Jump to content

craigd

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. craigd
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.11.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Craig :: TIME-MACHINE [administrator] Protection: Enabled 9/11/2013 3:47:15 PM mbam-log-2013-09-11 (15-47-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 244586 Time elapsed: 2 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. craigd
    FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 01Ran by Craig (administrator) on TIME-MACHINE on 11-09-2013 15:33:18Running from C:\Users\Craig\Desktop\DownloadsWindows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(AMD) C:\windows\system32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\windows\system32\dashost.exe(CyberLink) c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [41664 2013-07-03] (Hewlett-Packard )HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-07-03] (IDT, Inc.)HKCU\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKCU\...\Run: [CAHeadless] - c:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-23] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-14] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [eFax 4.4] - C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387320 2013-05-03] (IVT Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnkShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6600 (Network).lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {B6F2095E-6FB2-49D6-B06F-EE18CFBB555F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {B6F2095E-6FB2-49D6-B06F-EE18CFBB555F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (Turn Off the Lights) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.21_0CHR Extension: (YouTube) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (AdBlock) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0CHR Extension: (New Tab Redirect!) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1152712 2013-05-10] (Ralink Technology, Corp.)U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-11 15:27 - 2013-09-11 15:27 - 03314472 _____ C:\windows\system32\FNTCACHE.DAT2013-09-11 13:45 - 2013-09-11 13:47 - 00002293 _____ C:\Users\Craig\Desktop\JRT.txt2013-09-11 13:42 - 2013-09-11 13:42 - 00000000 ____D C:\windows\ERUNT2013-09-11 06:32 - 2013-08-16 01:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys2013-09-11 06:32 - 2013-08-16 01:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll2013-09-11 06:32 - 2013-08-16 01:39 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2013-09-11 06:32 - 2013-08-16 01:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2013-09-11 06:32 - 2013-08-16 01:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe2013-09-11 06:32 - 2013-08-16 01:22 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2013-09-11 06:32 - 2013-08-16 01:21 - 03275776 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2013-09-11 06:32 - 2013-08-16 01:21 - 01621504 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2013-09-11 06:32 - 2013-08-16 01:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2013-09-11 06:32 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2013-09-11 06:32 - 2013-08-16 01:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll2013-09-11 06:32 - 2013-08-15 18:43 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2013-09-11 06:32 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2013-09-11 06:32 - 2013-08-15 18:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll2013-09-11 06:32 - 2013-08-15 18:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll2013-09-11 06:31 - 2013-08-21 00:12 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-09-11 06:31 - 2013-08-21 00:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-09-11 06:31 - 2013-08-21 00:11 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-09-11 06:31 - 2013-08-21 00:11 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-09-11 06:31 - 2013-08-21 00:11 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-09-11 06:31 - 2013-08-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-09-11 06:31 - 2013-08-21 00:11 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-09-11 06:31 - 2013-08-21 00:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-09-11 06:31 - 2013-08-20 22:34 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-09-11 06:31 - 2013-08-20 22:06 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-09-11 06:31 - 2013-08-20 22:06 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-09-11 06:31 - 2013-08-20 22:06 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll2013-09-11 06:31 - 2013-08-20 22:05 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-09-11 06:31 - 2013-08-20 22:05 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-09-11 06:31 - 2013-08-20 22:05 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-09-11 06:31 - 2013-08-20 22:05 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-09-11 06:31 - 2013-08-20 22:05 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-09-11 06:31 - 2013-08-20 21:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-09-11 06:31 - 2013-08-20 19:52 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll2013-09-11 06:31 - 2013-08-03 00:30 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2013-09-11 06:31 - 2013-07-09 04:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys2013-09-11 06:31 - 2013-07-09 02:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe2013-09-11 06:31 - 2013-07-09 00:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe2013-09-11 06:31 - 2013-07-08 23:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll2013-09-11 06:31 - 2013-07-08 18:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll2013-09-11 06:31 - 2013-07-08 18:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll2013-09-11 06:31 - 2013-07-08 18:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll2013-09-11 06:31 - 2013-07-08 18:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll2013-09-11 06:31 - 2013-07-05 20:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll2013-09-11 06:31 - 2013-07-02 20:23 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll2013-09-11 06:31 - 2013-07-02 20:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll2013-09-11 06:31 - 2013-07-02 20:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll2013-09-11 06:31 - 2013-07-02 20:22 - 01300480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll2013-09-11 06:31 - 2013-07-02 20:11 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll2013-09-11 06:31 - 2013-07-02 20:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll2013-09-11 06:31 - 2013-07-02 20:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll2013-09-11 06:31 - 2013-07-01 18:08 - 00387583 _____ C:\windows\system32\ApnDatabase.xml2013-09-11 06:31 - 2013-06-30 18:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe2013-09-11 06:31 - 2013-06-30 18:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe2013-09-11 06:31 - 2013-06-29 02:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys2013-09-11 06:31 - 2013-06-29 02:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys2013-09-11 06:31 - 2013-06-29 01:43 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys2013-09-11 06:31 - 2013-06-28 21:12 - 01022464 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll2013-09-11 06:31 - 2013-06-25 23:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys2013-09-11 06:31 - 2013-06-25 22:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys2013-09-11 06:31 - 2013-06-24 18:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll2013-09-11 06:31 - 2013-06-24 18:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll2013-09-11 06:31 - 2013-06-24 18:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll2013-09-11 06:31 - 2013-06-19 01:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll2013-09-11 06:31 - 2013-06-19 01:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll2013-09-11 06:31 - 2013-06-18 18:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll2013-09-11 06:31 - 2013-06-18 18:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll2013-09-11 06:31 - 2013-06-11 19:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll2013-09-11 06:31 - 2013-06-11 19:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll2013-09-11 06:31 - 2013-06-10 17:17 - 00096512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys2013-09-11 06:31 - 2013-06-10 15:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll2013-09-11 06:31 - 2013-06-10 15:15 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL2013-09-11 06:31 - 2013-06-10 15:15 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL2013-09-11 06:31 - 2013-06-10 15:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL2013-09-11 06:31 - 2013-06-10 15:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll2013-09-11 06:31 - 2013-06-10 15:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL2013-09-11 06:31 - 2013-06-06 04:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS2013-09-09 15:16 - 2013-09-09 15:16 - 00001456 _____ C:\Users\Craig\AppData\Local\Adobe Save for Web 12.0 Prefs2013-08-29 13:30 - 2013-09-11 15:30 - 00000000 ____D C:\AdwCleaner2013-08-21 12:47 - 2013-08-21 12:47 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-08-21 12:47 - 2013-08-21 12:47 - 00000000 ____D C:\Users\Craig\AppData\Local\Windows Live2013-08-15 12:06 - 2013-08-15 12:06 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center2013-08-14 12:57 - 2013-08-14 12:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-14 12:55 - 2013-09-11 06:41 - 00000000 ____D C:\windows\system32\MRT2013-08-14 12:54 - 2013-07-13 02:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll2013-08-14 12:54 - 2013-07-13 02:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll2013-08-14 12:54 - 2013-07-13 02:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll2013-08-14 12:54 - 2013-07-13 02:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll2013-08-14 12:54 - 2013-07-13 02:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll2013-08-14 12:54 - 2013-07-13 00:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll2013-08-14 12:54 - 2013-07-13 00:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll2013-08-14 12:54 - 2013-07-13 00:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll2013-08-14 12:54 - 2013-07-13 00:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll2013-08-14 12:54 - 2013-07-09 02:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2013-08-14 12:54 - 2013-07-01 20:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2013-08-14 12:54 - 2013-07-01 18:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2013-08-14 12:54 - 2013-05-23 19:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll2013-08-14 12:54 - 2013-05-23 18:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll2013-08-14 12:45 - 2013-08-14 12:45 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (5).lnk2013-08-14 12:34 - 2013-08-14 12:34 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (4).lnk2013-08-14 12:09 - 2013-08-14 12:09 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (3).lnk2013-08-14 12:07 - 2013-08-14 12:07 - 00000000 ____D C:\windows\pss2013-08-14 11:59 - 2013-08-14 11:59 - 00002225 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (2).lnk2013-08-14 11:44 - 2013-08-14 11:44 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Users\Craig\AppData\Roaming\SystemRequirementsLab2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\ProgramData\Sun2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Program Files (x86)\Java ==================== One Month Modified Files and Folders ======= 2013-09-11 15:33 - 2013-04-29 18:10 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048302789-1347166234-3868245150-10012013-09-11 15:32 - 2012-07-26 03:28 - 00878374 _____ C:\windows\system32\PerfStringBackup.INI2013-09-11 15:30 - 2013-08-29 13:30 - 00000000 ____D C:\AdwCleaner2013-09-11 15:28 - 2013-04-30 15:23 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-11 15:27 - 2013-09-11 15:27 - 03314472 _____ C:\windows\system32\FNTCACHE.DAT2013-09-11 15:27 - 2012-07-26 03:22 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-09-11 15:26 - 2013-04-29 18:02 - 01123847 _____ C:\windows\WindowsUpdate.log2013-09-11 15:26 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\BBI2013-09-11 15:06 - 2013-07-31 12:48 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2013-09-11 15:00 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru2013-09-11 14:45 - 2013-04-30 15:23 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-11 13:47 - 2013-09-11 13:45 - 00002293 _____ C:\Users\Craig\Desktop\JRT.txt2013-09-11 13:42 - 2013-09-11 13:42 - 00000000 ____D C:\windows\ERUNT2013-09-11 13:09 - 2013-05-30 09:36 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForCraig.job2013-09-11 13:06 - 2012-07-26 04:12 - 00000000 ____D C:\windows\WinStore2013-09-11 13:06 - 2012-07-26 04:12 - 00000000 ____D C:\windows\PolicyDefinitions2013-09-11 13:06 - 2012-07-26 01:38 - 00000000 ____D C:\windows\system32\oobe2013-09-11 10:17 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent2013-09-11 06:41 - 2013-08-14 12:55 - 00000000 ____D C:\windows\system32\MRT2013-09-11 06:40 - 2013-05-01 11:03 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2013-09-11 06:30 - 2013-04-29 18:04 - 00003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E658E959-2F31-44C9-B0E7-CCC1A0AF4FA7}2013-09-10 13:14 - 2013-06-07 14:39 - 00000000 ____D C:\Users\Craig\AppData\Roaming\FileZilla2013-09-10 13:06 - 2013-07-31 12:48 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater2013-09-10 12:25 - 2013-06-07 17:28 - 00000132 _____ C:\Users\Craig\AppData\Roaming\Adobe PNG Format CS5 Prefs2013-09-10 10:54 - 2012-05-31 09:36 - 00000000 ___RD C:\Users\Craig\Desktop\Ghost Tours2013-09-09 15:16 - 2013-09-09 15:16 - 00001456 _____ C:\Users\Craig\AppData\Local\Adobe Save for Web 12.0 Prefs2013-09-09 15:16 - 2013-04-29 18:04 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Adobe2013-09-09 14:43 - 2010-03-11 14:29 - 00000000 ___RD C:\Users\Craig\Desktop\Event Talent Resources2013-09-08 21:54 - 2013-05-30 09:36 - 00003172 _____ C:\windows\System32\Tasks\HPCeeScheduleForCraig2013-09-08 21:54 - 2013-04-29 18:02 - 00000000 ____D C:\Users\Craig2013-09-05 16:09 - 2013-05-18 08:16 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2013-09-05 16:09 - 2013-05-18 08:16 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-05 16:09 - 2008-03-21 10:06 - 00312832 __SHC C:\Users\Craig\Documents\Thumbs.db2013-09-04 21:54 - 2013-05-23 09:27 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log2013-09-04 21:53 - 2012-10-11 23:24 - 00000000 ____D C:\SWSETUP2013-09-04 21:36 - 2013-05-23 09:27 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-09-04 21:35 - 2013-05-23 09:26 - 00000000 ____D C:\Users\Craig\AppData\Roaming\HP Support Assistant2013-09-04 21:35 - 2013-05-10 10:21 - 00000000 ____D C:\Users\Craig\AppData\Roaming\HpUpdate2013-09-03 08:51 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\NDF2013-08-28 12:02 - 2008-05-28 16:55 - 02387456 __SHC C:\Users\Craig\Desktop\Thumbs.db2013-08-28 11:55 - 2010-08-18 10:08 - 00000000 ___RD C:\Users\Craig\Desktop\ISES2013-08-21 12:47 - 2013-08-21 12:47 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-08-21 12:47 - 2013-08-21 12:47 - 00000000 ____D C:\Users\Craig\AppData\Local\Windows Live2013-08-21 12:47 - 2012-07-26 03:21 - 00038033 _____ C:\windows\setupact.log2013-08-21 12:16 - 2013-07-17 11:38 - 00000000 ____D C:\Users\Craig\AppData\Local\LogMeIn Rescue Applet2013-08-21 00:12 - 2013-09-11 06:31 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-08-21 00:12 - 2013-09-11 06:31 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-08-21 00:11 - 2013-09-11 06:31 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-08-21 00:11 - 2013-09-11 06:31 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-08-21 00:11 - 2013-09-11 06:31 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-08-21 00:11 - 2013-09-11 06:31 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-08-21 00:11 - 2013-09-11 06:31 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-08-21 00:11 - 2013-09-11 06:31 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-08-20 22:34 - 2013-09-11 06:31 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-08-20 22:06 - 2013-09-11 06:31 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-08-20 22:06 - 2013-09-11 06:31 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-08-20 22:06 - 2013-09-11 06:31 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll2013-08-20 22:05 - 2013-09-11 06:31 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-08-20 22:05 - 2013-09-11 06:31 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-08-20 22:05 - 2013-09-11 06:31 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-08-20 22:05 - 2013-09-11 06:31 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-08-20 22:05 - 2013-09-11 06:31 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-08-20 21:43 - 2013-09-11 06:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-08-20 19:52 - 2013-09-11 06:31 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll2013-08-16 01:41 - 2013-09-11 06:32 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys2013-08-16 01:39 - 2013-09-11 06:32 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll2013-08-16 01:39 - 2013-09-11 06:32 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2013-08-16 01:32 - 2013-09-11 06:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2013-08-16 01:22 - 2013-09-11 06:32 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe2013-08-16 01:22 - 2013-09-11 06:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2013-08-16 01:21 - 2013-09-11 06:32 - 03275776 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2013-08-16 01:21 - 2013-09-11 06:32 - 01621504 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2013-08-16 01:21 - 2013-09-11 06:32 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2013-08-16 01:21 - 2013-09-11 06:32 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2013-08-16 01:20 - 2013-09-11 06:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll2013-08-15 18:43 - 2013-09-11 06:32 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2013-08-15 18:43 - 2013-09-11 06:32 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2013-08-15 18:42 - 2013-09-11 06:32 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll2013-08-15 18:42 - 2013-09-11 06:32 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll2013-08-15 12:07 - 2013-05-01 15:15 - 00003118 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe2013-08-15 12:07 - 2013-05-01 15:15 - 00003092 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe2013-08-15 12:07 - 2013-05-01 15:15 - 00003090 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe2013-08-15 12:07 - 2013-05-01 15:15 - 00003062 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe2013-08-15 12:07 - 2013-05-01 15:15 - 00003060 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe2013-08-15 12:06 - 2013-08-15 12:06 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center2013-08-14 18:22 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache2013-08-14 12:59 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender2013-08-14 12:59 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-08-14 12:57 - 2013-08-14 12:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-14 12:57 - 2013-06-25 15:47 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk2013-08-14 12:45 - 2013-08-14 12:45 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (5).lnk2013-08-14 12:34 - 2013-08-14 12:34 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (4).lnk2013-08-14 12:09 - 2013-08-14 12:09 - 00002199 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (3).lnk2013-08-14 12:07 - 2013-08-14 12:07 - 00000000 ____D C:\windows\pss2013-08-14 11:59 - 2013-08-14 11:59 - 00002225 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard (2).lnk2013-08-14 11:44 - 2013-08-14 11:44 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2013-08-14 11:44 - 2013-08-14 11:44 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Users\Craig\AppData\Roaming\SystemRequirementsLab2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\ProgramData\Sun2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab2013-08-14 11:44 - 2013-08-14 11:44 - 00000000 ____D C:\Program Files (x86)\Java Files to move or delete:====================C:\Users\Craig\AppData\Local\Temp\Extract.exeC:\Users\Craig\AppData\Local\Temp\GenericUninstall.exeC:\Users\Craig\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Craig\AppData\Local\Temp\sonarinst.exeC:\Users\Craig\AppData\Local\Temp\SP58983.exeC:\Users\Craig\AppData\Local\Temp\SP59485.exeC:\Users\Craig\AppData\Local\Temp\SP61596.exeC:\Users\Craig\AppData\Local\Temp\SP61667.exeC:\Users\Craig\AppData\Local\Temp\SP61673.exeC:\Users\Craig\AppData\Local\Temp\SP62107.exeC:\Users\Craig\AppData\Local\Temp\SP62186.exeC:\Users\Craig\AppData\Local\Temp\SP62231.exeC:\Users\Craig\AppData\Local\Temp\SP62764.exeC:\Users\Craig\AppData\Local\Temp\uninstaller.exeC:\Users\Craig\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-10 03:00 ==================== End Of Log ============================ Additional Log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 01Ran by Craig at 2013-09-11 15:33:58Running from C:\Users\Craig\Desktop\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= 4 Elements II (x32 Version: 2.2.0.98)Adobe Acrobat 8 Standard - English, Français, Deutsch (x32 Version: 8.3.1)Adobe Acrobat 8.3.1 - CPSID_83708 (x32)Adobe Acrobat 8.3.1 Standard (x32 Version: 8.3.1)Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (x32 Version: 8.1.2)Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)Adobe Photoshop Elements 11 (x32 Version: 11.0)Adobe Premiere Elements 11 (Version: 11.0)Amazon Unbox Video (x32 Version: 2.2.0.153)AMD Accelerated Video Transcoding (Version: 12.5.100.21114)AMD APP SDK Runtime (Version: 10.0.938.2)AMD Catalyst Install Manager (Version: 8.0.881.0)Any Video Converter 5.0.5 (x32)Apple Application Support (x32 Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (x32 Version: 2.1.3.127)Battlelog Web Plugins (x32 Version: 2.1.4)Bejeweled 3 (x32 Version: 2.2.0.98)Bonjour (Version: 3.0.0.10)Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)Catalyst Control Center - Branding (x32 Version: 1.00.0000)Catalyst Control Center (x32 Version: 2012.1114.401.6988)Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1114.401.6988)Catalyst Control Center InstallProxy (x32 Version: 2012.1114.401.6988)Catalyst Control Center Localization All (x32 Version: 2012.1114.401.6988)Catalyst Control Center Profiles Desktop (x32 Version: 2012.1114.401.6988)CCC Help Chinese Standard (x32 Version: 2012.1114.0400.6988)CCC Help Chinese Traditional (x32 Version: 2012.1114.0400.6988)CCC Help Czech (x32 Version: 2012.1114.0400.6988)CCC Help Danish (x32 Version: 2012.1114.0400.6988)CCC Help Dutch (x32 Version: 2012.1114.0400.6988)CCC Help English (x32 Version: 2012.1114.0400.6988)CCC Help Finnish (x32 Version: 2012.1114.0400.6988)CCC Help French (x32 Version: 2012.1114.0400.6988)CCC Help German (x32 Version: 2012.1114.0400.6988)CCC Help Greek (x32 Version: 2012.1114.0400.6988)CCC Help Hungarian (x32 Version: 2012.1114.0400.6988)CCC Help Italian (x32 Version: 2012.1114.0400.6988)CCC Help Japanese (x32 Version: 2012.1114.0400.6988)CCC Help Korean (x32 Version: 2012.1114.0400.6988)CCC Help Norwegian (x32 Version: 2012.1114.0400.6988)CCC Help Polish (x32 Version: 2012.1114.0400.6988)CCC Help Portuguese (x32 Version: 2012.1114.0400.6988)CCC Help Russian (x32 Version: 2012.1114.0400.6988)CCC Help Spanish (x32 Version: 2012.1114.0400.6988)CCC Help Swedish (x32 Version: 2012.1114.0400.6988)CCC Help Thai (x32 Version: 2012.1114.0400.6988)CCC Help Turkish (x32 Version: 2012.1114.0400.6988)ccc-utility64 (Version: 2012.1114.401.6988)Citrix Online Launcher (x32 Version: 1.0.109)Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)Cradle of Rome 2 (x32 Version: 2.2.0.98)CyberLink LabelPrint (x32 Version: 2.5.2.5630)CyberLink Media Suite 10 (x32 Version: 10.0.2.2114)CyberLink Power2Go 8 (x32 Version: 8.0.2.2126)CyberLink PowerDVD (x32 Version: 10.0.7.4605)D3DX10 (x32 Version: 15.4.2368.0902)eFax Messenger (x32 Version: 4.4.2.533)Elements 11 Organizer (x32 Version: 11.0)ESN Sonar (x32 Version: 0.70.4)Farm Frenzy (x32 Version: 2.2.0.98)FATE: The Cursed King (x32 Version: 2.2.0.97)FileZilla Client 3.7.2 (x32 Version: 3.7.2)Final Drive Fury (x32 Version: 2.2.0.95)Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32)Google Chrome (x32 Version: 29.0.1547.66)Google Update Helper (x32 Version: 1.3.21.153)GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98)Hoyle Card Games (x32 Version: 2.2.0.95)HP Connected Music (Meridian - installer) (x32 Version: v1.0)HP Connected Remote (x32 Version: 1.0.1218)HP Customer Experience Enhancements (x32 Version: 6.0.1.7)HP Games (x32 Version: 1.0.3.0)HP MyRoom (x32 Version: 9.0.0.0)HP Officejet 6600 Basic Device Software (Version: 28.0.1315.0)HP Officejet 6600 Help (x32 Version: 140.0.2.2)HP Officejet 6600 Product Improvement Study (Version: 28.0.1315.0)HP Postscript Converter (Version: 3.1.3591)HP Quick Start (x32 Version: 1.0.4660.30220)HP Registration Service (Version: 1.1.6232.4245)HP Support Assistant (x32 Version: 7.0.39.15)HP Support Information (x32 Version: 12.00.0000)HP Update (x32 Version: 5.003.003.001)HydraVision (x32 Version: 4.2.236.0)I.R.I.S. OCR (x32 Version: 12.3.4.0)IDT Audio (x32 Version: 1.0.6457.0)Intel® Management Engine Components (x32 Version: 8.1.0.1252)Intel® Rapid Storage Technology (Version: 12.6.0.1033)Intel® Trusted Connect Service Client (Version: 1.24.388.1)iTunes (Version: 11.0.4.4)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Jewel Match 3 (x32 Version: 2.2.0.98)John Deere Drive Green (x32 Version: 2.2.0.95)Luxor Evolved (x32 Version: 2.2.0.98)Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)Movie Maker (x32 Version: 16.4.3503.0728)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT110 (x32 Version: 16.4.1108.0727)MSVCRT110_amd64 (Version: 16.4.1108.0727)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)Peggle Nights (x32 Version: 2.2.0.98)Penguins! (x32 Version: 2.2.0.98)Photo Common (x32 Version: 16.4.3503.0728)Photo Gallery (x32 Version: 16.4.3503.0728)Polar Bowler (x32 Version: 2.2.0.97)Polar Golfer (x32 Version: 2.2.0.98)PRE11 STI 64Installer (x32 Version: 11.0)PSE11 STI Installer (x32 Version: 11.0)QuickTime (x32 Version: 7.74.80.86)Ralink Bluetooth Stack64 (Version: 11.0.737.10)Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)Recovery Manager (x32 Version: 5.5.0.5826)Roads of Rome 3 (x32 Version: 2.2.0.98)Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32)System Requirements Lab for Intel (x32 Version: 4.5.15.0)Tales of Lagoona (x32 Version: 2.2.0.110)Update Installer for WildTangent Games App (x32)WildTangent Games (x32 Version: 1.0.3.0)WildTangent Games App (x32 Version: 4.0.9.7)Windows Live Communications Platform (x32 Version: 16.4.3503.0728)Windows Live Essentials (x32 Version: 16.4.3503.0728)Windows Live Installer (x32 Version: 16.4.3503.0728)Windows Live Photo Common (x32 Version: 16.4.3503.0728)Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)Windows Live SOXE (x32 Version: 16.4.3503.0728)Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)Windows Live UX Platform (x32 Version: 16.4.3503.0728)Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)Youda Jewel Shop (x32 Version: 3.0.2.32)Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 23-08-2013 07:01:45 Scheduled Checkpoint29-08-2013 14:56:57 HPSF Applying updates29-08-2013 14:57:05 HPSF Applying updates05-09-2013 01:51:46 HPSF Applying updates05-09-2013 01:51:54 HPSF Applying updates11-09-2013 10:39:45 Windows Update ==================== Hosts content: ========================== 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 CriticalTask: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandlerTask: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEventsTask: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenanceTask: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group PolicyTask: {23A4E58E-2D3F-4082-8D33-5F15DC652C56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata RefreshTask: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-TasksTask: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge UpdateTask: {32ADEB55-153F-45E8-8448-130D4BD06F92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance ConfiguratorTask: {3958A3C1-9473-422F-B774-616831320F60} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-07-01] (Microsoft Corporation)Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTaskTask: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystemTask: {3F8D3FB2-BB21-4890-B6D4-D07758954A6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)Task: {4071F81E-9AE8-44F2-BAEE-7AE0FDA4C34A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnectTask: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-MaintenanceTask: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorageTask: {44BA17BF-AC47-4153-8F15-5E7F0F6EC260} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauservTask: {454E4A7C-5692-44BA-BA26-823175A4E6B1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)Task: {4A2F2311-322E-42C6-9FDD-CE3AE674EE14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-07-01] (Microsoft Corporation)Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogonTask: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual MaintenanceTask: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot RequiredTask: {5D07E879-A9B2-4A87-94C5-A8CFD6B434A6} - System32\Tasks\HPCeeScheduleForCraig => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {5D64EDAB-A52E-4B07-8042-822750382ABF} - System32\Tasks\User_Feed_Synchronization-{E658E959-2F31-44C9-B0E7-CCC1A0AF4FA7} => C:\windows\system32\msfeedssync.exe [2012-07-25] (Microsoft Corporation)Task: {5E175B98-A1EB-4490-9BE6-227A741252CE} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048302789-1347166234-3868245150-1001Task: {61358AB3-C845-428B-941B-2B9D93E9048D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)Task: {6DC559B9-70B0-4BCF-8542-C782DDD63AB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-10-11] (Microsoft Corporation)Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319Task: {735A3F7D-DB3E-4AA1-90DF-FA6AF03BA891} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-UpdateTask: {78BF1614-E263-43BE-A02B-38AFE989435A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-07-01] (Microsoft Corporation)Task: {795B10F3-2FD9-4756-B1E5-8D12840BCC39} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update TaskTask: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular MaintenanceTask: {8203C237-320B-4167-B3B0-344952AC69F4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle MaintenanceTask: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)Task: {8F5CD1D7-B11A-4C8C-9FFF-E7374CE28DA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync LicensesTask: {931CBE9A-2386-40FE-A418-BE0DE49AB8AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-07-01] (Microsoft Corporation)Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTimeTask: {94B946FD-112E-4DE9-A0F0-C54F1BEF1257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)Task: {94BEA6EA-387E-4379-848C-7CD34D2DC388} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnosticTask: {9D501FA6-76A5-4B78-BAAD-C1DA494EE4B3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: {A0D88FB2-51F3-478C-BDE2-3984D8369F36} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanupTask: {A12A137A-C748-4024-8A5A-A3E540D0A5D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTaskTask: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTaskTask: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTaskTask: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScanTask: {B641EF36-9578-4E40-BCD5-BABBD42D2A15} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {B906B2A1-12DA-43FD-99E5-6269D53EF47E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstallTask: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecificTask: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity ScanTask: {C33074DE-7765-438A-8044-7E6202BF1DF9} - System32\Tasks\AdobeAAMUpdater-1.0-Time-Machine-Craig => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)Task: {C3A1396D-F9D6-4831-A35D-A449695BB654} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data senderTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-25] (Microsoft Corporation)Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetworkTask: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 CriticalTask: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash RecoveryTask: {E2A650CC-A01F-4E6C-B80A-4E49356A07C0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstallTask: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskTask: {E56D3484-E245-44F4-8B95-51FAF97C3164} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)Task: {E87B75CB-53D2-4D58-9B23-AB8D6D690416} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-10-11] (Microsoft Corporation)Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_startedTask: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-25] (Microsoft Corporation)Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQMTask: {F436F174-6D53-4770-876F-A7A31A0098C8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HPCeeScheduleForCraig.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-20 17:24 - 2013-04-20 17:24 - 00023456 _____ (Hewlett-Packard) C:\windows\assembly\GAC_MSIL\HPSeekerModule\1.0.1218.0__91e5a4b21af71fa1\HPSeekerModule.dll2013-04-20 17:24 - 2013-04-20 17:24 - 00030112 _____ (Hewlett-Packard) C:\windows\assembly\GAC_MSIL\HPConnectedRemoteAddIn\1.0.1218.0__91e5a4b21af71fa1\HPConnectedRemoteAddIn.dll2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll2013-04-29 18:04 - 2013-04-29 18:04 - 00043424 _____ (Hewlett-Packard) C:\Users\Craig\AppData\Local\assembly\dl3\B2XMMT5G.1XA\DZKE7PLD.O5K\c8f8de94\003119c4_d8a8cd01\HPSeeker.DLL2013-04-29 18:04 - 2013-04-29 18:04 - 00075680 _____ (Hewlett-Packard) C:\Users\Craig\AppData\Local\assembly\dl3\B2XMMT5G.1XA\DZKE7PLD.O5K\4ed6c5b6\003119c4_d8a8cd01\HPSwitchBoard.DLL2013-04-29 18:04 - 2013-04-29 18:04 - 00120224 _____ () C:\Users\Craig\AppData\Local\assembly\dl3\B2XMMT5G.1XA\DZKE7PLD.O5K\a1b8a3d8\008b7bc6_d8a8cd01\HPItunesModule.DLL2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll2013-04-29 18:04 - 2013-04-29 18:04 - 00069024 _____ (Hewlett-Packard) C:\Users\Craig\AppData\Local\assembly\dl3\B2XMMT5G.1XA\DZKE7PLD.O5K\92167bd9\005e4ac5_d8a8cd01\HPWMCModule.DLL2013-04-29 18:04 - 2013-04-29 18:04 - 00062368 _____ (Hewlett-Packard) C:\Users\Craig\AppData\Local\assembly\dl3\B2XMMT5G.1XA\DZKE7PLD.O5K\c73b21f1\003119c4_d8a8cd01\HPWMPModule.DLL2012-10-12 20:22 - 2012-10-12 20:22 - 00026016 _____ (michaelnoonan) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\WindowsInput.dll2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll2013-04-20 17:25 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/11/2013 01:10:35 PM) (Source: ESENT) (User: )Description: taskhostex (3708) An attempt to open the file "C:\Users\Craig\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (09/11/2013 06:32:12 AM) (Source: Application Hang) (User: )Description: The program chrome.exe version 29.0.1547.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1894 Start Time: 01cead794a9fd1cc Termination Time: 27 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 66470060-1acd-11e3-be91-9c2a702dff52 Faulting package full name: Faulting package-relative application ID: Error: (09/10/2013 03:02:32 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/10/2013 03:02:13 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/09/2013 00:30:43 PM) (Source: Application Error) (User: )Description: Faulting application name: svchost.exe_wcncsvc, version: 6.2.9200.16420, time stamp: 0x505a9a4eFaulting module name: ntdll.dll, version: 6.2.9200.16579, time stamp: 0x51637f77Exception code: 0xc0000005Fault offset: 0x000000000005ab00Faulting process id: 0xb74Faulting application start time: 0xsvchost.exe_wcncsvc0Faulting application path: svchost.exe_wcncsvc1Faulting module path: svchost.exe_wcncsvc2Report Id: svchost.exe_wcncsvc3Faulting package full name: svchost.exe_wcncsvc4Faulting package-relative application ID: svchost.exe_wcncsvc5 Error: (09/08/2013 07:13:19 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/07/2013 03:01:44 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/07/2013 03:01:28 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/05/2013 03:01:51 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/04/2013 03:01:39 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. System errors:=============Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: %%1056 Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (09/09/2013 00:30:44 PM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (08/28/2013 11:31:13 AM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: %%1056 Error: (08/28/2013 11:31:13 AM) (Source: Service Control Manager) (User: )Description: The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (08/28/2013 11:31:13 AM) (Source: Service Control Manager) (User: )Description: The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (08/28/2013 11:31:13 AM) (Source: Service Control Manager) (User: )Description: The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (09/11/2013 01:10:35 PM) (Source: ESENT)(User: )Description: taskhostex3708C:\Users\Craig\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (09/11/2013 06:32:12 AM) (Source: Application Hang)(User: )Description: chrome.exe29.0.1547.66189401cead794a9fd1cc27C:\Program Files (x86)\Google\Chrome\Application\chrome.exe66470060-1acd-11e3-be91-9c2a702dff52 Error: (09/10/2013 03:02:32 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/10/2013 03:02:13 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/09/2013 00:30:43 PM) (Source: Application Error)(User: )Description: svchost.exe_wcncsvc6.2.9200.16420505a9a4entdll.dll6.2.9200.1657951637f77c0000005000000000005ab00b7401cea8a2b67c6a83C:\windows\system32\svchost.exeC:\windows\SYSTEM32\ntdll.dll2b826b93-196d-11e3-be91-9c2a702dff52 Error: (09/08/2013 07:13:19 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/07/2013 03:01:44 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/07/2013 03:01:28 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/05/2013 03:01:51 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe Error: (09/04/2013 03:01:39 AM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe ==================== Memory info =========================== Percentage of memory in use: 20%Total physical RAM: 7635.53 MBAvailable physical RAM: 6054.3 MBTotal Pagefile: 8035.53 MBAvailable Pagefile: 6390.77 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.59 GB) (Free:704.3 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:18.45 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive i: (Jul 04 2013) (CDROM) (Total:4.37 GB) (Free:0 GB) UDFDrive j: (Elements) (Fixed) (Total:465.76 GB) (Free:376.67 GB) NTFSDrive k: (My Book) (Fixed) (Total:149.01 GB) (Free:99.27 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: 1491AE0E) Partition: GPT Partition Type========================================================Disk: 5 (Size: 149 GB) (Disk ID: 44FDFE06)Partition 1: (Not Active) - (Size=149 GB) - (Type=0C) ========================================================Disk: 6 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0012FD0B)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. craigd
    I really haven't been having a problem, but have noticed quarantine files for the past few weeks on my weekly scheduled Mbam. I just want to remove this junk off of my system. Give me a few minutes to run these tools and i will post the result logs.
  4. craigd
    i did run AdwCleaner....results below: didn't know if I should delete them since they didn't say sweetpacks. Should I delete them? ----------- # AdwCleaner v3.003 - Report created 11/09/2013 at 12:48:13# Updated 07/09/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Craig - TIME-MACHINE# Running from : C:\Users\Craig\Desktop\Downloads\adwcleaner (1).exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Users\Craig\AppData\Local\Temp\boost_interprocess ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\IMKey Found : HKCU\Software\ImInstallerKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Found : [x64] HKCU\Software\IMKey Found : [x64] HKCU\Software\ImInstallerKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1293 octets] - [29/08/2013 13:30:45]AdwCleaner[R1].txt - [1304 octets] - [11/09/2013 12:48:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1364 octets] ##########
  5. craigd
    i have been trying to remove this damn sweetpacks garbage unsuccessfully. Hopefully someone can help. Here is my last log that found something. I just ran a quick scan that found nothing (see below Mbam for additional info). Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.06.10 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16660Craig :: TIME-MACHINE [administrator] Protection: Enabled 9/6/2013 9:01:36 PMmbam-log-2013-09-06 (21-01-36).txt Scan type: Flash scanScan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: Registry | File System | P2PObjects scanned: 210298Time elapsed: 22 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. Registry Values Detected: 2HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2845034B-CA21-11E2-BE77-9C2A702DFF52} -> Quarantined and deleted successfully.HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2845034B-CA21-11E2-BE77-9C2A702DFF52} -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Here is a Junkware Remover's log. Can someone help me remove Sweetpacks? - Thank You ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.9 (09.07.2013:1)OS: Windows 8 x64Ran by Craig on Wed 09/11/2013 at 13:43:00.16~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacksFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\updater by sweetpacksSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6F2095E-6FB2-49D6-B06F-EE18CFBB555F}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B6F2095E-6FB2-49D6-B06F-EE18CFBB555F}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{B6F2095E-6FB2-49D6-B06F-EE18CFBB555F}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 09/11/2013 at 13:45:56.72End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. craigd
    That file was the problem. It was in the following folder: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run I unclicked it, restarted the computer and whammo... This is the first time in years that my computer has started without booting Windows Media Player!
  7. craigd
    I found this file during the autoruns.exe program: c:\windows\system32\aogt.exe is this causing the problem?
  8. craigd
    My problem is that Windows Media Player auto starts every time I boot up. WMP is not located in my start up folder and I have checked out the start up through some sort of DOS prompt and it does not appear there either. Anybody have any thoughts of how to stop WMP from auto loading? Thanks - Craig
  9. craigd
    Hey I think that I am having a problem similar to many others in that my google search results are getting hijacked. I am being taken to searchfindsite and others when clicking on the link. Please help! Below is my Hijackthis log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pidgin\pidgin.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.151.65.101:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [aogt] C:\WINDOWS\System32\aogt.exe O4 - Startup: Shortcut to pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dommlp03.meadwestvaco.com/iNotes6.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121124469171 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: TPSvc - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 8316 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.