 (Network).lnk

    ShortcutTarget: Monitor Ink Alerts - HP Officejet 7500 E910 (Network).lnk -> C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    Startup: C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk

    ShortcutTarget: RT-Updater.lnk -> C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)


    ==================== Internet (Whitelisted) ====================


    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/

    SearchScopes: HKCU - {CF178931-BA91-40BC-9778-89DD36E4661A} URL =

    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

    BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)

    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

    BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)

    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)

    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)

    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)

    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\garyh\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)

    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

    DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://I.dell.com/images/global/js/scanner/SysProExe.cab

    DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab

    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=1557529182

    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Winsock: Catalog9 20 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)

    Hosts: 127.0.0.1 localhost

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.5


    FireFox:

    ========

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\garyh\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\garyh\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-28]

    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\

    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-18]

    FF HKLM-x32\...\Firefox\Extensions: [{0FAA5C82-A094-4541-8811-D3361F972A81}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []


    Chrome:

    =======

    CHR HomePage: hxxp://www.google.com/

    CHR StartupUrls: "hxxp://www.facebook.com/profile.php?id=678086117&ref=profile", "hxxp://www.peacecorpskorea.com/", "https://www.facebook.com/groups/Korea.xpcvs/", "https://translate.google.com/?hl=en&tab=wT", "chrome://newtab/"

    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()

    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

    CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

    CHR Extension: (WOT) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-23]

    CHR Extension: (Google Cast) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-28]

    CHR Extension: (Dashlane) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-05-09]

    CHR Extension: (RealPlayer Downloader) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-28]

    CHR Extension: (Norton Identity Protection) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-18]

    CHR Extension: (Google Wallet) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]

    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]


    ==================== Services (Whitelisted) =================


    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()

    S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] ()

    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()

    R2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32888 2013-08-02] ()

    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)

    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

    R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-29] (Microsoft Corporation)

    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-10] (Symantec Corporation)

    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-03-15] ()

    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-03-28] (RealNetworks, Inc.)

    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-03-20] ()

    R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()

    S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)

    S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)

    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)

    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

    R2 SuppliesAssistantClient; C:\Program Files (x86)\SuppliesAssistant\SuppliesAssistantClient.exe [200640 2014-01-21] (Xerox Corporation)

    S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)

    R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2014-04-29] (SPEEDbit)

    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-29] (Microsoft Corporation)

    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-29] (Microsoft Corporation)

    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

    R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]

    end of part 1
     
  6. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Start Part 2:


    ==================== Drivers (Whitelisted) ====================


    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)

    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)

    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)

    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

    S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23312 2013-01-22] (Dell Computer Corporation)

    S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2013-01-22] (Dell Computer Corporation)

    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-18] (Symantec Corporation)

    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-18] (Symantec Corporation)

    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()

    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)

    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)

    S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)

    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-24] (Malwarebytes Corporation)

    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

    S2 MCSTRM; No ImagePath

    R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-29] (Microsoft Corporation)

    S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140524.016\ENG64.SYS [126040 2014-04-18] (Symantec Corporation)

    S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140524.016\EX64.SYS [2099288 2014-04-18] (Symantec Corporation)

    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)

    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

    S3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)

    R3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)

    S3 RT-USB; C:\Windows\system32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)

    R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)

    R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)

    R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)

    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)

    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

    R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

    S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)

    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-18] (Symantec Corporation)

    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

    R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

    S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

    U3 idsvc;

    S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]

    S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X]

    S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]

    S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X]


    ==================== NetSvcs (Whitelisted) ===================



    ==================== One Month Created Files and Folders ========


    2014-05-24 18:29 - 2014-05-24 18:29 - 00000000 ____D () C:\FRST

    2014-05-24 18:27 - 2014-05-24 18:27 - 00000651 _____ () C:\Users\garyh\Desktop\JRT.txt

    2014-05-23 20:37 - 2014-05-23 21:01 - 00000000 ____D () C:\Users\garyh\Desktop\mbar

    2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

    2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

    2014-05-23 20:20 - 2014-05-23 20:20 - 00001403 _____ () C:\Users\garyh\Desktop\RKreport[0]_SC_05232014_202006.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00002349 _____ () C:\Users\garyh\Desktop\RKreport[0]_D_05232014_201943.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00002306 _____ () C:\Users\garyh\Desktop\RKreport[0]_S_05232014_201912.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000982 _____ () C:\Users\garyh\Desktop\RKreport[0]_H_05232014_201953.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000899 _____ () C:\Users\garyh\Desktop\RKreport[0]_PR_05232014_201956.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000863 _____ () C:\Users\garyh\Desktop\RKreport[0]_DN_05232014_201958.txt

    2014-05-23 20:15 - 2014-05-23 20:15 - 00001300 _____ () C:\Users\garyh\Desktop\RKreport[0]_SC_05232014_201554.txt

    2014-05-23 20:13 - 2014-05-23 20:21 - 00000000 ____D () C:\Users\garyh\Desktop\RK_Quarantine

    2014-05-23 19:44 - 2014-05-24 18:29 - 00000000 ____D () C:\Users\garyh\Desktop\Virus Scans

    2014-05-23 19:20 - 2014-05-23 20:27 - 00001154 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2014-05-23 19:20 - 2014-05-23 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-05-23 19:20 - 2014-05-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-05-23 19:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

    2014-05-23 19:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

    2014-05-20 16:43 - 2014-05-23 18:20 - 00003362 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-20 16:43 - 2014-05-23 18:20 - 00003310 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-17 17:45 - 2014-05-17 17:45 - 00001482 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

    2014-05-16 22:33 - 2014-04-18 02:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

    2014-05-16 22:33 - 2014-04-18 01:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

    2014-05-16 22:33 - 2014-04-18 01:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

    2014-05-16 22:33 - 2014-04-18 00:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

    2014-05-16 22:33 - 2014-04-06 09:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

    2014-05-16 22:33 - 2014-04-06 08:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

    2014-05-16 22:33 - 2014-04-06 04:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

    2014-05-16 22:33 - 2014-04-06 04:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

    2014-05-16 22:33 - 2014-04-02 19:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

    2014-05-16 22:33 - 2014-03-19 17:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

    2014-05-16 22:33 - 2014-03-19 16:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

    2014-05-16 22:33 - 2014-03-17 22:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

    2014-05-16 22:33 - 2014-03-17 21:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

    2014-05-16 22:32 - 2014-04-18 07:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

    2014-05-16 22:32 - 2014-04-18 07:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

    2014-05-16 22:32 - 2014-04-18 06:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

    2014-05-16 22:32 - 2014-04-18 02:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll

    2014-05-16 22:32 - 2014-04-18 01:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

    2014-05-16 22:32 - 2014-04-18 01:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

    2014-05-16 22:32 - 2014-04-18 00:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

    2014-05-16 22:32 - 2014-04-14 02:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

    2014-05-16 22:32 - 2014-04-14 01:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

    2014-05-16 22:32 - 2014-04-10 23:13 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

    2014-05-16 22:32 - 2014-04-10 21:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

    2014-05-16 22:32 - 2014-04-10 21:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

    2014-05-16 22:32 - 2014-04-10 20:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

    2014-05-16 22:32 - 2014-04-09 04:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

    2014-05-16 22:32 - 2014-04-08 23:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

    2014-05-16 22:32 - 2014-04-08 22:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

    2014-05-16 22:32 - 2014-04-08 21:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

    2014-05-16 22:32 - 2014-04-08 20:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

    2014-05-16 22:32 - 2014-04-07 19:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

    2014-05-16 22:32 - 2014-04-06 09:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

    2014-05-16 22:32 - 2014-04-06 09:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

    2014-05-16 22:32 - 2014-04-06 09:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

    2014-05-16 22:32 - 2014-04-06 09:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

    2014-05-16 22:32 - 2014-04-06 09:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys

    2014-05-16 22:32 - 2014-04-06 09:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

    2014-05-16 22:32 - 2014-04-06 09:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

    2014-05-16 22:32 - 2014-04-06 09:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

    2014-05-16 22:32 - 2014-04-06 08:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

    2014-05-16 22:32 - 2014-04-06 08:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

    2014-05-16 22:32 - 2014-04-06 08:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

    2014-05-16 22:32 - 2014-04-06 07:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

    2014-05-16 22:32 - 2014-04-06 05:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll

    2014-05-16 22:32 - 2014-04-06 05:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

    2014-05-16 22:32 - 2014-04-06 05:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

    2014-05-16 22:32 - 2014-04-06 05:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe

    2014-05-16 22:32 - 2014-04-06 05:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll

    2014-05-16 22:32 - 2014-04-06 04:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll

    2014-05-16 22:32 - 2014-04-06 04:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

    2014-05-16 22:32 - 2014-04-06 04:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

    2014-05-16 22:32 - 2014-04-06 03:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

    2014-05-16 22:32 - 2014-04-06 03:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

    2014-05-16 22:32 - 2014-04-06 03:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

    2014-05-16 22:32 - 2014-04-06 03:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

    2014-05-16 22:32 - 2014-04-06 03:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

    2014-05-16 22:32 - 2014-04-06 02:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

    2014-05-16 22:32 - 2014-04-03 01:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

    2014-05-16 22:32 - 2014-04-03 01:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

    2014-05-16 22:32 - 2014-04-03 01:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

    2014-05-16 22:32 - 2014-04-02 21:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

    2014-05-16 22:32 - 2014-04-02 21:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll

    2014-05-16 22:32 - 2014-04-02 20:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

    2014-05-16 22:32 - 2014-04-02 19:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

    2014-05-16 22:32 - 2014-04-02 19:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

    2014-05-16 22:32 - 2014-04-02 19:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

    2014-05-16 22:32 - 2014-04-02 19:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

    2014-05-16 22:32 - 2014-04-02 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

    2014-05-16 22:32 - 2014-04-02 19:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll

    2014-05-16 22:32 - 2014-04-02 19:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll

    2014-05-16 22:32 - 2014-03-31 23:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

    2014-05-16 22:32 - 2014-03-30 22:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

    2014-05-16 22:32 - 2014-03-30 22:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

    2014-05-16 22:32 - 2014-03-30 22:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

    2014-05-16 22:32 - 2014-03-30 17:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

    2014-05-16 22:32 - 2014-03-30 17:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

    2014-05-16 22:32 - 2014-03-30 16:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

    2014-05-16 22:32 - 2014-03-30 15:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

    2014-05-16 22:32 - 2014-03-30 15:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

    2014-05-16 22:32 - 2014-03-30 15:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

    2014-05-16 22:32 - 2014-03-30 15:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

    2014-05-16 22:32 - 2014-03-30 14:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

    2014-05-16 22:32 - 2014-03-28 08:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

    2014-05-16 22:32 - 2014-03-26 23:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

    2014-05-16 22:32 - 2014-03-26 22:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

    2014-05-16 22:32 - 2014-03-26 21:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

    2014-05-16 22:32 - 2014-03-26 21:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

    2014-05-16 22:32 - 2014-03-26 21:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

    2014-05-16 22:32 - 2014-03-26 20:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

    2014-05-16 22:32 - 2014-03-26 20:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

    2014-05-16 22:32 - 2014-03-26 20:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

    2014-05-16 22:32 - 2014-03-24 15:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

    2014-05-16 22:32 - 2014-03-20 21:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll

    2014-05-16 22:32 - 2014-03-19 20:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

    2014-05-16 22:32 - 2014-03-19 17:51 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll

    2014-05-16 22:32 - 2014-03-19 16:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll

    2014-05-16 22:32 - 2014-03-19 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll

    2014-05-16 22:32 - 2014-03-19 01:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

    2014-05-16 22:32 - 2014-03-19 00:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

    2014-05-16 22:32 - 2014-03-19 00:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll

    2014-05-16 22:32 - 2014-03-18 23:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

    2014-05-16 22:32 - 2014-03-18 22:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

    2014-05-16 22:32 - 2014-03-18 22:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

    2014-05-16 22:32 - 2014-03-18 22:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

    2014-05-16 22:32 - 2014-03-18 22:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

    2014-05-16 22:32 - 2014-03-18 22:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

    2014-05-16 22:32 - 2014-03-18 22:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

    2014-05-16 22:32 - 2014-03-18 21:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

    2014-05-16 22:32 - 2014-03-18 21:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

    2014-05-16 22:32 - 2014-03-18 21:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

    2014-05-16 22:32 - 2014-03-18 01:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

    2014-05-16 22:32 - 2014-03-16 22:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

    2014-05-16 22:32 - 2014-03-16 21:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

    2014-05-16 22:32 - 2014-03-16 20:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

    2014-05-16 22:32 - 2014-03-16 19:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

    2014-05-16 22:32 - 2014-03-16 19:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

    2014-05-16 22:32 - 2014-03-13 23:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll

    2014-05-16 22:32 - 2014-03-13 23:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll

    2014-05-16 22:32 - 2014-03-06 05:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

    2014-05-16 22:30 - 2014-05-16 22:30 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

    2014-05-16 18:03 - 2014-05-24 18:21 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-16 18:03 - 2014-05-24 18:21 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-16 16:47 - 2014-05-16 16:47 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

    2014-05-16 16:35 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

    2014-05-16 16:35 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

    2014-05-16 16:35 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

    2014-05-16 16:35 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

    2014-05-16 16:35 - 2014-04-11 03:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

    2014-05-16 16:35 - 2014-04-11 03:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

    2014-05-16 16:35 - 2014-04-11 01:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

    2014-05-16 16:35 - 2014-04-10 23:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

    2014-05-16 16:35 - 2014-04-10 22:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

    2014-05-16 16:35 - 2014-04-10 22:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

    2014-05-16 16:35 - 2014-04-10 20:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

    2014-05-16 16:35 - 2014-04-10 20:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

    2014-05-16 16:35 - 2014-04-10 20:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

    2014-05-16 16:35 - 2014-04-10 20:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

    2014-05-16 16:35 - 2014-04-10 20:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

    2014-05-16 16:35 - 2014-04-10 20:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

    2014-05-16 16:35 - 2014-04-10 20:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

    2014-05-16 16:35 - 2014-04-10 20:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

    2014-05-16 16:35 - 2014-04-10 19:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

    2014-05-16 16:35 - 2014-04-10 19:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

    2014-05-16 16:35 - 2014-04-10 19:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

    2014-05-16 16:35 - 2014-04-10 19:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

    2014-05-16 16:35 - 2014-04-10 19:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

    2014-05-16 16:35 - 2014-04-10 19:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

    2014-05-16 16:35 - 2014-04-10 19:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

    2014-05-16 16:35 - 2014-04-10 19:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

    2014-05-16 16:35 - 2014-04-10 19:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

    2014-05-16 16:35 - 2014-04-10 19:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

    2014-05-16 16:35 - 2014-04-10 19:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

    2014-05-16 16:35 - 2014-03-23 19:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

    2014-05-16 16:35 - 2014-03-23 19:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

    2014-05-16 16:35 - 2014-03-23 19:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

    2014-05-16 16:35 - 2014-03-13 00:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe

    2014-05-16 16:35 - 2014-03-12 23:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe

    2014-05-16 16:33 - 2014-04-08 15:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll

    2014-05-16 16:33 - 2014-04-08 15:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll

    2014-05-16 16:33 - 2014-04-08 11:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll

    2014-05-16 16:33 - 2014-04-08 11:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll

    2014-05-16 14:50 - 2014-05-16 14:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360

    2014-05-11 21:43 - 2014-05-11 21:43 - 00000000 ____D () C:\Program Files (x86)\Dashlane

    2014-05-11 21:42 - 2014-05-11 21:42 - 00002065 _____ () C:\Users\garyh\Desktop\Dashlane.lnk

    2014-05-11 21:42 - 2014-05-11 21:42 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane

    2014-05-11 21:41 - 2014-05-11 21:43 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Dashlane

    2014-05-02 19:41 - 2014-05-02 19:41 - 00002176 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Lightroom 4.4 64-bit.lnk

    2014-05-02 19:40 - 2014-05-02 19:40 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.4 64-bit.lnk

    2014-05-02 19:40 - 2014-05-02 19:40 - 00002107 _____ () C:\Users\Public\Desktop\Lightroom 4.4 64-bit.lnk

    2014-05-02 19:16 - 2014-05-02 19:16 - 00000000 ____D () C:\Users\garyh\Desktop\Adobe

    2014-05-02 18:26 - 2014-05-02 18:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

    2014-05-02 18:26 - 2014-05-02 18:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

    2014-05-01 15:40 - 2014-05-01 15:40 - 00000000 ____D () C:\ProgramData\Motive

    2014-04-29 19:26 - 2014-05-02 22:26 - 00000000 ____D () C:\Program Files (x86)\SpeedBit Video Accelerator

    2014-04-29 17:29 - 2014-04-29 17:29 - 00001511 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealPlayer Cloud.lnk

    2014-04-26 21:44 - 2014-04-26 21:44 - 00001831 _____ () C:\Users\Public\Desktop\iTunes.lnk

    2014-04-26 21:44 - 2014-04-26 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

    2014-04-26 21:41 - 2014-04-26 21:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2014-04-26 21:41 - 2014-04-26 21:42 - 00000000 ____D () C:\Program Files\iTunes

    2014-04-26 21:41 - 2014-04-26 21:42 - 00000000 ____D () C:\Program Files (x86)\iTunes

    2014-04-26 21:41 - 2014-04-26 21:41 - 00000000 ____D () C:\Program Files\iPod

    2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime

    2014-04-26 14:59 - 2014-04-26 14:59 - 00000000 ____D () C:\Users\garyh\AppData\Local\CrashRpt

    2014-04-24 18:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

    2014-04-24 17:58 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

    2014-04-24 17:58 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

    2014-04-24 17:58 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

    2014-04-24 17:58 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

    2014-04-24 17:55 - 2014-04-24 17:58 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log


    ==================== One Month Modified Files and Folders =======


    2014-05-24 18:30 - 2013-12-28 15:52 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000UA.job

    2014-05-24 18:29 - 2014-05-24 18:29 - 00000000 ____D () C:\FRST

    2014-05-24 18:29 - 2014-05-23 19:44 - 00000000 ____D () C:\Users\garyh\Desktop\Virus Scans

    2014-05-24 18:28 - 2012-09-10 17:05 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Dropbox

    2014-05-24 18:27 - 2014-05-24 18:27 - 00000651 _____ () C:\Users\garyh\Desktop\JRT.txt

    2014-05-24 18:27 - 2012-11-11 23:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-24 18:22 - 2014-03-27 18:01 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

    2014-05-24 18:22 - 2014-01-23 22:11 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\DropboxMaster

    2014-05-24 18:21 - 2014-05-16 18:03 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-24 18:21 - 2014-05-16 18:03 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-24 18:21 - 2013-10-29 21:52 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

    2014-05-24 18:21 - 2013-10-29 21:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

    2014-05-24 18:21 - 2012-03-07 17:28 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

    2014-05-24 18:21 - 2012-01-03 04:33 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

    2014-05-24 18:20 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

    2014-05-24 18:19 - 2013-10-30 12:22 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\ClassicShell

    2014-05-24 18:19 - 2013-10-29 22:09 - 01441226 _____ () C:\WINDOWS\WindowsUpdate.log

    2014-05-24 18:14 - 2013-09-29 21:04 - 00998260 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

    2014-05-24 18:06 - 2013-09-29 20:55 - 00078640 _____ () C:\WINDOWS\PFRO.log

    2014-05-24 18:06 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

    2014-05-24 18:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

    2014-05-24 17:58 - 2013-09-01 11:08 - 00000000 ____D () C:\AdwCleaner

    2014-05-24 17:36 - 2012-03-07 17:28 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

    2014-05-23 21:01 - 2014-05-23 20:37 - 00000000 ____D () C:\Users\garyh\Desktop\mbar

    2014-05-23 21:01 - 2013-12-28 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    2014-05-23 20:37 - 2014-03-27 18:00 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

    2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

    2014-05-23 20:29 - 2014-05-23 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

    2014-05-23 20:29 - 2012-07-16 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes

    2014-05-23 20:27 - 2014-05-23 19:20 - 00001154 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2014-05-23 20:27 - 2014-05-23 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-05-23 20:27 - 2014-05-23 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-05-23 20:22 - 2012-11-25 16:22 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900944EB-20CA-47AB-9A07-F131A3FED303}

    2014-05-23 20:21 - 2014-05-23 20:13 - 00000000 ____D () C:\Users\garyh\Desktop\RK_Quarantine

    2014-05-23 20:20 - 2014-05-23 20:20 - 00001403 _____ () C:\Users\garyh\Desktop\RKreport[0]_SC_05232014_202006.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00002349 _____ () C:\Users\garyh\Desktop\RKreport[0]_D_05232014_201943.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00002306 _____ () C:\Users\garyh\Desktop\RKreport[0]_S_05232014_201912.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000982 _____ () C:\Users\garyh\Desktop\RKreport[0]_H_05232014_201953.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000899 _____ () C:\Users\garyh\Desktop\RKreport[0]_PR_05232014_201956.txt

    2014-05-23 20:19 - 2014-05-23 20:19 - 00000863 _____ () C:\Users\garyh\Desktop\RKreport[0]_DN_05232014_201958.txt

    2014-05-23 20:15 - 2014-05-23 20:15 - 00001300 _____ () C:\Users\garyh\Desktop\RKreport[0]_SC_05232014_201554.txt

    2014-05-23 19:54 - 2012-03-07 17:26 - 00000000 ___RD () C:\Download GLH

    2014-05-23 18:20 - 2014-05-20 16:43 - 00003362 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-23 18:20 - 2014-05-20 16:43 - 00003310 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000

    2014-05-22 16:30 - 2013-12-28 15:52 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000Core.job

    2014-05-22 11:20 - 2013-08-22 07:46 - 00426048 _____ () C:\WINDOWS\setupact.log

    2014-05-21 10:01 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

    2014-05-20 16:44 - 2013-04-12 16:49 - 00001071 _____ () C:\Users\garyh\Desktop\Dropbox.lnk

    2014-05-20 16:44 - 2013-04-03 19:50 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    2014-05-20 16:44 - 2012-03-06 19:24 - 00000000 ___RD () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    2014-05-20 16:38 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

    2014-05-18 21:55 - 2013-04-09 14:19 - 00000000 ____D () C:\Users\garyh\AppData\Local\CrashDumps

    2014-05-18 20:20 - 2013-11-17 15:08 - 00870128 _____ () C:\Users\garyh\AppData\Roaming\mcs.rma

    2014-05-18 20:20 - 2013-09-29 09:29 - 00000004 _____ () C:\Users\garyh\AppData\Roaming\17A08D

    2014-05-17 20:56 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

    2014-05-17 17:45 - 2014-05-17 17:45 - 00001482 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

    2014-05-16 22:39 - 2012-03-06 20:03 - 00000000 ___RD () C:\Data GLH

    2014-05-16 22:39 - 2012-03-06 19:24 - 00000000 ___RD () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

    2014-05-16 22:37 - 2013-08-22 07:44 - 00541952 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

    2014-05-16 22:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

    2014-05-16 22:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

    2014-05-16 22:34 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

    2014-05-16 22:30 - 2014-05-16 22:30 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

    2014-05-16 17:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

    2014-05-16 17:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

    2014-05-16 17:54 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore

    2014-05-16 17:54 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender

    2014-05-16 17:54 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

    2014-05-16 16:47 - 2014-05-16 16:47 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

    2014-05-16 16:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates

    2014-05-16 16:47 - 2012-03-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-05-16 16:46 - 2013-07-15 18:40 - 00000000 ____D () C:\WINDOWS\system32\MRT

    2014-05-16 16:40 - 2012-03-07 10:11 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    2014-05-16 16:20 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

    2014-05-16 14:50 - 2014-05-16 14:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360

    2014-05-16 14:50 - 2014-01-18 17:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

    2014-05-16 14:50 - 2014-01-18 17:42 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration

    2014-05-16 14:50 - 2014-01-18 17:42 - 00002375 _____ () C:\Users\Public\Desktop\Norton 360.lnk

    2014-05-16 14:50 - 2014-01-18 17:42 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64

    2014-05-15 18:53 - 2013-02-24 14:12 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    2014-05-12 07:26 - 2014-05-23 19:20 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

    2014-05-12 07:25 - 2014-05-23 19:20 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

    2014-05-11 21:43 - 2014-05-11 21:43 - 00000000 ____D () C:\Program Files (x86)\Dashlane

    2014-05-11 21:43 - 2014-05-11 21:41 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Dashlane

    2014-05-11 21:42 - 2014-05-11 21:42 - 00002065 _____ () C:\Users\garyh\Desktop\Dashlane.lnk

    2014-05-11 21:42 - 2014-05-11 21:42 - 00000000 ____D () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane

    2014-05-11 21:37 - 2012-03-06 20:00 - 00004076 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm

    2014-05-11 15:21 - 2012-06-07 00:04 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4

    2014-05-10 20:28 - 2012-03-06 21:08 - 00000000 ____D () C:\Program Files (x86)\PlayersOnly

    2014-05-08 16:31 - 2012-03-07 17:28 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-05-08 16:31 - 2012-03-07 17:28 - 00003632 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-05-08 16:25 - 2013-12-28 15:52 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000UA

    2014-05-08 16:25 - 2013-12-28 15:52 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000Core

    2014-05-05 21:40 - 2014-05-16 16:35 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

    2014-05-05 20:25 - 2014-05-16 16:35 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

    2014-05-05 20:00 - 2014-05-16 16:35 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

    2014-05-05 19:10 - 2014-05-16 16:35 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

    2014-05-02 22:26 - 2014-04-29 19:26 - 00000000 ____D () C:\Program Files (x86)\SpeedBit Video Accelerator

    2014-05-02 19:41 - 2014-05-02 19:41 - 00002176 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Lightroom 4.4 64-bit.lnk

    2014-05-02 19:40 - 2014-05-02 19:40 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.4 64-bit.lnk

    2014-05-02 19:40 - 2014-05-02 19:40 - 00002107 _____ () C:\Users\Public\Desktop\Lightroom 4.4 64-bit.lnk

    2014-05-02 19:39 - 2013-09-24 22:40 - 00000000 ____D () C:\Program Files\Adobe

    2014-05-02 19:16 - 2014-05-02 19:16 - 00000000 ____D () C:\Users\garyh\Desktop\Adobe

    2014-05-02 18:26 - 2014-05-02 18:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

    2014-05-02 18:26 - 2014-05-02 18:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

    2014-05-01 15:40 - 2014-05-01 15:40 - 00000000 ____D () C:\ProgramData\Motive

    2014-05-01 13:30 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

    2014-05-01 13:30 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    2014-04-29 17:29 - 2014-04-29 17:29 - 00001511 _____ () C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealPlayer Cloud.lnk

    2014-04-26 21:44 - 2014-04-26 21:44 - 00001831 _____ () C:\Users\Public\Desktop\iTunes.lnk

    2014-04-26 21:44 - 2014-04-26 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

    2014-04-26 21:42 - 2014-04-26 21:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2014-04-26 21:42 - 2014-04-26 21:41 - 00000000 ____D () C:\Program Files\iTunes

    2014-04-26 21:42 - 2014-04-26 21:41 - 00000000 ____D () C:\Program Files (x86)\iTunes

    2014-04-26 21:41 - 2014-04-26 21:41 - 00000000 ____D () C:\Program Files\iPod

    2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime

    2014-04-26 14:59 - 2014-04-26 14:59 - 00000000 ____D () C:\Users\garyh\AppData\Local\CrashRpt

    2014-04-25 19:28 - 2012-03-06 20:00 - 00003492 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon

    2014-04-24 17:59 - 2013-10-16 18:32 - 00000000 ____D () C:\ProgramData\Oracle

    2014-04-24 17:58 - 2014-04-24 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

    2014-04-24 17:58 - 2014-04-24 17:55 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log

    2014-04-24 17:57 - 2012-09-08 12:46 - 00000000 ____D () C:\Program Files (x86)\Java

    2014-04-24 17:45 - 2013-02-07 17:28 - 00000000 ____D () C:\Users\garyh\AppData\Local\Akamai


    Some content of TEMP:

    ====================

    C:\Users\garyh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsiaqie.dll

    C:\Users\garyh\AppData\Local\Temp\ntdll_dump.dll

    C:\Users\garyh\AppData\Local\Temp\Quarantine.exe
     
  7. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Start of part 3:


    ==================== Bamital & volsnap Check =================


    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\SysWOW64\explorer.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\SysWOW64\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe

    [2014-05-16 22:32] - [2014-03-28 08:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972


    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\SysWOW64\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\SysWOW64\userinit.exe => MD5 is legit

    C:\Windows\System32\rpcss.dll => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys

    [2014-05-16 22:32] - [2014-03-06 05:42] - 0310616 ____A (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663




    LastRegBack: 2014-05-20 16:51


    ==================== End Of Log ============================



    Addition Log:


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2014 1

    Ran by garyh at 2014-05-24 18:30:46

    Running from C:\Users\garyh\Desktop\Virus Scans

    Boot Mode: Normal

    ==========================================================



    ==================== Security Center ========================


    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

    AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}


    ==================== Installed Programs ======================


    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

    Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)

    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)

    Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)

    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Athentech Perfectly Clear (HKLM-x32\...\_{12097B7C-04C4-4049-AEBF-0ECE0D6FCEE3}) (Version: 1.0.0.101 - Corel Corporation)

    Athentech Perfectly Clear (Version: 1.0.0.101 - Corel Corporation) Hidden

    Athentech Perfectly Clear (x32 Version: 1.0.0.101 - Corel Corporation) Hidden

    Audials (HKLM-x32\...\{785E309A-737D-422E-9520-369C6938D42E}) (Version: 10.2.30900.0 - Audials AG)

    BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)

    bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

    BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)

    ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)

    Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)

    Corel Paint it! - Content (x32 Version: 1.0 - Your Company Name) Hidden

    Corel Paint it! - Core (x32 Version: 1.0 - Corel Corporation) Hidden

    Corel Paint it! - ICA (x32 Version: 1.0 - Corel Corporation) Hidden

    Corel Paint it! - Langauge (x32 Version: 1.0 - Your Company Name) Hidden

    Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)

    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.8.0.203 - Corel Inc.)

    Creator NXT Content (x32 Version: 14.0.024 - Roxio) Hidden

    Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Dashlane (HKCU\...\Dashlane) (Version: 2.4.0.60370 - Dashlane SAS)

    Dazzle Video Capture DVC100 X64 Driver 1.06 (x32 Version: 1.06.0000 - Pinnacle) Hidden

    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version: - Microsoft)

    Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)

    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)

    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)

    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.3.2.10 - Dell)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)

    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

    Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)

    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

    Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

    FaceFilter v3.02 Standard (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.1506.1 - Reallusion Inc.)

    Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)

    Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden

    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

    GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)

    HDR Express 2 (HKLM-x32\...\HDR Express 2) (Version: 2.1.0.10658 - UCT)

    HDR Express v2.0 (x32 Version: 1.0.0.0 - Corel Corporation) Hidden

    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

    HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)

    HP Officejet 7500 E910 Product Improvement Study (HKLM\...\{CC9F7DAB-5F9B-43B1-882C-1CC2A231EF40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)

    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)

    HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP)

    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

    HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

    ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden

    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden

    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)

    Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden

    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

    Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)

    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

    Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)

    Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden

    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)

    IPM (x32 Version: 1.0 - Corel Corporation) Hidden

    IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden

    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

    iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)

    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)

    Living Cookbook 2013 (HKLM-x32\...\Living Cookbook 2013) (Version: 4.0.40 - Radium Technologies, Inc.)

    Living Cookbook 2013 (x32 Version: 4.0.40 - Radium Technologies) Hidden

    Malwarebytes Anti-Exploit version 0.10.3.0100 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.3.0100 - Malwarebytes)

    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

    Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden

    Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

    Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)

    MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)

    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

    Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)

    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

    Paint it! (HKLM-x32\...\_{F0A8CBC2-B9B6-40CF-B40F-29B3BA188748}) (Version: 1.0 - Corel Corporation)

    PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)

    Players Only (HKCU\...\Players Only) (Version: 5.0 - )

    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

    PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )

    PostgreSQL 9.0 (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)

    ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

    PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden

    PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden

    PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden

    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

    RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden

    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)

    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

    Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )

    Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden

    Roxio Central (x32 Version: 8.0.0 - Roxio) Hidden

    Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden

    Roxio Creator NXT Content (HKLM-x32\...\{4076B6C5-571B-4DAE-81EC-67622EF31405}) (Version: 1.0.4.0 - Roxio)

    Roxio Creator NXT Pro 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.3 - Roxio)

    Roxio Creator NXT Pro 2 (x32 Version: 1.5.000 - Roxio) Hidden

    Roxio Creator NXT Pro 2 Disc 2 (x32 Version: 15.0 - Roxio) Hidden

    Roxio Creator NXT Pro Disc 2 (x32 Version: 14.0 - Roxio) Hidden

    Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)

    Roxio Secure Burn (x32 Version: 2.0 - Roxio) Hidden

    Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden

    Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden

    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)

    Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden

    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

    Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden

    Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden

    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

    SIW Pro Edition (HKLM-x32\...\{69D2DFEE-F831-4843-B08F-59B2E62B6749}_is1) (Version: 2012.10.04 - Topala Software Solutions)

    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)

    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden

    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)

    SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden

    SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.3 - SmartSound Software Inc.)

    SmartSound Sonicfire Pro 5 (x32 Version: 5.7.3 - SmartSound Software Inc.) Hidden

    SmartSound Sonicfire Pro 5.8 (HKLM-x32\...\InstallShield_{E5184D41-7796-4127-BBE4-46993F9FAAF3}) (Version: 5.8.0 - SmartSound Software Inc.)

    SmartSound Sonicfire Pro 5.8 (x32 Version: 5.8.0 - SmartSound Software Inc.) Hidden

    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

    Supplies Assistant 4.1.0.0024 (HKLM-x32\...\6342-7261-0068-2479) (Version: 4.1.0.0024 - Xerox Corporation)

    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

    System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

    TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)

    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

    Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden

    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

    TurboTax 2013 WinBizFedFormset (x32 Version: 013.000.1475 - Intuit Inc.) Hidden

    TurboTax 2013 WinBizReleaseEngine (x32 Version: 013.000.0489 - Intuit Inc.) Hidden

    TurboTax 2013 WinBizTaxSupport (x32 Version: 013.000.1077 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden

    TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

    TurboTax Business 2013 (HKLM-x32\...\TurboTax Business 2013) (Version: 2013.0 - Intuit, Inc)

    Ultimate Creative Collection (X6) (HKLM-x32\...\_{D839B02E-8C50-4F8F-BA53-84FF75487A1A}) (Version: 1.0.0.100 - Corel Corporation)

    Ultimate Creative Collection (X6) (x32 Version: 1.0.0.100 - Corel Corporation) Hidden

    Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)

    Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)

    Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)

    Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)

    Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)

    Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)

    Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)

    Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)

    Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)

    Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)

    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)

    Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)

    Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)

    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

    VCDS Release 11.11.6 (HKLM-x32\...\VCDS Release 11.11) (Version: 11.11.6 - Ross-Tech)

    VCDS Release 12.12.2 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.2 - Ross-Tech)

    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

    Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)

    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

    Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden

    Xerox Support Centre (HKLM-x32\...\Xerox_Support_Centre) (Version: - )


    ==================== Restore Points =========================


    10-05-2014 23:00:02 Windows Update

    16-05-2014 23:36:08 Windows Update

    18-05-2014 00:31:16 Windows Modules Installer

    24-05-2014 03:22:34 Before Mbar


    ==================== Hosts content: ==========================


    2009-07-13 19:34 - 2014-05-23 20:19 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost


    ==================== Scheduled Tasks (whitelisted) =============


    Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

    Task: {1023513E-13E5-4541-ADE1-F030AB56998E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

    Task: {22A450F4-A1FE-4EED-A7E2-CEC5C111FE93} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

    Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

    Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

    Task: {2F25951B-9D7E-4C6C-B155-FC51E7E10BB8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000UA => C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)

    Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

    Task: {381B4E4C-D378-4304-8AE8-242F6F8F7406} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.h...JCMPMFMPMFMPMJNFICMNIJJIIGJPIKJAJKILIBNKJHIKJ"

    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

    Task: {3BCADF34-23AA-425C-8575-99CDD11F7486} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

    Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

    Task: {49CF476F-C543-40D1-A856-6EC9EBD92026} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

    Task: {49E91999-B816-4225-A625-F707D2D4C0BC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

    Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

    Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

    Task: {62957503-AE44-4CE1-A677-5B59E24F4466} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe

    Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

    Task: {6DF13E9F-BDD0-4F20-B7D6-6731467A55F4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

    Task: {78043CBF-D450-4934-94A9-C3369112535A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)

    Task: {782AC304-ABB6-4294-876F-6C738FAF8203} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

    Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

    Task: {7F294E77-0106-48AF-A674-4D112D47A048} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)

    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

    Task: {879B8259-9FB5-4D13-A167-06C5CF48B791} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)

    Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

    Task: {8C3FC573-DED7-42D5-90E8-832D06243FC3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2128454943-2381797511-2457621860-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-03-15] (RealNetworks, Inc.)

    Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

    Task: {8D5BE82D-016A-4F21-A282-96AF7FFC1992} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

    Task: {8E23A6AE-DEC4-407E-AE19-BF69E38930DA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

    Task: {8F3FF9DC-308C-41E0-8A3B-72B03904F726} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)

    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

    Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

    Task: {B1A33ACD-5EFA-4425-8269-34750F9EF486} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

    Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

    Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

    Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

    Task: {BB11084A-72DE-41E8-A988-602DD5DC7F32} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

    Task: {BD5C53B8-D613-48E6-B82E-E7F3C6F900C2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

    Task: {C0513EBA-5886-4EAB-A234-7F03D9F569A0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

    Task: {C0A97044-D2F1-44BE-99B9-4DF6646AA37F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

    Task: {C182228D-6193-4FAA-97A4-77ED587F312E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-16] (Microsoft Corporation)

    Task: {C67BB210-8D00-4535-A711-69AAAFAD44C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07] (Google Inc.)

    Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

    Task: {CF2AAA02-ABE3-4F73-9D4D-8304F0F00628} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)

    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

    Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

    Task: {D4096798-D083-49FA-94AF-AAA60B318C44} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000Core => C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)

    Task: {D45F5E1F-BBCC-4589-A010-C61465A630CB} - System32\Tasks\HPCustParticipation HP Officejet 7500 E910 => C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

    Task: {D719F0D5-A883-4831-8E13-87F66211AB8D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2128454943-2381797511-2457621860-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)

    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

    Task: {E1DA06D4-4776-4DB6-8506-3E1CF5EDC5BA} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)

    Task: {E2D0CD44-A670-4330-9409-0CF2D07CBAF7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

    Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

    Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

    Task: {EF462466-D80D-4B2E-94B3-1179AF233901} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

    Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

    Task: {F1BB987B-7834-4EFB-B2CF-80D1B889552D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

    Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

    Task: {F3833A79-9B05-4DFD-85C0-BC5BE6D6213B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07] (Google Inc.)

    Task: {F3B139B6-6155-4CB0-B0C4-D40DDA58B6F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000Core.job => C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2128454943-2381797511-2457621860-1000UA.job => C:\Users\garyh\AppData\Local\Google\Update\GoogleUpdate.exe
     
  8. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Part 4, Last part:


    ==================== Loaded Modules (whitelisted) =============


    2013-08-19 01:35 - 2013-08-19 01:35 - 00457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

    2013-08-19 02:04 - 2013-08-19 02:04 - 00022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

    2013-08-02 18:23 - 2013-08-02 18:23 - 00032888 _____ () C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe

    2013-01-27 21:30 - 2012-12-05 11:39 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll

    2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    2013-01-27 21:30 - 2012-08-14 05:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll

    2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

    2012-01-03 04:33 - 2011-09-22 09:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

    2014-05-11 21:42 - 2014-04-08 09:17 - 00219832 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\Dashlane.exe

    2012-09-27 19:23 - 2012-09-27 19:23 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe

    2014-05-11 21:42 - 2014-04-08 09:17 - 00225464 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\DashlanePlugin.exe

    2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    2013-08-19 02:04 - 2013-08-19 02:04 - 03322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll

    2013-08-19 02:04 - 2013-08-19 02:04 - 00524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll

    2013-08-19 02:04 - 2013-08-19 02:04 - 00108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll

    2014-03-28 18:51 - 2014-03-28 18:51 - 00869976 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 00254648 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 00363704 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 00423608 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 28202680 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 00263352 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 04799160 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 04311736 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.60370.dll

    2014-05-24 18:22 - 2014-05-24 18:22 - 00043008 _____ () c:\users\garyh\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsiaqie.dll

    2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\garyh\AppData\Roaming\Dropbox\bin\libcef.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 12154040 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 02041528 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.0.60370.dll

    2014-05-11 21:41 - 2014-04-08 09:15 - 00188600 _____ () C:\Users\garyh\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.2.4.0.60370.dll

    2014-05-23 18:38 - 2014-05-13 16:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll


    ==================== Alternate Data Streams (whitelisted) =========


    AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID


    ==================== Safe Mode (whitelisted) ===================


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"


    ==================== EXE Association (whitelisted) =============



    ==================== Disabled items from MSCONFIG ==============



    ==================== Faulty Device Manager Devices =============


    Name: USB-IF xHCI USB Host Controller

    Description: USB-IF xHCI USB Host Controller

    Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}

    Manufacturer: Intel Corporation

    Service: XHCIPort

    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

    Resolution: Update the driver



    ==================== Event log errors: =========================


    Application errors:

    ==================


    System errors:

    =============

    Error: (05/24/2014 06:30:57 PM) (Source: DCOM) (EventID: 10010) (User: GLH-Dell)

    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Error: (05/24/2014 06:30:27 PM) (Source: DCOM) (EventID: 10010) (User: GLH-Dell)

    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Error: (05/24/2014 06:29:57 PM) (Source: DCOM) (EventID: 10010) (User: GLH-Dell)

    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Error: (05/24/2014 06:29:27 PM) (Source: DCOM) (EventID: 10010) (User: GLH-Dell)

    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Error: (05/24/2014 06:28:57 PM) (Source: DCOM) (EventID: 10010) (User: GLH-Dell)

    Description: {9AA46009-3CE0-458A-A354-715610A075E6}



    Microsoft Office Sessions:

    =========================


    CodeIntegrity Errors:

    ===================================

    Date: 2014-05-17 18:35:36.232

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:36.105

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:36.063

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:35.925

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:35.872

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:35.824

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:34.464

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:35:34.205

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:23:09.718

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


    Date: 2014-05-17 18:23:09.570

    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.



    ==================== Memory info ===========================


    Percentage of memory in use: 33%

    Total physical RAM: 8086.16 MB

    Available physical RAM: 5394.11 MB

    Total Pagefile: 16278.16 MB

    Available Pagefile: 11800.85 MB

    Total Virtual: 131072 MB

    Available Virtual: 131071.81 MB


    ==================== Drives ================================


    Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:180.36 GB) NTFS

    Drive e: (Blank) (Removable) (Total:0.24 GB) (Free:0.07 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)

    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

    Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)


    ========================================================

    Disk: 1 (Size: 246 MB) (Disk ID: 00000000)


    Partition: GPT Partition Type.


    ==================== End Of Log ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  10. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014 1
    Ran by garyh at 2014-05-24 20:26:01 Run:1
    Running from C:\Users\garyh\Desktop\Virus Scans
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    S2 MCSTRM; No ImagePath
    S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]
    S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X]
    S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]
    S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X]
    C:\Users\garyh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsiaqie.dll
    C:\Users\garyh\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\garyh\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Value deleted successfully.
    HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => Value deleted successfully.
    HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => Key deleted successfully.
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
    MCSTRM => Service deleted successfully.
    MREMP50 => Service deleted successfully.
    MREMP50a64 => Service deleted successfully.
    MRESP50 => Service deleted successfully.
    MRESP50a64 => Service deleted successfully.
    C:\Users\garyh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsiaqie.dll => Moved successfully.
    C:\Users\garyh\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
    C:\Users\garyh\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Program Files (x86)\Cake Poker 2.0 => ":MID" ADS removed successfully.

    ==== End of Fixlog ====
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Security check, unsupported operating system
     
  13. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Farbar Service Scanner Version: 21-05-2014
    Ran by garyh (administrator) on 24-05-2014 at 21:06:16
    Running from "C:\Users\garyh\Desktop\Virus Scans"
    Microsoft Windows 8.1 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2014-04-10 17:51] - [2014-02-22 02:38] - 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A



    **** End of log ****
     
  14. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: ADMINI~1
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default.migrated

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dub_cm_auto

    User: garyh
    ->Temp folder emptied: 1846260 bytes
    ->Temporary Internet Files folder emptied: 98518658 bytes
    ->Java cache emptied: 313848 bytes
    ->Google Chrome cache emptied: 458927346 bytes
    ->Flash cache emptied: 665 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: postgres.GLH-Dell
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11187898 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 766266014 bytes
    Process complete!

    Total Files Cleaned = 1,275.00 mb
     
  15. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Eset nothing found, no log.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  17. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Thank you again. This one seems to be clean. was there a root kit?

    I couldn't get the security to work on windows 8.

    I hate windows 8.

    I got IE reset, and all is working well. this one is OK.

    Thank You.
     
    Last edited: May 25, 2014
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    There wasn't anything serious here.

    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...