Jump to content

rm618

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ran the MS fixit and FRST64 - here is the fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by RMC at 2014-06-24 10:23:34 Run:1 Running from C:\Users\RMC\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM-x32 - DefaultScope value is missing. C:\Users\RMC\AppData\Local\Temp\Quarantine.exe ***************** HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. C:\Users\RMC\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ====
  2. Here are the logs from this round: JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by RMC on Thu 06/19/2014 at 13:21:51.11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\RMC\appdata\local\{89F72BEF-05E6-4495-A0C6-87CC2819EBD5} Successfully deleted: [Empty Folder] C:\Users\RMC\appdata\local\{915226E8-44F0-4183-B7C0-ED97E78C9872} Successfully deleted: [Empty Folder] C:\Users\RMC\appdata\local\{CEF1E854-26C5-474B-9AF8-07155ECDE5AF} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 06/19/2014 at 13:31:22.51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdWare: # AdwCleaner v3.212 - Report created 19/06/2014 at 13:37:01 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : RMC - RMC-PC # Running from : C:\Users\RMC\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\RMC\AppData\Roaming\Mozilla\Firefox\Profiles\xi023ckw.default\prefs.js ] ************************* AdwCleaner[R0].txt - [763 octets] - [19/06/2014 13:33:56] AdwCleaner[s0].txt - [685 octets] - [19/06/2014 13:37:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [744 octets] ########## MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/19/2014 Scan Time: 1:42:10 PM Logfile: Scanning History Log 2.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.19.08 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: RMC Scan Type: Threat Scan Result: Completed Objects Scanned: 285904 Time Elapsed: 9 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ESET - no threats found Farbar FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by RMC (administrator) on RMC-PC on 19-06-2014 15:02:27 Running from C:\Users\RMC\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccsvchst.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccsvchst.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Farbar) C:\Users\RMC\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-24] (Realtek Semiconductor) HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [1208320 2010-12-17] () HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3227097365-3480523095-960952968-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3227097365-3480523095-960952968-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\RMC\AppData\Roaming\Mozilla\Firefox\Profiles\xi023ckw.default FF Homepage: hxxp://www.google.com/ FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [] ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation) R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-12-17] () [File not signed] R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140618.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-15] (Intel Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140618.023\ENG64.SYS [126040 2014-04-03] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140618.023\EX64.SYS [2099288 2014-04-03] (Symantec Corporation) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 15:01 - 2014-06-19 15:02 - 00016514 _____ () C:\Users\RMC\Desktop\FRST.txt 2014-06-19 13:59 - 2014-06-19 13:59 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-19 13:57 - 2014-06-19 13:57 - 02347384 _____ (ESET) C:\Users\RMC\Desktop\esetsmartinstaller_enu.exe 2014-06-19 13:56 - 2014-06-19 13:57 - 02347384 _____ (ESET) C:\Users\RMC\Downloads\esetsmartinstaller_enu.exe 2014-06-19 13:54 - 2014-06-19 13:54 - 00000000 ____D () C:\Users\RMC\Desktop\New folder (3) 2014-06-19 13:40 - 2014-06-19 13:40 - 00000823 _____ () C:\Users\RMC\Desktop\AdwCleaner[s0].txt 2014-06-19 13:33 - 2014-06-19 13:37 - 00000000 ____D () C:\AdwCleaner 2014-06-19 13:31 - 2014-06-19 13:31 - 00001092 _____ () C:\Users\RMC\Desktop\JRT.txt 2014-06-19 13:19 - 2014-06-19 13:18 - 02082304 _____ (Farbar) C:\Users\RMC\Desktop\FRST64(1).exe 2014-06-19 13:18 - 2014-06-19 13:18 - 02082304 _____ (Farbar) C:\Users\RMC\Downloads\FRST64(1).exe 2014-06-19 13:17 - 2014-06-19 13:17 - 01333465 _____ () C:\Users\RMC\Downloads\AdwCleaner.exe 2014-06-19 13:17 - 2014-06-19 13:17 - 01333465 _____ () C:\Users\RMC\Desktop\AdwCleaner.exe 2014-06-19 13:16 - 2014-06-19 13:15 - 01016261 _____ (Thisisu) C:\Users\RMC\Desktop\JRT.exe 2014-06-19 13:15 - 2014-06-19 13:15 - 01016261 _____ (Thisisu) C:\Users\RMC\Downloads\JRT.exe 2014-06-17 16:05 - 2014-06-17 16:05 - 00003707 _____ () C:\Users\RMC\Desktop\RKreport_SCN_06172014_160308.log 2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-17 15:27 - 2014-06-19 13:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-17 15:27 - 2014-06-17 15:27 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-17 15:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-17 15:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-06-17 15:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-06-17 15:23 - 2014-06-17 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-06-17 15:23 - 2014-06-17 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Desktop\mbam-setup-2.0.2.1012(2).exe 2014-06-17 15:15 - 2014-06-17 15:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-06-17 15:12 - 2014-06-17 15:12 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RMC\Downloads\mbam-clean-2.0.2.0.exe 2014-06-17 15:12 - 2014-06-17 15:12 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RMC\Desktop\mbam-clean-2.0.2.0.exe 2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\windows\ERDNT 2014-06-17 15:07 - 2014-06-19 13:21 - 00000000 ____D () C:\windows\ERUNT 2014-06-17 15:07 - 2014-06-17 15:07 - 00000822 _____ () C:\Users\RMC\Desktop\NTREGOPT.lnk 2014-06-17 15:07 - 2014-06-17 15:07 - 00000803 _____ () C:\Users\RMC\Desktop\ERUNT.lnk 2014-06-17 15:07 - 2014-06-17 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-17 14:50 - 2014-06-17 14:49 - 05268992 _____ () C:\Users\RMC\Desktop\RogueKillerX64.exe 2014-06-17 14:49 - 2014-06-17 14:49 - 05268992 _____ () C:\Users\RMC\Downloads\RogueKillerX64.exe 2014-06-17 14:30 - 2014-06-17 14:30 - 00791393 _____ (Lars Hederer ) C:\Users\RMC\Desktop\erunt-setup.exe 2014-06-17 14:29 - 2014-06-17 14:30 - 00791393 _____ (Lars Hederer ) C:\Users\RMC\Downloads\erunt-setup.exe 2014-06-17 14:29 - 2014-06-17 14:29 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\iExplore.exe 2014-06-17 14:29 - 2014-06-17 14:29 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Desktop\iExplore.exe 2014-06-17 14:28 - 2014-06-17 14:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Desktop\rkill(1).exe 2014-06-17 14:27 - 2014-06-17 14:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill(1).exe 2014-06-11 10:49 - 2014-06-11 10:50 - 00000000 ____D () C:\Users\RMC\Desktop\New folder (2) 2014-06-11 10:40 - 2014-06-11 10:40 - 00000000 ____D () C:\Users\RMC\Desktop\New folder 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\RMC\Downloads\FRST-OlderVersion 2014-06-11 10:30 - 2014-06-11 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 10:28 - 2014-06-17 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Mozilla 2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Users\RMC\AppData\Local\Mozilla 2014-06-11 10:28 - 2014-06-11 10:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-11 10:27 - 2014-06-11 10:27 - 00282928 _____ (Mozilla) C:\Users\RMC\Downloads\Firefox Setup Stub 29.0.1.exe 2014-06-10 16:55 - 2014-06-11 10:48 - 00037019 _____ () C:\Users\RMC\Downloads\Addition.txt 2014-06-10 16:54 - 2014-06-11 10:48 - 00053494 _____ () C:\Users\RMC\Downloads\FRST.txt 2014-06-10 16:53 - 2014-06-19 15:02 - 00000000 ____D () C:\FRST 2014-06-10 16:53 - 2014-06-11 10:39 - 02081792 _____ (Farbar) C:\Users\RMC\Downloads\FRST64.exe 2014-06-10 16:27 - 2014-06-17 15:04 - 00002448 _____ () C:\Users\RMC\Desktop\Rkill.txt 2014-06-10 16:26 - 2014-06-10 16:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill.exe 2014-06-10 16:09 - 2014-06-10 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 15:49 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-10 15:49 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-10 15:49 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-06-10 15:49 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-06-10 15:49 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-06-10 15:49 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-06-10 15:49 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-06-10 15:49 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-06-10 15:49 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-06-10 15:49 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-06-10 15:49 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-06-10 15:49 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-06-10 15:49 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-06-10 15:49 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-06-10 15:49 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-06-10 15:49 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-06-10 15:49 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-06-10 15:49 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-06-10 15:49 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-06-10 15:49 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-06-10 15:49 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-10 15:49 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-06-10 15:49 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-06-10 15:49 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-06-10 15:49 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-06-10 15:49 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-06-10 15:49 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-06-10 15:49 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-06-10 15:49 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-06-10 15:49 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-06-10 15:49 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-06-10 15:49 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-06-10 15:49 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-06-10 15:49 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-06-10 15:49 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-06-10 15:49 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-06-10 15:49 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-06-10 15:49 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-06-10 15:49 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-10 15:49 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-06-10 15:49 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-06-10 15:49 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-06-10 15:49 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-06-10 15:49 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-06-10 15:49 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-06-10 15:49 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-06-10 15:49 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-06-10 15:49 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-06-10 15:49 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-06-10 15:49 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-06-10 15:49 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-06-10 15:49 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-06-10 15:49 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-06-10 15:49 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-06-10 15:49 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-06-10 15:49 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll 2014-06-10 15:49 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-06-10 15:49 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2014-06-10 15:49 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-06-10 15:49 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-06-10 15:49 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-06-10 15:49 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-06-10 15:49 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-06-10 15:49 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-06-10 15:49 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2014-06-10 15:49 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-06-10 15:49 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll 2014-06-10 15:49 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\NPE 2014-06-10 15:33 - 2014-06-10 15:39 - 00000000 ____D () C:\Users\RMC\AppData\Local\NPE 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 ____N (Symantec Corporation) C:\Users\RMC\Desktop\NPE.exe 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 _____ (Symantec Corporation) C:\Users\RMC\Downloads\NPE.exe 2014-06-10 13:55 - 2014-06-10 13:55 - 00262144 _____ () C:\windows\Minidump\061014-15724-01.dmp 2014-06-10 11:17 - 2014-06-10 11:17 - 00266472 _____ () C:\windows\Minidump\061014-22713-01.dmp 2014-06-10 10:46 - 2014-06-10 10:46 - 00000165 ____H () C:\Users\RMC\Desktop\~$Book1.xlsx 2014-06-09 12:50 - 2014-06-09 12:50 - 00262144 _____ () C:\windows\Minidump\060914-15662-01.dmp 2014-06-09 12:41 - 2014-06-09 12:41 - 00262144 _____ () C:\windows\Minidump\060914-23415-01.dmp 2014-06-09 12:22 - 2014-06-09 12:22 - 00262144 _____ () C:\windows\Minidump\060914-17487-01.dmp 2014-06-04 13:02 - 2014-06-11 10:45 - 00004956 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC 2014-06-04 12:53 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\RMC\Documents\2014 Claims 2014-06-02 18:34 - 2014-06-02 18:34 - 00262144 _____ () C:\windows\Minidump\060214-26707-01.dmp 2014-06-02 18:24 - 2014-06-02 18:24 - 00262144 _____ () C:\windows\Minidump\060214-25240-01.dmp 2014-06-02 18:08 - 2014-06-02 18:08 - 00262144 _____ () C:\windows\Minidump\060214-25459-01.dmp 2014-05-30 15:42 - 2014-05-30 15:42 - 00262144 _____ () C:\windows\Minidump\053014-27487-01.dmp 2014-05-30 11:52 - 2014-05-30 14:21 - 00000000 ____D () C:\Users\RMC\AppData\Local\Windows Live 2014-05-30 11:47 - 2014-05-30 11:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-30 11:25 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-05-30 11:25 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-05-29 16:03 - 2014-05-29 16:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iPod 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-29 14:06 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-05-29 14:06 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-05-29 14:06 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-05-29 14:06 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-05-29 14:06 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-05-29 14:06 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-05-29 14:06 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-05-29 14:06 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-05-29 14:06 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll 2014-05-29 14:06 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll 2014-05-29 14:06 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-05-29 14:06 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-05-29 14:06 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-05-29 14:06 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-05-29 14:06 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-05-29 14:06 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-05-29 14:05 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll 2014-05-29 14:05 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys 2014-05-29 14:05 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys 2014-05-29 14:05 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll 2014-05-29 14:05 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll 2014-05-29 14:04 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-05-29 14:04 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-05-29 14:04 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-05-29 14:04 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-05-28 18:23 - 2014-05-28 18:23 - 00262144 _____ () C:\windows\Minidump\052814-17799-01.dmp 2014-05-28 14:36 - 2014-05-28 14:36 - 00262144 _____ () C:\windows\Minidump\052814-33836-01.dmp ==================== One Month Modified Files and Folders ======= 2014-06-19 15:02 - 2014-06-19 15:01 - 00016514 _____ () C:\Users\RMC\Desktop\FRST.txt 2014-06-19 15:02 - 2014-06-10 16:53 - 00000000 ____D () C:\FRST 2014-06-19 14:46 - 2013-07-22 18:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 13:59 - 2014-06-19 13:59 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-19 13:57 - 2014-06-19 13:57 - 02347384 _____ (ESET) C:\Users\RMC\Desktop\esetsmartinstaller_enu.exe 2014-06-19 13:57 - 2014-06-19 13:56 - 02347384 _____ (ESET) C:\Users\RMC\Downloads\esetsmartinstaller_enu.exe 2014-06-19 13:56 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-19 13:54 - 2014-06-19 13:54 - 00000000 ____D () C:\Users\RMC\Desktop\New folder (3) 2014-06-19 13:45 - 2009-07-14 00:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 13:45 - 2009-07-14 00:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 13:43 - 2009-07-14 01:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-19 13:42 - 2011-12-19 20:13 - 01310901 _____ () C:\windows\WindowsUpdate.log 2014-06-19 13:40 - 2014-06-19 13:40 - 00000823 _____ () C:\Users\RMC\Desktop\AdwCleaner[s0].txt 2014-06-19 13:38 - 2014-06-17 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 13:38 - 2014-04-02 21:15 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat 2014-06-19 13:38 - 2010-11-20 23:47 - 00819800 _____ () C:\windows\PFRO.log 2014-06-19 13:38 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-19 13:38 - 2009-07-14 00:51 - 00056146 _____ () C:\windows\setupact.log 2014-06-19 13:37 - 2014-06-19 13:33 - 00000000 ____D () C:\AdwCleaner 2014-06-19 13:31 - 2014-06-19 13:31 - 00001092 _____ () C:\Users\RMC\Desktop\JRT.txt 2014-06-19 13:21 - 2014-06-17 15:07 - 00000000 ____D () C:\windows\ERUNT 2014-06-19 13:18 - 2014-06-19 13:19 - 02082304 _____ (Farbar) C:\Users\RMC\Desktop\FRST64(1).exe 2014-06-19 13:18 - 2014-06-19 13:18 - 02082304 _____ (Farbar) C:\Users\RMC\Downloads\FRST64(1).exe 2014-06-19 13:17 - 2014-06-19 13:17 - 01333465 _____ () C:\Users\RMC\Downloads\AdwCleaner.exe 2014-06-19 13:17 - 2014-06-19 13:17 - 01333465 _____ () C:\Users\RMC\Desktop\AdwCleaner.exe 2014-06-19 13:15 - 2014-06-19 13:16 - 01016261 _____ (Thisisu) C:\Users\RMC\Desktop\JRT.exe 2014-06-19 13:15 - 2014-06-19 13:15 - 01016261 _____ (Thisisu) C:\Users\RMC\Downloads\JRT.exe 2014-06-17 16:05 - 2014-06-17 16:05 - 00003707 _____ () C:\Users\RMC\Desktop\RKreport_SCN_06172014_160308.log 2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-17 15:27 - 2014-06-17 15:27 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-17 15:27 - 2014-06-17 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-17 15:23 - 2014-06-17 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-06-17 15:23 - 2014-06-17 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Desktop\mbam-setup-2.0.2.1012(2).exe 2014-06-17 15:16 - 2014-06-17 15:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-06-17 15:12 - 2014-06-17 15:12 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RMC\Downloads\mbam-clean-2.0.2.0.exe 2014-06-17 15:12 - 2014-06-17 15:12 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RMC\Desktop\mbam-clean-2.0.2.0.exe 2014-06-17 15:10 - 2013-08-03 18:37 - 00000000 ____D () C:\Users\RMC\AppData\Local\CrashDumps 2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\windows\ERDNT 2014-06-17 15:07 - 2014-06-17 15:07 - 00000822 _____ () C:\Users\RMC\Desktop\NTREGOPT.lnk 2014-06-17 15:07 - 2014-06-17 15:07 - 00000803 _____ () C:\Users\RMC\Desktop\ERUNT.lnk 2014-06-17 15:07 - 2014-06-17 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-17 15:04 - 2014-06-10 16:27 - 00002448 _____ () C:\Users\RMC\Desktop\Rkill.txt 2014-06-17 14:49 - 2014-06-17 14:50 - 05268992 _____ () C:\Users\RMC\Desktop\RogueKillerX64.exe 2014-06-17 14:49 - 2014-06-17 14:49 - 05268992 _____ () C:\Users\RMC\Downloads\RogueKillerX64.exe 2014-06-17 14:30 - 2014-06-17 14:30 - 00791393 _____ (Lars Hederer ) C:\Users\RMC\Desktop\erunt-setup.exe 2014-06-17 14:30 - 2014-06-17 14:29 - 00791393 _____ (Lars Hederer ) C:\Users\RMC\Downloads\erunt-setup.exe 2014-06-17 14:29 - 2014-06-17 14:29 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\iExplore.exe 2014-06-17 14:29 - 2014-06-17 14:29 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Desktop\iExplore.exe 2014-06-17 14:27 - 2014-06-17 14:28 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Desktop\rkill(1).exe 2014-06-17 14:27 - 2014-06-17 14:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill(1).exe 2014-06-17 14:19 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 10:50 - 2014-06-11 10:49 - 00000000 ____D () C:\Users\RMC\Desktop\New folder (2) 2014-06-11 10:48 - 2014-06-10 16:55 - 00037019 _____ () C:\Users\RMC\Downloads\Addition.txt 2014-06-11 10:48 - 2014-06-10 16:54 - 00053494 _____ () C:\Users\RMC\Downloads\FRST.txt 2014-06-11 10:45 - 2014-06-04 13:02 - 00004956 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC 2014-06-11 10:40 - 2014-06-11 10:40 - 00000000 ____D () C:\Users\RMC\Desktop\New folder 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\RMC\Downloads\FRST-OlderVersion 2014-06-11 10:39 - 2014-06-10 16:53 - 02081792 _____ (Farbar) C:\Users\RMC\Downloads\FRST64.exe 2014-06-11 10:30 - 2014-06-11 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Mozilla 2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Users\RMC\AppData\Local\Mozilla 2014-06-11 10:28 - 2014-06-11 10:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-11 10:27 - 2014-06-11 10:27 - 00282928 _____ (Mozilla) C:\Users\RMC\Downloads\Firefox Setup Stub 29.0.1.exe 2014-06-10 16:26 - 2014-06-10 16:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill.exe 2014-06-10 16:09 - 2014-06-10 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 15:53 - 2013-07-16 23:44 - 00000000 ____D () C:\windows\system32\MRT 2014-06-10 15:51 - 2013-07-16 23:14 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-06-10 15:50 - 2014-05-01 11:51 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-06-10 15:39 - 2014-06-10 15:33 - 00000000 ____D () C:\Users\RMC\AppData\Local\NPE 2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\NPE 2014-06-10 15:33 - 2011-12-19 04:43 - 00000000 ____D () C:\ProgramData\Norton 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 ____N (Symantec Corporation) C:\Users\RMC\Desktop\NPE.exe 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 _____ (Symantec Corporation) C:\Users\RMC\Downloads\NPE.exe 2014-06-10 13:55 - 2014-06-10 13:55 - 00262144 _____ () C:\windows\Minidump\061014-15724-01.dmp 2014-06-10 13:55 - 2013-10-25 13:27 - 656700655 _____ () C:\windows\MEMORY.DMP 2014-06-10 13:55 - 2013-10-25 13:27 - 00000000 ____D () C:\windows\Minidump 2014-06-10 11:17 - 2014-06-10 11:17 - 00266472 _____ () C:\windows\Minidump\061014-22713-01.dmp 2014-06-10 10:46 - 2014-06-10 10:46 - 00000165 ____H () C:\Users\RMC\Desktop\~$Book1.xlsx 2014-06-09 12:50 - 2014-06-09 12:50 - 00262144 _____ () C:\windows\Minidump\060914-15662-01.dmp 2014-06-09 12:41 - 2014-06-09 12:41 - 00262144 _____ () C:\windows\Minidump\060914-23415-01.dmp 2014-06-09 12:22 - 2014-06-09 12:22 - 00262144 _____ () C:\windows\Minidump\060914-17487-01.dmp 2014-06-08 05:13 - 2014-06-10 15:49 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-08 05:08 - 2014-06-10 15:49 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-05 17:11 - 2014-01-28 12:05 - 00000880 _____ () C:\Users\RMC\Documents\Notes.txt 2014-06-04 12:53 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\RMC\Documents\2014 Claims 2014-06-02 18:34 - 2014-06-02 18:34 - 00262144 _____ () C:\windows\Minidump\060214-26707-01.dmp 2014-06-02 18:24 - 2014-06-02 18:24 - 00262144 _____ () C:\windows\Minidump\060214-25240-01.dmp 2014-06-02 18:08 - 2014-06-02 18:08 - 00262144 _____ () C:\windows\Minidump\060214-25459-01.dmp 2014-06-02 16:11 - 2014-05-06 13:46 - 00000000 ____D () C:\Users\RMC\Documents\Cooking Files 2014-05-30 15:42 - 2014-05-30 15:42 - 00262144 _____ () C:\windows\Minidump\053014-27487-01.dmp 2014-05-30 14:21 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\Windows Live 2014-05-30 14:02 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-05-30 11:47 - 2014-05-30 11:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-30 11:47 - 2013-07-17 00:09 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Apple Computer 2014-05-30 06:21 - 2014-06-10 15:49 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-30 06:02 - 2014-06-10 15:49 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-30 06:02 - 2014-06-10 15:49 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-05-30 05:45 - 2014-06-10 15:49 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-05-30 05:39 - 2014-06-10 15:49 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-05-30 05:39 - 2014-06-10 15:49 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-05-30 05:38 - 2014-06-10 15:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-05-30 05:28 - 2014-06-10 15:49 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-05-30 05:27 - 2014-06-10 15:49 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-05-30 05:24 - 2014-06-10 15:49 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-05-30 05:21 - 2014-06-10 15:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-05-30 05:21 - 2014-06-10 15:49 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-05-30 05:20 - 2014-06-10 15:49 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-05-30 05:18 - 2014-06-10 15:49 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-30 05:11 - 2014-06-10 15:49 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-05-30 05:08 - 2014-06-10 15:49 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-05-30 05:06 - 2014-06-10 15:49 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-05-30 05:02 - 2014-06-10 15:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-30 04:55 - 2014-06-10 15:49 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 04:49 - 2014-06-10 15:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-05-30 04:46 - 2014-06-10 15:49 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-30 04:44 - 2014-06-10 15:49 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-05-30 04:44 - 2014-06-10 15:49 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-05-30 04:43 - 2014-06-10 15:49 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-05-30 04:42 - 2014-06-10 15:49 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-05-30 04:38 - 2014-06-10 15:49 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-05-30 04:35 - 2014-06-10 15:49 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-05-30 04:34 - 2014-06-10 15:49 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-05-30 04:33 - 2014-06-10 15:49 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-05-30 04:30 - 2014-06-10 15:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-05-30 04:29 - 2014-06-10 15:49 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-05-30 04:28 - 2014-06-10 15:49 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-05-30 04:27 - 2014-06-10 15:49 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-05-30 04:24 - 2014-06-10 15:49 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-05-30 04:23 - 2014-06-10 15:49 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-05-30 04:16 - 2014-06-10 15:49 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-05-30 04:10 - 2014-06-10 15:49 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 04:06 - 2014-06-10 15:49 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-05-30 04:04 - 2014-06-10 15:49 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-30 04:02 - 2014-06-10 15:49 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-05-30 03:56 - 2014-06-10 15:49 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-05-30 03:56 - 2014-06-10 15:49 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-05-30 03:54 - 2014-06-10 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-05-30 03:50 - 2014-06-10 15:49 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-05-30 03:49 - 2014-06-10 15:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-05-30 03:43 - 2014-06-10 15:49 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-05-30 03:40 - 2014-06-10 15:49 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-05-30 03:30 - 2014-06-10 15:49 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-05-30 03:21 - 2014-06-10 15:49 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-05-30 03:15 - 2014-06-10 15:49 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-05-30 03:13 - 2014-06-10 15:49 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-05-30 03:13 - 2014-06-10 15:49 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-05-29 16:03 - 2014-05-29 16:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iPod 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-29 14:30 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-29 14:29 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-05-28 18:23 - 2014-05-28 18:23 - 00262144 _____ () C:\windows\Minidump\052814-17799-01.dmp 2014-05-28 14:36 - 2014-05-28 14:36 - 00262144 _____ () C:\windows\Minidump\052814-33836-01.dmp Some content of TEMP: ==================== C:\Users\RMC\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-29 22:04 ==================== End Of Log ============================ Farbar Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014 Ran by RMC at 2014-06-19 15:03:00 Running from C:\Users\RMC\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software) Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.53 - STMicroelectronics) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.1.1705 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.31.21 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung ) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.) ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fast Flash Sleep Resume (x32 Version: 1.0.11 - Samsung) Hidden Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton 360 Premier Edition (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6515 - Realtek Semiconductor Corp.) Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 wgaiper (x32 Version: 013.000.1300 - Intuit Inc.) Hidden TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version: - TurboTax) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 02-06-2014 13:34:46 Windows Update 10-06-2014 19:49:41 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0A5E553A-17B4-45EF-9576-A43D6AE5DFBD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {0BE68352-C25E-4FD8-9F04-CCFC453F77E7} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-09-08] (SEC) Task: {0E600F5E-96BE-49CA-8B9A-AD6A356015DD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation) Task: {1FAB422E-F719-4BBA-911B-804DD05F175C} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {1FDFB016-0D1C-41F3-B876-757A0984D4F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {43B15567-0587-44C7-8067-384F2530D2A2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.) Task: {524B37DC-68E0-4EED-91AD-176FEB6C4F0C} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {5DABEEBF-6F60-4971-8256-3A6BFA7E7E8D} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-12-06] (Samsung) Task: {5FF4AE75-14AE-487E-A3FA-44669168888D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation) Task: {670743BB-A06B-4541-97D7-1FA3181F8EB0} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software) Task: {75EC88A6-9F3F-431E-A6EF-169D08BB57CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {9AF4B3B7-31EE-44EC-8CA8-A0435837AC42} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {B82618A4-CE9A-4199-BBAC-557A24D792BB} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {BA4069F4-048B-4CF6-98E5-D5D1A69D82E3} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2011-12-17] (Samsung) Task: {BCAF3C1D-5569-4E26-9CE4-FF9B5ED3756E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-12-09] (Samsung Electronics) Task: {BCB221F2-3509-4A51-82EB-8225E4A92135} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics) Task: {C16AB77C-7BE2-43FB-9B04-7995EC5088B3} - System32\Tasks\Western Digital\SmartWare\____Volume_01ba9fc6_2a9f_11e1_96b3_806e6f6e6963______Volume_d11ca3ee_b92e_11e3_9b2f_88532e8845f9__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-02-28] (Western Digital Technologies, Inc.) Task: {CC0D2D11-6FD7-4714-A27A-249B4574CE4D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {EA7483EE-DE79-4FEA-B42D-8E78346C1105} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {F268454D-F51D-45E1-8E17-F5BC2DBB4659} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {F980057B-F26F-4978-B1E5-982D2784A201} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 04:46 - 2011-09-15 04:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-12-19 03:29 - 2010-12-17 00:18 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe 2011-12-19 03:41 - 2009-12-01 03:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-06-19 13:55 - 2014-06-19 13:55 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2011-12-01 22:27 - 2011-07-26 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-09-15 04:46 - 2011-09-15 04:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2014-03-20 21:22 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-01 17:11 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.5.0.28\wincfi39.dll 2011-12-19 03:50 - 2011-07-28 20:53 - 00746064 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll 2011-12-19 03:50 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2011-12-19 03:50 - 2011-02-16 12:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2009-11-02 01:20 - 2009-11-02 01:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 01:23 - 2009-11-02 01:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2011-12-19 03:31 - 2011-09-08 06:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2014-06-11 10:30 - 2014-06-11 10:30 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2014 01:58:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:57:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:57:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:57:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:57:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2014 01:38:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Microsoft Office Sessions: ========================= Error: (06/19/2014 01:58:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:58:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:57:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:57:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:57:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Desktop\esetsmartinstaller_enu.exe Error: (06/19/2014 01:57:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\RMC\Downloads\esetsmartinstaller_enu.exe Error: (06/19/2014 01:38:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 3990.23 MB Available physical RAM: 1647.5 MB Total Pagefile: 7978.65 MB Available Pagefile: 5503.36 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.93 GB) (Free:298.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 5E0215F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=27) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA) Partition 1: (Not Active) - (Size=11 GB) - (Type=73) Partition 2: (Not Active) - (Size=4 GB) - (Type=84) ==================== End Of Log ============================
  3. Ok, I followed all of the steps and had to uninstall and reintall MBAM using the Clean Removal Process but I was able to get MBAM to open finally and run the scans, which didn't appear to find anything. Rogue Killer looks like it found several items but I don't know if any of it is bad or not. Here are the logs: MBAM scan: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/17/2014 Scan Time: 3:36:13 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.17.10 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: RMC Scan Type: Threat Scan Result: Completed Objects Scanned: 285032 Time Elapsed: 12 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Rogue Killer Scan: RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : RMC [Admin rights] Mode : Scan -- Date : 06/17/2014 16:03:08 ¤¤¤ Bad processes : 1 ¤¤¤ [Hidden] -- [x] -> KILLED [TermThr] ¤¤¤ Registry Entries : 10 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7ABBC6DA-1465-4733-88BB-30B120722C47} | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7ABBC6DA-1465-4733-88BB-30B120722C47} | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7ABBC6DA-1465-4733-88BB-30B120722C47} | DhcpNameServer : 75.75.75.75 75.75.76.76 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 4 ¤¤¤ [EAT:Addr] (explorer.exe) framedynos.dll - DllCanUnloadNow : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef3233d60 [EAT:Addr] (explorer.exe) framedynos.dll - DllGetClassObject : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef3231a74 [EAT:Addr] (explorer.exe) framedynos.dll - DllRegisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef3236070 [EAT:Addr] (explorer.exe) framedynos.dll - DllUnregisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef3236278 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] f0c19b630526a9f10a6ebb2997964262 [bSP] 73bdf4902a823e542c3544d38bf5bbc9 : Kiwi MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 456631 MB 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 935387136 | Size: 20208 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk iSSD P4 16GB +++++ --- User --- [MBR] 364c5d986129add740b26ce6a6643462 [bSP] 0a9420da5d388cf72c9f5653515471d4 : Unknown MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2048 | Size: 10868 MB 1 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 22259712 | Size: 4396 MB User = LL1 ... OK User = LL2 ... OK
  4. That worked - thank you - I've created a new post for my problem with the log results.
  5. Hi - I went through all of the Chameleon progressions as well as all of the suggestions in the "FAQ - Malwarebytes Anti-Malware won't run or failed to resolve my issues" topic and MBAM still won't work - thanks for your help. FRST64 Scan results (also attached): FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01 Ran by RMC (administrator) on RMC-PC on 11-06-2014 10:47:31 Running from C:\Users\RMC\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccsvchst.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccsvchst.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-24] (Realtek Semiconductor) HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [1208320 2010-12-17] () HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3227097365-3480523095-960952968-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3227097365-3480523095-960952968-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\RMC\AppData\Roaming\Mozilla\Firefox\Profiles\xi023ckw.default FF Homepage: hxxp://www.google.com/ FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [] ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation) R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-12-17] () [File not signed] R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) [File not signed] R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140610.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-15] (Intel Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140610.038\ENG64.SYS [126040 2014-04-03] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140610.038\EX64.SYS [2099288 2014-04-03] (Symantec Corporation) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 10:40 - 2014-06-11 10:40 - 00000000 ____D () C:\Users\RMC\Desktop\New folder 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\RMC\Downloads\FRST-OlderVersion 2014-06-11 10:30 - 2014-06-11 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 10:28 - 2014-06-11 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Mozilla 2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Users\RMC\AppData\Local\Mozilla 2014-06-11 10:28 - 2014-06-11 10:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-11 10:27 - 2014-06-11 10:27 - 00282928 _____ (Mozilla) C:\Users\RMC\Downloads\Firefox Setup Stub 29.0.1.exe 2014-06-10 17:27 - 2014-06-10 17:27 - 00051301 _____ () C:\Users\RMC\Desktop\FRST.txt 2014-06-10 17:27 - 2014-06-10 17:27 - 00037183 _____ () C:\Users\RMC\Desktop\Addition.txt 2014-06-10 16:55 - 2014-06-10 17:25 - 00037183 _____ () C:\Users\RMC\Downloads\Addition.txt 2014-06-10 16:54 - 2014-06-11 10:47 - 00015764 _____ () C:\Users\RMC\Downloads\FRST.txt 2014-06-10 16:53 - 2014-06-11 10:47 - 00000000 ____D () C:\FRST 2014-06-10 16:53 - 2014-06-11 10:39 - 02081792 _____ (Farbar) C:\Users\RMC\Downloads\FRST64.exe 2014-06-10 16:27 - 2014-06-10 16:29 - 00002448 _____ () C:\Users\RMC\Desktop\Rkill.txt 2014-06-10 16:26 - 2014-06-10 16:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill.exe 2014-06-10 16:09 - 2014-06-10 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 15:49 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-10 15:49 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-10 15:49 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-06-10 15:49 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-06-10 15:49 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-06-10 15:49 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-06-10 15:49 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-06-10 15:49 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-06-10 15:49 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-06-10 15:49 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-06-10 15:49 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-06-10 15:49 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-06-10 15:49 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-06-10 15:49 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-06-10 15:49 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-06-10 15:49 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-06-10 15:49 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-06-10 15:49 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-06-10 15:49 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-06-10 15:49 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-06-10 15:49 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-10 15:49 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-06-10 15:49 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-06-10 15:49 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-06-10 15:49 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-06-10 15:49 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-06-10 15:49 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-06-10 15:49 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-06-10 15:49 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-06-10 15:49 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-06-10 15:49 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-06-10 15:49 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-06-10 15:49 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-06-10 15:49 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-06-10 15:49 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-06-10 15:49 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-06-10 15:49 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-06-10 15:49 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-06-10 15:49 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-10 15:49 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-06-10 15:49 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-06-10 15:49 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-06-10 15:49 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-06-10 15:49 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-06-10 15:49 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-06-10 15:49 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-06-10 15:49 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-06-10 15:49 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-06-10 15:49 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-06-10 15:49 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-06-10 15:49 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-06-10 15:49 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-06-10 15:49 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-06-10 15:49 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-06-10 15:49 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-06-10 15:49 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll 2014-06-10 15:49 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-06-10 15:49 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2014-06-10 15:49 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-06-10 15:49 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-06-10 15:49 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-06-10 15:49 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-06-10 15:49 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-06-10 15:49 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-06-10 15:49 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2014-06-10 15:49 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-06-10 15:49 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll 2014-06-10 15:49 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\NPE 2014-06-10 15:33 - 2014-06-10 15:39 - 00000000 ____D () C:\Users\RMC\AppData\Local\NPE 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 ____N (Symantec Corporation) C:\Users\RMC\Desktop\NPE.exe 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 _____ (Symantec Corporation) C:\Users\RMC\Downloads\NPE.exe 2014-06-10 13:55 - 2014-06-10 13:55 - 00262144 _____ () C:\windows\Minidump\061014-15724-01.dmp 2014-06-10 11:17 - 2014-06-10 11:17 - 00266472 _____ () C:\windows\Minidump\061014-22713-01.dmp 2014-06-10 10:46 - 2014-06-10 10:46 - 00000165 ____H () C:\Users\RMC\Desktop\~$Book1.xlsx 2014-06-09 12:50 - 2014-06-09 12:50 - 00262144 _____ () C:\windows\Minidump\060914-15662-01.dmp 2014-06-09 12:41 - 2014-06-09 12:41 - 00262144 _____ () C:\windows\Minidump\060914-23415-01.dmp 2014-06-09 12:22 - 2014-06-09 12:22 - 00262144 _____ () C:\windows\Minidump\060914-17487-01.dmp 2014-06-04 13:02 - 2014-06-11 10:45 - 00004956 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC 2014-06-04 12:53 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\RMC\Documents\2014 Claims 2014-06-02 18:34 - 2014-06-02 18:34 - 00262144 _____ () C:\windows\Minidump\060214-26707-01.dmp 2014-06-02 18:24 - 2014-06-02 18:24 - 00262144 _____ () C:\windows\Minidump\060214-25240-01.dmp 2014-06-02 18:08 - 2014-06-02 18:08 - 00262144 _____ () C:\windows\Minidump\060214-25459-01.dmp 2014-05-30 15:42 - 2014-05-30 15:42 - 00262144 _____ () C:\windows\Minidump\053014-27487-01.dmp 2014-05-30 14:21 - 2014-05-30 14:22 - 00000000 ____D () C:\Users\RMC\AppData\Local\{CEF1E854-26C5-474B-9AF8-07155ECDE5AF} 2014-05-30 11:52 - 2014-05-30 14:21 - 00000000 ____D () C:\Users\RMC\AppData\Local\Windows Live 2014-05-30 11:52 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\{915226E8-44F0-4183-B7C0-ED97E78C9872} 2014-05-30 11:52 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\{89F72BEF-05E6-4495-A0C6-87CC2819EBD5} 2014-05-30 11:47 - 2014-05-30 11:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-30 11:25 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-05-30 11:25 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-05-29 16:03 - 2014-05-29 16:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iPod 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-29 14:06 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-05-29 14:06 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-05-29 14:06 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-05-29 14:06 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-05-29 14:06 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-05-29 14:06 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-05-29 14:06 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-05-29 14:06 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-05-29 14:06 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll 2014-05-29 14:06 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll 2014-05-29 14:06 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-05-29 14:06 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-05-29 14:06 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-05-29 14:06 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-05-29 14:06 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-05-29 14:06 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-05-29 14:05 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll 2014-05-29 14:05 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys 2014-05-29 14:05 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys 2014-05-29 14:05 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll 2014-05-29 14:05 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll 2014-05-29 14:04 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-05-29 14:04 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-05-29 14:04 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-05-29 14:04 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-05-28 18:23 - 2014-05-28 18:23 - 00262144 _____ () C:\windows\Minidump\052814-17799-01.dmp 2014-05-28 14:36 - 2014-05-28 14:36 - 00262144 _____ () C:\windows\Minidump\052814-33836-01.dmp 2014-05-16 10:51 - 2014-06-10 17:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-16 10:51 - 2014-06-10 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-16 10:51 - 2014-06-10 16:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-16 10:51 - 2014-06-10 12:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 10:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-15 18:30 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 18:30 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 18:30 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 18:30 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 18:30 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 18:30 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 18:30 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-15 18:30 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-15 18:30 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 18:30 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 18:30 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 18:30 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 18:30 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 18:30 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 18:30 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 18:30 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 18:30 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-15 18:30 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-15 18:30 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-15 18:30 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 18:30 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\RMC\Documents\CyberLink 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\CyberLink 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\Public\CyberLink ==================== One Month Modified Files and Folders ======= 2014-06-11 10:47 - 2014-06-10 16:54 - 00015764 _____ () C:\Users\RMC\Downloads\FRST.txt 2014-06-11 10:47 - 2014-06-10 16:53 - 00000000 ____D () C:\FRST 2014-06-11 10:47 - 2013-07-16 21:40 - 00000000 ____D () C:\Users\RMC\AppData\Local\Temp 2014-06-11 10:46 - 2013-07-22 18:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-11 10:45 - 2014-06-04 13:02 - 00004956 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC 2014-06-11 10:42 - 2011-12-19 20:13 - 01267150 _____ () C:\windows\WindowsUpdate.log 2014-06-11 10:40 - 2014-06-11 10:40 - 00000000 ____D () C:\Users\RMC\Desktop\New folder 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\RMC\Downloads\FRST-OlderVersion 2014-06-11 10:39 - 2014-06-10 16:53 - 02081792 _____ (Farbar) C:\Users\RMC\Downloads\FRST64.exe 2014-06-11 10:30 - 2014-06-11 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 10:30 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Mozilla 2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Users\RMC\AppData\Local\Mozilla 2014-06-11 10:29 - 2009-07-14 00:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-11 10:29 - 2009-07-14 00:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-11 10:28 - 2014-06-11 10:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-11 10:27 - 2014-06-11 10:27 - 00282928 _____ (Mozilla) C:\Users\RMC\Downloads\Firefox Setup Stub 29.0.1.exe 2014-06-11 10:26 - 2009-07-14 01:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-11 10:23 - 2013-08-03 18:37 - 00000000 ____D () C:\Users\RMC\AppData\Local\CrashDumps 2014-06-11 10:22 - 2014-04-02 21:15 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat 2014-06-11 10:22 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-11 10:22 - 2009-07-14 00:51 - 00055978 _____ () C:\windows\setupact.log 2014-06-10 17:27 - 2014-06-10 17:27 - 00051301 _____ () C:\Users\RMC\Desktop\FRST.txt 2014-06-10 17:27 - 2014-06-10 17:27 - 00037183 _____ () C:\Users\RMC\Desktop\Addition.txt 2014-06-10 17:25 - 2014-06-10 16:55 - 00037183 _____ () C:\Users\RMC\Downloads\Addition.txt 2014-06-10 17:22 - 2014-05-16 10:51 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-10 16:35 - 2014-05-16 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-10 16:35 - 2014-05-16 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-10 16:35 - 2013-07-17 00:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 16:29 - 2014-06-10 16:27 - 00002448 _____ () C:\Users\RMC\Desktop\Rkill.txt 2014-06-10 16:26 - 2014-06-10 16:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RMC\Downloads\rkill.exe 2014-06-10 16:09 - 2014-06-10 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RMC\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 15:53 - 2013-07-16 23:44 - 00000000 ____D () C:\windows\system32\MRT 2014-06-10 15:51 - 2013-07-16 23:14 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-06-10 15:50 - 2014-05-01 11:51 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-06-10 15:39 - 2014-06-10 15:33 - 00000000 ____D () C:\Users\RMC\AppData\Local\NPE 2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\NPE 2014-06-10 15:35 - 2010-11-20 23:47 - 00804194 _____ () C:\windows\PFRO.log 2014-06-10 15:33 - 2011-12-19 04:43 - 00000000 ____D () C:\ProgramData\Norton 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 ____N (Symantec Corporation) C:\Users\RMC\Desktop\NPE.exe 2014-06-10 15:16 - 2014-06-10 15:16 - 03077584 _____ (Symantec Corporation) C:\Users\RMC\Downloads\NPE.exe 2014-06-10 13:55 - 2014-06-10 13:55 - 00262144 _____ () C:\windows\Minidump\061014-15724-01.dmp 2014-06-10 13:55 - 2013-10-25 13:27 - 656700655 _____ () C:\windows\MEMORY.DMP 2014-06-10 13:55 - 2013-10-25 13:27 - 00000000 ____D () C:\windows\Minidump 2014-06-10 12:42 - 2014-05-16 10:51 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 11:17 - 2014-06-10 11:17 - 00266472 _____ () C:\windows\Minidump\061014-22713-01.dmp 2014-06-10 10:46 - 2014-06-10 10:46 - 00000165 ____H () C:\Users\RMC\Desktop\~$Book1.xlsx 2014-06-09 12:50 - 2014-06-09 12:50 - 00262144 _____ () C:\windows\Minidump\060914-15662-01.dmp 2014-06-09 12:41 - 2014-06-09 12:41 - 00262144 _____ () C:\windows\Minidump\060914-23415-01.dmp 2014-06-09 12:22 - 2014-06-09 12:22 - 00262144 _____ () C:\windows\Minidump\060914-17487-01.dmp 2014-06-08 05:13 - 2014-06-10 15:49 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-08 05:08 - 2014-06-10 15:49 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-05 17:11 - 2014-01-28 12:05 - 00000880 _____ () C:\Users\RMC\Documents\Notes.txt 2014-06-04 12:53 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\RMC\Documents\2014 Claims 2014-06-02 18:34 - 2014-06-02 18:34 - 00262144 _____ () C:\windows\Minidump\060214-26707-01.dmp 2014-06-02 18:24 - 2014-06-02 18:24 - 00262144 _____ () C:\windows\Minidump\060214-25240-01.dmp 2014-06-02 18:08 - 2014-06-02 18:08 - 00262144 _____ () C:\windows\Minidump\060214-25459-01.dmp 2014-06-02 16:11 - 2014-05-06 13:46 - 00000000 ____D () C:\Users\RMC\Documents\Cooking Files 2014-05-30 15:42 - 2014-05-30 15:42 - 00262144 _____ () C:\windows\Minidump\053014-27487-01.dmp 2014-05-30 14:22 - 2014-05-30 14:21 - 00000000 ____D () C:\Users\RMC\AppData\Local\{CEF1E854-26C5-474B-9AF8-07155ECDE5AF} 2014-05-30 14:21 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\Windows Live 2014-05-30 14:02 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-05-30 11:52 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\{915226E8-44F0-4183-B7C0-ED97E78C9872} 2014-05-30 11:52 - 2014-05-30 11:52 - 00000000 ____D () C:\Users\RMC\AppData\Local\{89F72BEF-05E6-4495-A0C6-87CC2819EBD5} 2014-05-30 11:47 - 2014-05-30 11:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-30 11:47 - 2013-07-17 00:09 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Apple Computer 2014-05-30 06:21 - 2014-06-10 15:49 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-30 06:02 - 2014-06-10 15:49 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-30 06:02 - 2014-06-10 15:49 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-05-30 05:45 - 2014-06-10 15:49 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-05-30 05:39 - 2014-06-10 15:49 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-05-30 05:39 - 2014-06-10 15:49 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-05-30 05:38 - 2014-06-10 15:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-05-30 05:28 - 2014-06-10 15:49 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-05-30 05:27 - 2014-06-10 15:49 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-05-30 05:24 - 2014-06-10 15:49 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-05-30 05:21 - 2014-06-10 15:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-05-30 05:21 - 2014-06-10 15:49 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-05-30 05:20 - 2014-06-10 15:49 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-05-30 05:18 - 2014-06-10 15:49 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-30 05:11 - 2014-06-10 15:49 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-05-30 05:08 - 2014-06-10 15:49 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-05-30 05:06 - 2014-06-10 15:49 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-05-30 05:02 - 2014-06-10 15:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-30 04:55 - 2014-06-10 15:49 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 04:49 - 2014-06-10 15:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-05-30 04:46 - 2014-06-10 15:49 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-30 04:44 - 2014-06-10 15:49 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-05-30 04:44 - 2014-06-10 15:49 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-05-30 04:43 - 2014-06-10 15:49 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-05-30 04:42 - 2014-06-10 15:49 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-05-30 04:38 - 2014-06-10 15:49 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-05-30 04:35 - 2014-06-10 15:49 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-05-30 04:34 - 2014-06-10 15:49 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-05-30 04:33 - 2014-06-10 15:49 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-05-30 04:30 - 2014-06-10 15:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-05-30 04:29 - 2014-06-10 15:49 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-05-30 04:28 - 2014-06-10 15:49 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-05-30 04:27 - 2014-06-10 15:49 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-05-30 04:24 - 2014-06-10 15:49 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-05-30 04:23 - 2014-06-10 15:49 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-05-30 04:16 - 2014-06-10 15:49 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-05-30 04:10 - 2014-06-10 15:49 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 04:06 - 2014-06-10 15:49 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-05-30 04:04 - 2014-06-10 15:49 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-30 04:02 - 2014-06-10 15:49 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-05-30 03:56 - 2014-06-10 15:49 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-05-30 03:56 - 2014-06-10 15:49 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-05-30 03:54 - 2014-06-10 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-05-30 03:50 - 2014-06-10 15:49 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-05-30 03:49 - 2014-06-10 15:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-05-30 03:43 - 2014-06-10 15:49 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-05-30 03:40 - 2014-06-10 15:49 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-05-30 03:30 - 2014-06-10 15:49 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-05-30 03:21 - 2014-06-10 15:49 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-05-30 03:15 - 2014-06-10 15:49 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-05-30 03:13 - 2014-06-10 15:49 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-05-30 03:13 - 2014-06-10 15:49 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-05-29 16:03 - 2014-05-29 16:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files\iPod 2014-05-29 16:03 - 2014-05-29 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-29 14:30 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-29 14:29 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-05-28 18:23 - 2014-05-28 18:23 - 00262144 _____ () C:\windows\Minidump\052814-17799-01.dmp 2014-05-28 14:36 - 2014-05-28 14:36 - 00262144 _____ () C:\windows\Minidump\052814-33836-01.dmp 2014-05-28 12:13 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-05-19 10:34 - 2014-04-02 21:14 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-05-19 10:34 - 2011-12-19 03:25 - 00056340 _____ () C:\windows\DPINST.LOG 2014-05-16 10:51 - 2013-07-17 00:04 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\Malwarebytes 2014-05-16 10:51 - 2013-07-17 00:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-15 19:05 - 2013-07-16 21:43 - 00000000 ___RD () C:\Users\RMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:05 - 2013-07-16 21:43 - 00000000 ___RD () C:\Users\RMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 18:46 - 2013-07-22 18:11 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-15 18:46 - 2013-07-22 18:11 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 18:46 - 2013-07-22 18:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-15 18:25 - 2013-09-27 15:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\RMC\Documents\CyberLink 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\RMC\AppData\Roaming\CyberLink 2014-05-12 11:28 - 2014-05-12 11:28 - 00000000 ____D () C:\Users\Public\CyberLink 2014-05-12 11:28 - 2011-12-19 03:37 - 00000000 ____D () C:\ProgramData\CyberLink 2014-05-12 07:26 - 2014-05-16 10:51 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2013-07-17 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-29 22:04 ==================== End Of Log ============================ Addition Log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01 Ran by RMC at 2014-06-11 10:47:55 Running from C:\Users\RMC\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software) Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.53 - STMicroelectronics) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.1.1705 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.31.21 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung ) ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.) ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fast Flash Sleep Resume (x32 Version: 1.0.11 - Samsung) Hidden Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton 360 Premier Edition (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6515 - Realtek Semiconductor Corp.) Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 wgaiper (x32 Version: 013.000.1300 - Intuit Inc.) Hidden TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version: - TurboTax) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 02-06-2014 13:34:46 Windows Update 10-06-2014 19:49:41 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0A5E553A-17B4-45EF-9576-A43D6AE5DFBD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {0BE68352-C25E-4FD8-9F04-CCFC453F77E7} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-09-08] (SEC) Task: {0E600F5E-96BE-49CA-8B9A-AD6A356015DD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RMC-PC-RMC RMC-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-28] (Microsoft Corporation) Task: {1FAB422E-F719-4BBA-911B-804DD05F175C} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {1FDFB016-0D1C-41F3-B876-757A0984D4F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {43B15567-0587-44C7-8067-384F2530D2A2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.) Task: {524B37DC-68E0-4EED-91AD-176FEB6C4F0C} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {5DABEEBF-6F60-4971-8256-3A6BFA7E7E8D} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-12-06] (Samsung) Task: {670743BB-A06B-4541-97D7-1FA3181F8EB0} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software) Task: {75EC88A6-9F3F-431E-A6EF-169D08BB57CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {9AF4B3B7-31EE-44EC-8CA8-A0435837AC42} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {B82618A4-CE9A-4199-BBAC-557A24D792BB} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {BA4069F4-048B-4CF6-98E5-D5D1A69D82E3} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2011-12-17] (Samsung) Task: {BCAF3C1D-5569-4E26-9CE4-FF9B5ED3756E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-12-09] (Samsung Electronics) Task: {BCB221F2-3509-4A51-82EB-8225E4A92135} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics) Task: {C16AB77C-7BE2-43FB-9B04-7995EC5088B3} - System32\Tasks\Western Digital\SmartWare\____Volume_01ba9fc6_2a9f_11e1_96b3_806e6f6e6963______Volume_d11ca3ee_b92e_11e3_9b2f_88532e8845f9__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-02-28] (Western Digital Technologies, Inc.) Task: {CC0D2D11-6FD7-4714-A27A-249B4574CE4D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {EA7483EE-DE79-4FEA-B42D-8E78346C1105} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {EB52F86E-DCC0-41BF-8301-6FA2045E7969} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation) Task: {F268454D-F51D-45E1-8E17-F5BC2DBB4659} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {F980057B-F26F-4978-B1E5-982D2784A201} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 04:46 - 2011-09-15 04:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-03-20 21:22 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-01-26 13:15 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2011-12-19 03:29 - 2010-12-17 00:18 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe 2011-12-19 03:41 - 2009-12-01 03:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-05-28 12:12 - 2014-05-28 12:12 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2011-12-01 22:27 - 2011-07-26 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-09-15 04:46 - 2011-09-15 04:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2011-12-19 03:50 - 2011-02-16 12:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2014-05-01 17:11 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.5.0.28\wincfi39.dll 2009-11-02 01:20 - 2009-11-02 01:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 01:23 - 2009-11-02 01:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2011-12-19 03:50 - 2011-07-28 20:53 - 00746064 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll 2011-12-19 03:50 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2011-12-19 03:31 - 2011-09-08 06:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2014-06-11 10:30 - 2014-06-11 10:30 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2014 10:23:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x15dc Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/11/2014 10:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2014 05:24:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x11c8 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 05:23:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1be4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 05:22:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x12e0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 05:12:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1a64 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 04:37:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xc0c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 04:37:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x354 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 04:35:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x4ac Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (06/10/2014 04:30:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x40c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 System errors: ============= Error: (06/10/2014 04:27:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Rapid Start Technology Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/10/2014 04:20:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (06/10/2014 04:20:37 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} Error: (06/10/2014 04:20:36 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068WDBackup{59484148-65C9-4467-A092-3F8380023772} Error: (06/10/2014 04:20:36 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73} Microsoft Office Sessions: ========================= Error: (06/11/2014 10:23:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd15dc01cf8580a64ef0feC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle5ce0994-f173-11e3-b06a-88532e8845f9 Error: (06/11/2014 10:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2014 05:24:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd11c801cf84f25407aa52C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll91c9a195-f0e5-11e3-b55d-88532e8845f9 Error: (06/10/2014 05:23:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1be401cf84f227c62d75C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll65c145be-f0e5-11e3-b55d-88532e8845f9 Error: (06/10/2014 05:22:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd12e001cf84f20952e409C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4791662b-f0e5-11e3-b55d-88532e8845f9 Error: (06/10/2014 05:12:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1a6401cf84f0ad7f2cd8C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlleb78aedf-f0e3-11e3-b55d-88532e8845f9 Error: (06/10/2014 04:37:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc0c01cf84ebd8b82930C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll167c81d3-f0df-11e3-b55d-88532e8845f9 Error: (06/10/2014 04:37:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd35401cf84ebcca209ffC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0a640142-f0df-11e3-b55d-88532e8845f9 Error: (06/10/2014 04:35:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4ac01cf84eb93da75b9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlld21f58ab-f0de-11e3-b55d-88532e8845f9 Error: (06/10/2014 04:30:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd40c01cf84eacfd01adbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0d94737e-f0de-11e3-b55d-88532e8845f9 ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 3990.23 MB Available physical RAM: 2146.89 MB Total Pagefile: 7978.65 MB Available Pagefile: 5894.09 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.93 GB) (Free:304.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 5E0215F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=27) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA) Partition 1: (Not Active) - (Size=11 GB) - (Type=73) Partition 2: (Not Active) - (Size=4 GB) - (Type=84) ==================== End Of Log ============================ FRST.txt Addition.txt
  6. Maybe this is just user error, but I can't paste anything into the text of this message or attach the logs using either uploader. Any suggestions on what I could be doing wrong?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.