Jump to content

sgraessle

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by sgraessle

  1. 2nd log ... too long to post both together.... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Steve at 2014-03-29 11:58:52Running from C:\Users\Steve\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Norton AntiVirus (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton AntiVirus (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} ==================== Installed Programs ====================== 5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)ACT! (HKLM-x32\...\ACT!) (Version: - )Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) HiddenAIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) HiddenAIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) HiddenAlcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) HiddenApple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.11.12 - Atheros Communications Inc.)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0004 - ASUS)Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) HiddenCyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) HiddenDivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.2.1.2 - DivX, LLC)DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddendoPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)EaseUS Todo Backup Free 3.0 (HKLM-x32\...\EaseUS Todo Backup Free 3.0_is1) (Version: 3.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)Eraser 5.8 (HKLM-x32\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8 - Heidi Computers Ltd.)ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) HiddenFileZilla (remove only) (HKLM-x32\...\FileZilla) (Version: - )FLVPlayer4Free Free FLV Player 3.8.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale)FreePriceAlerts 2.3.5 (HKLM\...\{DC3381CB-10D4-431D-B9B3-7DB84B00645F}) (Version: 2.3.5 - myVBO LLC)Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenIconRestorer 1.0.8.1 SR1 (HKLM-x32\...\IconRestorer Free_is1) (Version: - FSL - FreeSoftLand)Intel PROSet Wireless (Version: - ) HiddenIntel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)Java 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.3.0.14715 - Juniper Networks)Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 1.3.3.13503 - Juniper Networks)Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 6.3.0.14715 - Juniper Networks)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)Network64 (Version: 130.0.572.000 - Hewlett-Packard) HiddenNikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.1.0.18 - Symantec Corporation)Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.3.0.26 - Symantec Corporation)OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenSafari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenSpybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)Status (x32 Version: 130.0.469.000 - Hewlett-Packard) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenToolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hiddentools-windows (x32 Version: 8.4.5.14951 - VMware, Inc.) HiddenTrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) HiddenUnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) HiddenVisual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) HiddenVisual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.1.3.14951 - VMware, Inc)VMware Player (x32 Version: 3.1.3.14951 - VMware, Inc.) HiddenWebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWhat's Running 2.2 (HKLM-x32\...\What's Running_is1) (Version: 2.2 - WhatsRunning.net)Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.12772 - Xobni Corp.)Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden ==================== Restore Points ========================= 27-02-2014 19:36:11 Scheduled Checkpoint04-03-2014 16:39:55 Removed Wireless Console 304-03-2014 16:40:29 Removed Windows Live Upload Tool04-03-2014 16:41:46 Removed Wireless Console 304-03-2014 16:48:18 Removed ASUS LifeFrame304-03-2014 16:50:13 Removed ASUS SmartLogon04-03-2014 16:59:44 Removed ASUS Power4Gear Hybrid04-03-2014 17:04:07 Removed WinFlash04-03-2014 17:06:15 Removed ASUS Virtual Camera04-03-2014 17:08:44 Removed Express Gate.04-03-2014 17:11:24 Removed HTC Driver Installer.04-03-2014 17:13:09 SG After removing 11-03-2014 13:02:11 SG Stable startups12-03-2014 22:47:40 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2011-08-21 15:52 - 00436604 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 123fporn.info127.0.0.1 www.123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 www.123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0CC22FC7-86F2-4682-9581-2D2FF9F2107F} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {1FDFC229-E07A-4157-B592-EB8A200E010A} - System32\Tasks\ReclaimerResumeInstallLogin_Steve => C:\Users\Steve\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29] (RealNetworks, Inc.)Task: {26582489-03FA-470F-9163-536A3CCFCB9A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)Task: {3DB0AA3F-6E0C-4A6C-AEE7-78A2FACC3AF8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe [2013-01-25] (Symantec Corporation)Task: {5C6C5A84-3C95-4382-9FB3-7E99C07BCF3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: {604DEF24-8B75-4EBC-909B-860A68CB5F95} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe [2013-01-25] (Symantec Corporation)Task: {65E7C28E-AD6C-4441-9D35-AF90597558F2} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)Task: {6F2C8FFD-FB6A-4001-924D-C3CD326EBE95} - System32\Tasks\{2E69F4FC-0DE7-4199-A190-B0AB6ECFB278} => C:\Program Files (x86)\ACT\act.exe [2002-01-14] (Interact Commerce Corporation)Task: {6FA2404D-ED20-4B44-9923-7A49306227A3} - System32\Tasks\{A18D89CC-56FA-4019-992D-110A28C39F4E} => C:\Program Files (x86)\ACT\act.exe [2002-01-14] (Interact Commerce Corporation)Task: {7443AF8A-E449-41DA-8C88-BB4997B3476B} - System32\Tasks\ReclaimerResumeInstall_Steve => C:\Users\Steve\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29] (RealNetworks, Inc.)Task: {78019BF0-132E-4B2F-B170-1581F39A69C6} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {806AE2C7-90A5-4D8C-B366-56ABB4736C56} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)Task: {8A0FBD43-9F63-43E9-8009-905AB2329819} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exeTask: {8A6969B6-CA40-4330-8CD7-0B49F5FDE009} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)Task: {8EDA3C79-44D4-42AA-A481-B3EAD8CD2ADC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)Task: {91718E31-1281-4C78-B422-FE16B63AE3AD} - System32\Tasks\{0CC7B17B-F2F2-48C5-90DF-F2D52FEF8AB1} => C:\Program Files (x86)\ACT\act.exe [2002-01-14] (Interact Commerce Corporation)Task: {917F8746-A7D6-4F9E-93CC-F26F71000294} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)Task: {9442A27E-473E-4874-B76F-1008263FDDEF} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exeTask: {9E19FF29-C3FC-4F18-9A35-43E03B8598AC} - System32\Tasks\{BDAE90A4-0774-4D45-A879-B8DC1ACCA207} => C:\Program Files (x86)\ACT\act.exe [2002-01-14] (Interact Commerce Corporation)Task: {9FD9CDBD-E570-4894-94A1-3FDDD3B2B7A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)Task: {A24F6B59-9969-42E4-9D5E-D925CD96CC8B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: {B6A75119-2389-4863-91BD-C40AA75FA74C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: {C93004D4-975A-4BBC-A96E-2483C5262405} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)Task: {CEBB3CD5-EF45-4CD2-A00C-97B06BF11503} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)Task: {D19F524C-863B-45EF-8DDC-947AF0C4241E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {D98842CA-C41E-46E5-9750-478D4B3E9E9F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)Task: {DD5394C7-5574-4B14-A4DE-9AF4C9611FA2} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)Task: {E3FC2B7B-A701-429A-B3F7-C208C08CEACB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ReclaimerResumeInstallLogin_Steve.job => C:\Users\Steve\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\ReclaimerResumeInstall_Steve.job => C:\Users\Steve\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-03-17 09:53 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-17 09:53 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-17 09:53 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-17 09:53 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-17 09:53 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-17 09:53 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2010-02-23 16:14 - 2010-02-23 16:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll2010-02-23 16:14 - 2010-02-23 16:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll2010-02-23 16:11 - 2010-02-23 16:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll2010-02-23 16:12 - 2010-02-23 16:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll2010-02-23 16:14 - 2010-02-23 16:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll2014-03-17 09:53 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll2010-12-08 15:07 - 2010-12-08 15:07 - 00895488 _____ () C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AFBAgent => 2MSCONFIG\Services: AMPPALR3 => 2MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: ASLDRService => 2MSCONFIG\Services: ATKGFNEXSrv => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: BTHSSecurityMgr => 2MSCONFIG\Services: Connectify => 2MSCONFIG\Services: DMAgent => 2MSCONFIG\Services: EaseUS Agent => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: IDriverT => 3MSCONFIG\Services: LMS => 2MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2MSCONFIG\Services: ufad-ws60 => 2MSCONFIG\Services: UNS => 2MSCONFIG\Services: VMAuthdService => 2MSCONFIG\Services: VMUSBArbService => 2MSCONFIG\Services: WiMAXAppSrv => 2MSCONFIG\Services: XobniService => 2MSCONFIG\Services: ZeroConfigService => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartupMSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exeMSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeMSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeMSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" startMSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"MSCONFIG\startupreg: Eraser => C:\Program Files (x86)\Eraser\eraser.exe -hideMSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exeMSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashMSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exeMSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplashMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/17/2014 05:42:54 PM) (Source: Application Error) (User: )Description: Faulting application name: recordingmanager.exe, version: 1.3.0.208, time stamp: 0x50b836feFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x180cFaulting application start time: 0xrecordingmanager.exe0Faulting application path: recordingmanager.exe1Faulting module path: recordingmanager.exe2Report Id: recordingmanager.exe3 Error: (03/06/2014 10:57:00 AM) (Source: SetupARService) (User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/06/2014 08:56:28 AM) (Source: SetupARService) (User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/06/2014 08:44:30 AM) (Source: SetupARService) (User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/05/2014 08:50:04 AM) (Source: SetupARService) (User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/04/2014 08:26:34 PM) (Source: SetupARService) (User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/03/2014 09:55:41 AM) (Source: Application Error) (User: )Description: Faulting application name: WimaxConsole.exe, version: 0.0.0.0, time stamp: 0x4bd4ffddFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000374Fault offset: 0x00000000000c4102Faulting process id: 0x548Faulting application start time: 0xWimaxConsole.exe0Faulting application path: WimaxConsole.exe1Faulting module path: WimaxConsole.exe2Report Id: WimaxConsole.exe3 Error: (02/23/2014 05:33:18 PM) (Source: Application Error) (User: )Description: Faulting application name: recordingmanager.exe, version: 1.3.0.208, time stamp: 0x50b836feFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x168cFaulting application start time: 0xrecordingmanager.exe0Faulting application path: recordingmanager.exe1Faulting module path: recordingmanager.exe2Report Id: recordingmanager.exe3 Error: (02/21/2014 03:46:24 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3042 Error: (02/21/2014 03:46:24 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 3042 System errors:=============Error: (03/17/2014 09:23:47 AM) (Source: DCOM) (User: )Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (03/17/2014 09:23:27 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:23:27 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:23:27 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:23:13 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:23:13 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:23:13 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (03/17/2014 09:22:04 AM) (Source: DCOM) (User: )Description: 1068COMSysApp{ECABAFBC-7F19-11D2-978E-0000F8757E2A} Error: (03/17/2014 09:19:57 AM) (Source: DCOM) (User: )Description: 1068COMSysApp{182C40F0-32E4-11D0-818B-00A0C9231C29} Error: (03/17/2014 09:19:03 AM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (03/17/2014 05:42:54 PM) (Source: Application Error)(User: )Description: recordingmanager.exe1.3.0.20850b836fentdll.dll6.1.7601.18247521ea8e7c0000374000ce753180c01cf422132de709dC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\SysWOW64\ntdll.dll79f249c1-ae25-11e3-b0c0-b70fd107290b Error: (03/06/2014 10:57:00 AM) (Source: SetupARService)(User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/06/2014 08:56:28 AM) (Source: SetupARService)(User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/06/2014 08:44:30 AM) (Source: SetupARService)(User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/05/2014 08:50:04 AM) (Source: SetupARService)(User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/04/2014 08:26:34 PM) (Source: SetupARService)(User: )Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/03/2014 09:55:41 AM) (Source: Application Error)(User: )Description: WimaxConsole.exe0.0.0.04bd4ffddntdll.dll6.1.7601.18247521eaf24c000037400000000000c410254801cf36f09840b93fC:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exeC:\Windows\SYSTEM32\ntdll.dlle33b9547-a2e3-11e3-8f0a-bd372ad09721 Error: (02/23/2014 05:33:18 PM) (Source: Application Error)(User: )Description: recordingmanager.exe1.3.0.20850b836fentdll.dll6.1.7601.18247521ea8e7c0000374000ce753168c01cf30cc819eba35C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\SysWOW64\ntdll.dll7d9ea1ae-9cda-11e3-97ba-bbecf2eb920b Error: (02/21/2014 03:46:24 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3042 Error: (02/21/2014 03:46:24 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 3042 ==================== Memory info =========================== Percentage of memory in use: 50%Total physical RAM: 7980.55 MBAvailable physical RAM: 3959.34 MBTotal Pagefile: 15959.27 MBAvailable Pagefile: 11611.88 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:574.68 GB) (Free:107.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: E0C5913D) Partition: GPT Partition Type. ==================== End Of Log ============================
  2. here are logs from the correct PC...my apologies again! I just am back from long trip and I'm still getting caught up on everything. THanks in advance for the help ... I hope you got my warning about the wrong logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Steve (administrator) on STEVE-PC on 29-03-2014 11:57:29Running from C:\Users\Steve\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(FSL - Freesoftland) C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(RealNetworks, Inc.) c:\program files (x86)\real\realplayer\update\realsched.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 1999-12-31] (Realtek Semiconductor)HKLM\...\Run: [intelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1622016 2011-06-02] (Intel® Corporation)HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [] - [X]HKU\S-1-5-19\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-19\...\RunOnce: [] - [X]HKU\S-1-5-20\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-20\...\RunOnce: [] - [X]HKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-11] (Google Inc.)HKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\Policies\Explorer: [NofolderOptions] 0HKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\MountPoints2: {5ca2c788-7c59-11e3-b67e-005056c00008} - D:\Windows\PTMHS291LVW_V4_14_1_0.exeHKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\MountPoints2: {5ca2c79b-7c59-11e3-b67e-005056c00008} - D:\Windows\PTMHS291LVW_V4_14_1_0.exeHKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\MountPoints2: {7f85a669-9d07-11e0-ab30-005056c00008} - D:\TL-Bootstrap.exeHKU\S-1-5-21-2446132634-3186606105-1043327889-1001\...\MountPoints2: {e883a175-266a-11e0-8db3-005056c00008} - D:\LaunchU3.exeStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnkShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enUS409US409HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll (Symantec Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} http://aspentechdemo.demoservers.com/URA/URA/lib/srdp.cabDPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn-am1.infor.com/CACHE/stc/1/binaries/vpnweb.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cabWinsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.)Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.defaultFF SelectedSearchEngine: GoogleFF Homepage: google.comFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.default\searchplugins\safeguard-secure-search.xmlFF Extension: Google Toolbar for Firefox - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-09-29]FF Extension: Default Full Zoom Level - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2013-06-18]FF Extension: FastestFox - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.default\Extensions\smarterwiki@wikiatic.com.xpi [2012-02-29]FF Extension: Adblock Plus - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ofmqs7b1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-13]FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5videoFF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010-12-30]FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpaFF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010-12-30]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-18] Chrome: =======CHR HomePage: CHR RestoreOnStartup: "spdy": { "servers": [ "calendar.google.com:443", "chatenabled.mail.google.com:443", "gan.doubleclick.net:443", "ssl.gstatic.com:443", "accounts.youtube.com:443", "static.doubleclick.net:443", "accounts.google.com:443", "mail-attachment.googleusercontent.com:443", "plusone.google.com:443", "googleads.g.doubleclick.net:443", "id.google.com:443", "pagead2.googleadservices.com:443", "ssl.google-analytics.com:443", "toolbarqueries.google.com:443", "ad.doubleclick.net:443", "clients2.google.com:443", "clients4.google.com:443", "mail.google.com:443", "plus.google.com:443", "www.google.com:443", "apis.google.com:443", "news.google.com:443", "www.googleadservices.com:443", "ajax.googleapis.com:443", "fls.doubleclick.net:443", "lh3.googleusercontent.com:443"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll (WebEx Communications, Inc)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-18]CHR Extension: (Google Calendar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2011-09-21]CHR Extension: (DivX HiQ) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-04-16]CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-01-27]CHR Extension: (RealDownloader) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-27]CHR Extension: (Advanced Extensions) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\knchccdpckooledklhnooegnniofcfip [2012-12-03]CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-04-17]CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx [2010-12-08] ==================== Services (Whitelisted) ================= S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [60040 2011-08-06] (CHENGDU YIWO Tech Development Co., Ltd)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation)S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 1999-12-31] (Realtek Semiconductor)R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S4 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2010-11-22] (Xobni Corporation)S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001_9d6\BHDrvx64.sys [1526488 2014-02-14] (Symantec Corporation)R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-09] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [50312 2011-08-06] ()R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140317.001\IDSvia64.sys [524504 2014-03-04] (Symantec Corporation)R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140317.035\ENG64.SYS [126040 2014-03-06] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140317.035\EX64.SYS [2099288 2014-03-06] (Symantec Corporation)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-29] ()R0 SymDS; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-15] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]U3 tmlwf; U3 tmwfp; S3 vpnva; system32\DRIVERS\vpnva64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-29 11:57 - 2014-03-29 11:58 - 00033261 _____ () C:\Users\Steve\Downloads\FRST.txt2014-03-29 11:57 - 2014-03-29 11:57 - 00000000 ____D () C:\FRST2014-03-29 11:55 - 2014-03-29 11:55 - 02157056 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe2014-03-29 11:52 - 2014-03-29 11:52 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstall_Steve2014-03-29 11:52 - 2014-03-29 11:52 - 00002666 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_Steve2014-03-29 11:52 - 2014-03-29 11:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerResumeInstallLogin_Steve.job2014-03-29 11:52 - 2014-03-29 11:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerResumeInstall_Steve.job2014-03-17 17:54 - 2014-03-17 17:54 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-17 17:54 - 2014-03-17 17:54 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-17 13:25 - 2014-03-17 13:45 - 00000000 ____D () C:\Users\Steve\Desktop\mbar2014-03-17 13:25 - 2014-03-17 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-03-17 13:25 - 2014-03-17 13:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-17 13:23 - 2014-03-17 13:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Steve\Downloads\mbar-1.07.0.1009.exe2014-03-17 11:51 - 2014-03-17 11:51 - 00001034 _____ () C:\Windows\PFRO.log2014-03-12 16:11 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-12 16:11 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-12 16:11 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-12 16:11 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-12 16:11 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-12 16:11 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-12 16:11 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-12 16:11 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-12 16:11 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-12 16:11 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-12 16:11 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-12 16:11 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-12 16:11 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-12 16:11 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-12 16:11 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-12 16:11 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-12 16:11 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-12 16:11 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-12 16:11 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-12 16:11 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-12 16:11 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-12 16:11 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-12 16:11 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-12 16:11 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-12 16:11 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-12 16:11 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-12 16:11 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-12 16:11 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-12 16:11 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-12 16:11 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-12 16:11 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-12 16:11 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-12 16:11 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-12 16:11 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-12 16:11 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-12 16:11 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-12 16:11 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-12 16:11 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-12 16:11 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-12 16:11 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-12 16:11 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-12 16:11 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-12 16:11 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-12 16:11 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-12 16:11 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-12 16:11 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-12 16:11 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-12 16:11 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-04 12:11 - 2014-03-04 12:11 - 00006490 _____ () C:\Windows\DPINST.LOG2014-03-04 12:03 - 2014-03-18 08:02 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-02-27 08:51 - 2014-03-29 11:50 - 00001568 _____ () C:\Windows\setupact.log2014-02-27 08:51 - 2014-02-27 08:51 - 00000000 _____ () C:\Windows\setuperr.log ==================== One Month Modified Files and Folders ======= 2014-03-29 11:58 - 2014-03-29 11:57 - 00033261 _____ () C:\Users\Steve\Downloads\FRST.txt2014-03-29 11:57 - 2014-03-29 11:57 - 00000000 ____D () C:\FRST2014-03-29 11:56 - 2009-07-14 00:13 - 00790726 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-29 11:55 - 2014-03-29 11:55 - 02157056 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe2014-03-29 11:52 - 2014-03-29 11:52 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstall_Steve2014-03-29 11:52 - 2014-03-29 11:52 - 00002666 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_Steve2014-03-29 11:52 - 2014-03-29 11:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerResumeInstallLogin_Steve.job2014-03-29 11:52 - 2014-03-29 11:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerResumeInstall_Steve.job2014-03-29 11:51 - 2013-08-14 20:27 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys2014-03-29 11:51 - 2013-08-14 20:27 - 00002836 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup2014-03-29 11:51 - 2013-08-14 20:27 - 00000410 _____ () C:\Windows\Tasks\SlimDrivers Startup.job2014-03-29 11:51 - 2010-12-11 17:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-29 11:50 - 2014-02-27 08:51 - 00001568 _____ () C:\Windows\setupact.log2014-03-29 11:50 - 2010-12-13 17:25 - 00000000 ____D () C:\ProgramData\VMware2014-03-29 11:50 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-18 11:46 - 2012-09-07 19:21 - 01579574 _____ () C:\Windows\WindowsUpdate.log2014-03-18 10:48 - 2010-12-11 17:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-18 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-03-18 08:02 - 2014-03-04 12:03 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-18 08:02 - 2014-01-23 11:25 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-18 08:01 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-18 08:01 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-17 17:54 - 2014-03-17 17:54 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-17 17:54 - 2014-03-17 17:54 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2446132634-3186606105-1043327889-10012014-03-17 17:54 - 2011-09-16 15:20 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc2014-03-17 17:43 - 2010-12-11 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Local\CrashDumps2014-03-17 13:45 - 2014-03-17 13:25 - 00000000 ____D () C:\Users\Steve\Desktop\mbar2014-03-17 13:45 - 2014-03-17 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-03-17 13:25 - 2014-03-17 13:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-17 13:23 - 2014-03-17 13:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Steve\Downloads\mbar-1.07.0.1009.exe2014-03-17 11:51 - 2014-03-17 11:51 - 00001034 _____ () C:\Windows\PFRO.log2014-03-17 11:49 - 2010-12-12 12:55 - 00000000 ____D () C:\Users\Steve\Downloads\INSTALLED on PERSONAL PC2014-03-13 07:53 - 2012-04-03 08:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-13 07:53 - 2011-05-17 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-12 18:02 - 2014-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-12 17:57 - 2009-07-13 23:45 - 00434704 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 17:56 - 2013-03-14 17:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 17:56 - 2013-03-14 17:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 17:53 - 2013-07-17 17:23 - 00000000 ____D () C:\Windows\system32\MRT2014-03-12 17:53 - 2010-12-12 13:05 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-12 17:51 - 2010-12-11 19:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-06 14:42 - 2010-12-11 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-06 11:12 - 2010-12-11 13:47 - 00000000 ____D () C:\Users\Steve2014-03-06 11:09 - 2013-08-15 08:01 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM2014-03-06 11:09 - 2010-12-11 16:17 - 00000000 ____D () C:\ProgramData\Norton2014-03-06 11:09 - 2010-11-01 19:20 - 00000000 ____D () C:\Windows\system32\SRSLabs2014-03-06 11:09 - 2010-11-01 19:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-03-06 11:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat2014-03-06 11:08 - 2010-12-12 19:13 - 00000000 ____D () C:\ProgramData\Real2014-03-04 12:11 - 2014-03-04 12:11 - 00006490 _____ () C:\Windows\DPINST.LOG2014-03-04 12:11 - 2010-12-11 16:06 - 00006477 _____ () C:\ProgramData\hpzinstall.log2014-03-04 12:09 - 2010-11-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Downloaded Installations2014-03-04 12:06 - 2010-11-01 19:26 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-03-03 17:55 - 2011-01-07 21:12 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5989A71D-E03A-43B7-A44C-5B818D9979D5}2014-03-03 09:30 - 2011-02-13 14:21 - 00000000 ____D () C:\Windows\pss2014-03-01 01:05 - 2014-03-12 16:11 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-01 00:17 - 2014-03-12 16:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-01 00:16 - 2014-03-12 16:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-28 23:58 - 2014-03-12 16:11 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-28 23:52 - 2014-03-12 16:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-28 23:51 - 2014-03-12 16:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-28 23:42 - 2014-03-12 16:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-28 23:40 - 2014-03-12 16:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-28 23:37 - 2014-03-12 16:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-28 23:33 - 2014-03-12 16:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-28 23:33 - 2014-03-12 16:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-28 23:32 - 2014-03-12 16:11 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-28 23:30 - 2014-03-12 16:11 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-28 23:23 - 2014-03-12 16:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-02-28 23:17 - 2014-03-12 16:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-28 23:11 - 2014-03-12 16:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-28 23:02 - 2014-03-12 16:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-28 22:54 - 2014-03-12 16:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-28 22:52 - 2014-03-12 16:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-28 22:51 - 2014-03-12 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-28 22:47 - 2014-03-12 16:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-28 22:43 - 2014-03-12 16:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-28 22:43 - 2014-03-12 16:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-28 22:42 - 2014-03-12 16:11 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-28 22:40 - 2014-03-12 16:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-28 22:38 - 2014-03-12 16:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-28 22:37 - 2014-03-12 16:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-28 22:35 - 2014-03-12 16:11 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-28 22:18 - 2014-03-12 16:11 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-28 22:16 - 2014-03-12 16:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-28 22:14 - 2014-03-12 16:11 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-28 22:10 - 2014-03-12 16:11 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-28 22:03 - 2014-03-12 16:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-28 22:00 - 2014-03-12 16:11 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-28 21:57 - 2014-03-12 16:11 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-28 21:38 - 2014-03-12 16:11 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-28 21:32 - 2014-03-12 16:11 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-28 21:27 - 2014-03-12 16:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-28 21:25 - 2014-03-12 16:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-28 21:25 - 2014-03-12 16:11 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-27 08:51 - 2014-02-27 08:51 - 00000000 _____ () C:\Windows\setuperr.log Files to move or delete:====================C:\ProgramData\PKP_DLdu.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 09:34 ==================== End Of Log ============================
  3. Thanks for the response and sorry for the delay getting back to you ... I've been out of town with no internet access. Following are the logs you requested from the scan: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by sgraessle (administrator) on USRONSGRAESSL02 on 29-03-2014 11:16:25Running from C:\Users\Sgraessle\DownloadsWindows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\windows\system32\WLANExt.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Cisco WebEx LLC) C:\windows\SysWOW64\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe(Microsoft Corp.) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe(McAfee, Inc.) C:\windows\system32\mfevtps.exe(O2Micro International) C:\windows\system32\DRIVERS\o2flash.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe(VMware, Inc.) C:\windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe(VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\windows\CCM\CcmExec.exe(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe(Microsoft Corporation) C:\windows\CCM\RemCtrl\CmRcService.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe() C:\Users\Sgraessle\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe(Microsoft Corporation) C:\windows\splwow64.exe(AT&T Inc.) C:\Users\Sgraessle\AppData\Local\ATT Connect\Participant\pull.exe(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe(Microsoft Corporation) C:\windows\CCM\SCNotification.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-05-25] (Alps Electric Co., Ltd.)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)HKCU Group Policy restriction on software: %WINDIR%\servstat32x.exe <====== ATTENTIONHKCU Group Policy restriction on software: %windir%\system32\eraseme_?????.exe <====== ATTENTIONHKCU Group Policy restriction on software: %WINDIR%\System\smss.exe <====== ATTENTIONHKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTIONHKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTIONHKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTIONHKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTIONHKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [PTOneClick] - C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [370472 2014-02-11] (Cisco WebEx LLC)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-25] (Google Inc.)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [infuzer] - C:\Program Files (x86)\Trondent Development Corp\Infuzer\Infuzer.exe [314880 2011-09-12] (Trondent Development Corp.)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [Amazon Cloud Player] - C:\Users\Sgraessle\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18016888 2012-10-01] (Microsoft Corporation)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Run: [Push Client] - C:\Users\Sgraessle\AppData\Local\ATT Connect\Participant\pull.exe [981824 2012-08-27] (AT&T Inc.)HKU\S-1-5-21-938813117-458837582-310601177-500053\...\Policies\Explorer: [HideSCAHealth] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infor.com/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={A596710F-ADB4-11E2-A626-00059A3C7A00}SearchScopes: HKCU - DefaultScope {528CE639-3960-4CED-893B-C545853A6031} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFD_enUS533SearchScopes: HKCU - {528CE639-3960-4CED-893B-C545853A6031} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFD_enUS533SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={A596710F-ADB4-11E2-A626-00059A3C7A00}BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130421195112.dll (McAfee, Inc.)BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130421195112.dll (McAfee, Inc.)BHO-x32: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-gde-am.infor.com/CACHE/stc/1/binaries/vpnweb.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Sgraessle\AppData\Roaming\Mozilla\Firefox\Profiles\zjiyww71.defaultFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCoreFF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-04-21]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-25]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-25] Chrome: =======CHR Extension: (AdBlock Premium) - C:\Users\Sgraessle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-03-08]CHR Extension: (AdBlock) - C:\Users\Sgraessle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-08]CHR Extension: (Google Wallet) - C:\Users\Sgraessle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Sgraessle\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-04-25] ==================== Services (Whitelisted) ================= R2 CcmExec; C:\windows\CCM\CcmExec.exe [1840208 2012-11-21] (Microsoft Corporation)R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)R3 iMobilityService; C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [30720 2012-10-24] (iPass Inc.)R2 iPlatformService; C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [22528 2012-10-24] (iPass Inc.)R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [239528 2011-06-14] (Microsoft Corp.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-04-21] (McAfee, Inc.)R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-01-12] (McAfee, Inc.)R2 mfevtp; C:\windows\system32\mfevtps.exe [170440 2013-04-21] (McAfee, Inc.)S3 smstsmgr; C:\windows\CCM\TSManager.exe [402000 2012-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-04-21] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-04-21] (McAfee, Inc.)U3 mfeavfk01; No ImagePathR0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-04-21] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-04-21] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-04-21] (McAfee, Inc.)R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)R0 stmtpm; C:\Windows\System32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)R2 VMparport; C:\windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-29 11:16 - 2014-03-29 11:16 - 00022996 _____ () C:\Users\Sgraessle\Downloads\FRST.txt2014-03-29 11:15 - 2014-03-29 11:16 - 00000000 ____D () C:\FRST2014-03-29 11:15 - 2014-03-29 11:15 - 02157056 _____ (Farbar) C:\Users\Sgraessle\Downloads\FRST64.exe2014-03-18 09:26 - 2014-03-18 15:37 - 00000000 ____D () C:\Users\Sgraessle\Documents\-- a NEW 20140318_depm20142014-03-18 07:54 - 2014-03-18 07:54 - 00000482 _____ () C:\windows\PFRO.log2014-03-14 13:55 - 2014-03-14 14:02 - 00000000 ____D () C:\Users\Sgraessle\Downloads\HEADSHOT PHOTOS for INFOR2014-03-10 07:45 - 2014-03-29 11:01 - 00000560 _____ () C:\windows\setupact.log2014-03-10 07:45 - 2014-03-10 07:45 - 00000000 _____ () C:\windows\setuperr.log2014-03-08 11:38 - 2014-03-18 18:11 - 00000000 ____D () C:\Users\Sgraessle\Documents\Virtual Machines2014-03-07 15:44 - 2014-03-07 15:44 - 00001256 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk2014-03-07 15:40 - 2014-03-07 15:40 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes2014-03-06 09:43 - 2014-03-06 09:43 - 00000000 ____D () C:\Users\Sgraessle\Documents\My Received Files2014-03-03 09:16 - 2014-03-03 09:16 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files\iTunes2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files\iPod2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-03 09:11 - 2014-03-03 09:11 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-03 09:11 - 2014-03-03 09:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-02-27 16:09 - 2014-02-27 16:23 - 282061742 _____ () C:\Users\Sgraessle\Downloads\CPM Demo for Synerject-20140227 1902-1.arf ==================== One Month Modified Files and Folders ======= 2014-03-29 11:16 - 2014-03-29 11:16 - 00022996 _____ () C:\Users\Sgraessle\Downloads\FRST.txt2014-03-29 11:16 - 2014-03-29 11:15 - 00000000 ____D () C:\FRST2014-03-29 11:15 - 2014-03-29 11:15 - 02157056 _____ (Farbar) C:\Users\Sgraessle\Downloads\FRST64.exe2014-03-29 11:15 - 2009-07-13 23:45 - 00019328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-29 11:15 - 2009-07-13 23:45 - 00019328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-29 11:08 - 2009-07-14 00:13 - 00790242 _____ () C:\windows\system32\PerfStringBackup.INI2014-03-29 11:06 - 2013-04-21 19:44 - 00000568 _____ () C:\windows\SMSCFG.ini2014-03-29 11:04 - 2013-04-25 07:58 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-29 11:01 - 2014-03-10 07:45 - 00000560 _____ () C:\windows\setupact.log2014-03-29 11:01 - 2013-04-22 08:16 - 00000000 ____D () C:\ProgramData\VMware2014-03-29 11:01 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-03-18 18:11 - 2014-03-08 11:38 - 00000000 ____D () C:\Users\Sgraessle\Documents\Virtual Machines2014-03-18 18:11 - 2013-04-21 22:39 - 01406000 _____ () C:\windows\WindowsUpdate.log2014-03-18 18:09 - 2013-06-21 11:04 - 00000000 ____D () C:\Users\Sgraessle\AppData\Roaming\FileZilla2014-03-18 18:09 - 2013-04-21 20:40 - 00004376 _____ () C:\windows\system32\config\netlogon.ftl2014-03-18 17:34 - 2013-04-25 07:58 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-18 16:01 - 2013-04-22 07:10 - 00000000 ____D () C:\Users\Sgraessle\Documents\-- 5 INFOR ADMINISTRATION and other - WIP2014-03-18 15:37 - 2014-03-18 09:26 - 00000000 ____D () C:\Users\Sgraessle\Documents\-- a NEW 20140318_depm20142014-03-18 13:48 - 2014-02-20 11:57 - 00000000 ____D () C:\Users\Sgraessle\Documents\-- 1 INFOR - DEMO and Solution Related2014-03-18 13:02 - 2013-04-21 19:46 - 00034536 __RSH () C:\ProgramData\ntuser.pol2014-03-18 09:19 - 2013-06-03 08:26 - 00000000 ____D () C:\Users\Sgraessle\AppData\Local\Microsoft Help2014-03-18 08:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Registration2014-03-18 08:03 - 2013-04-21 19:48 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-03-18 08:03 - 2013-04-21 19:48 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-18 07:54 - 2014-03-18 07:54 - 00000482 _____ () C:\windows\PFRO.log2014-03-17 15:59 - 2013-04-22 09:07 - 00000000 ____D () C:\Users\Sgraessle\AppData\Local\VMware2014-03-17 11:06 - 2013-06-20 10:28 - 00000000 __SHD () C:\Users\Sgraessle\Documents\cache2014-03-17 09:18 - 2013-04-22 09:07 - 00000000 ____D () C:\Users\Sgraessle\AppData\Roaming\VMware2014-03-17 07:35 - 2013-04-25 07:58 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-14 14:02 - 2014-03-14 13:55 - 00000000 ____D () C:\Users\Sgraessle\Downloads\HEADSHOT PHOTOS for INFOR2014-03-14 13:54 - 2013-04-22 08:08 - 00000000 ____D () C:\Users\Sgraessle\AppData\Roaming\Webex2014-03-14 13:27 - 2013-04-21 19:48 - 00000000 ____D () C:\ProgramData\webex2014-03-13 17:36 - 2013-04-22 07:16 - 00000000 ____D () C:\Users\Sgraessle\Documents\00 - SG Files2014-03-10 15:12 - 2013-07-12 09:23 - 00000000 ____D () C:\-- Bkups and Xfrs to-from GDE and Others2014-03-10 13:54 - 2013-10-21 14:48 - 00210216 _____ (Cisco WebEx LLC) C:\windows\SysWOW64\atsckernel.exe2014-03-10 11:17 - 2013-04-22 07:18 - 00000000 ____D () C:\Users\Sgraessle\Documents\My Virtual Machines2014-03-10 09:19 - 2013-04-26 15:02 - 00000000 ____D () C:\Users\Sgraessle\Documents\My Scans2014-03-10 07:45 - 2014-03-10 07:45 - 00000000 _____ () C:\windows\setuperr.log2014-03-08 10:51 - 2013-04-22 07:16 - 00000000 ____D () C:\Users\Sgraessle\Documents\-- VM Related2014-03-07 15:44 - 2014-03-07 15:44 - 00001256 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk2014-03-07 15:40 - 2014-03-07 15:40 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes2014-03-06 18:25 - 2013-09-17 18:00 - 00000000 ____D () C:\Users\Sgraessle\Documents\PrintScreen Files2014-03-06 12:56 - 2013-04-21 19:56 - 00000000 ___RD () C:\Users\Sgraessle\Virtual Machines2014-03-06 09:43 - 2014-03-06 09:43 - 00000000 ____D () C:\Users\Sgraessle\Documents\My Received Files2014-03-03 10:22 - 2014-02-03 09:54 - 00000000 ____D () C:\Users\Sgraessle\Downloads\-- DB meetings - non-dEPM2014-03-03 09:16 - 2014-03-03 09:16 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files\iTunes2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files\iPod2014-03-03 09:16 - 2014-03-03 09:16 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-03 09:13 - 2013-05-30 15:19 - 00000000 ____D () C:\ProgramData\Apple2014-03-03 09:11 - 2014-03-03 09:11 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-03-03 09:11 - 2014-03-03 09:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-02-27 16:23 - 2014-02-27 16:09 - 282061742 _____ () C:\Users\Sgraessle\Downloads\CPM Demo for Synerject-20140227 1902-1.arf Some content of TEMP:====================C:\Users\Sgraessle\AppData\Local\Temp\atgpcdec.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 11:47 ==================== End Of Log ============================ Addition.TXT Log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by sgraessle at 2014-03-29 11:16:56Running from C:\Users\Sgraessle\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A} ==================== Installed Programs ====================== 5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)ACT! (HKLM-x32\...\ACT!) (Version: - )Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) HiddenAIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) HiddenAIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) HiddenAirServer (HKLM-x32\...\{A0169C20-A5C9-430B-A2BD-8C5DA22ED7B6}) (Version: 1.9.4 - App Dynamic)Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AT&T Connect Participant Application v9.3.14 (HKLM-x32\...\{7C9F250C-6375-4D83-AFDC-5808F36F6114}) (Version: 9.3.14 - AT&T Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) HiddenCisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) HiddenCopy (x32 Version: 130.0.428.000 - Hewlett-Packard) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddendoPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) HiddenFileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHitachi ID Password Manager Local Reset Extension (HKLM\...\{47B7CB06-E51E-49A0-85E8-E85B0DEA3069}) (Version: 7.3.0 - Hitachi ID Systems, Inc.)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) HiddenHPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) HiddenHPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenInfor2012-rebrand Screensaver (HKLM-x32\...\Infor2012-rebrand Screensaver) (Version: - )Infuzer (HKLM-x32\...\{C0F1FA3D-F23A-4DF3-9134-BB6F539E9E51}) (Version: 1.15 - Infuzer)Infuzer (x32 Version: 1.15 - Infuzer) HiddeniPass Open Mobile (HKLM-x32\...\{03B7A81C-008B-4136-88F0-D4BCB439C7BD}) (Version: - iPass)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) HiddenJava 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMcAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)MDOP MBAM (HKLM\...\{1669699B-087D-4B5A-841D-78D386080A30}) (Version: 1.0.1237.1 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) (HKLM-x32\...\{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}) (Version: - Microsoft)Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) (x32 Version: - Microsoft) HiddenMicrosoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) HiddenMicrosoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Japanese) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Japanese) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Korean) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office IME (Korean) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Arabic) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Basque) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Catalan) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Croatian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Czech) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Danish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Dutch) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Estonian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Finnish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Galician) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Greek) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Hindi) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Japanese) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Kannada) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Korean) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Latvian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Marathi) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Romanian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Russian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Slovak) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Swedish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Tamil) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Telugu) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Thai) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Turkish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Urdu) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Proofing Kit 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools Kit Compilation 2010 (HKLM-x32\...\Office14.PROOFKIT) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network Recording Player (HKLM-x32\...\{7E1151A4-EFC3-430B-A429-A05A838685B6}) (Version: 2.29.3202 - Cisco WebEx LLC)Network Recording Player (HKLM-x32\...\{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)Network64 (Version: 130.0.572.000 - Hewlett-Packard) HiddenNVIDIA Control Panel 296.79 (Version: 296.79 - NVIDIA Corporation) HiddenNVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) HiddenOCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) HiddenQuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.2.1 - Samsung Electronics)Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenSeavus Project Viewer 8.0.0 Corporate Edition (HKLM-x32\...\{96592F41-2234-44F6-BE58-16A36886019F}) (Version: 8.0.0 - Seavus DOOEL)SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenStatus (x32 Version: 130.0.469.000 - Hewlett-Packard) HiddenSymantec Enterprise Vault HTTP-only Outlook Add-In (HKLM-x32\...\{B488296E-CEAD-49EA-A8C0-13E35BC1C82A}) (Version: 9.0.5193 - Symantec Corporation)Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hiddentools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) HiddenTrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) HiddenUnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596963) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{E58B44D4-EBD2-4233-AE33-C3A5220714A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-041A-0000-0000000FF1CE}_Office14.PROOFKIT_{50BF51AD-0146-4962-BF7D-EEB0D74F399C}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)VMware Player (Version: 6.0.1 - VMware, Inc.) HiddenWebEx Productivity Tools (HKLM-x32\...\{782A9DC3-7A5A-4CB1-855B-695FC540720B}) (Version: 2.29.3216 - Cisco WebEx LLC)WebEx Recorder and Player (HKLM-x32\...\{D38AC40B-2F46-43CB-B41B-5E6631F3FE50}) (Version: 3.29.3220 - Cisco WebEx LLC)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 12-03-2014 14:15:16 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {22D53A2D-D331-4735-BA7F-797CC5AD81D9} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle DetectionTask: {6AF418FE-87F1-440C-BC4B-76E7FE66BBE2} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)Task: {6B3C1452-24E6-477B-99BF-A2F9174CA2AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)Task: {8C7FC648-A8FF-4129-92AC-DD23A1CE78A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)Task: {973BAB10-9B0D-49C6-9937-B46F8605590F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {A9D82636-1DF2-41B6-ABAB-E2051E9C3878} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F41C3E0C-1494-495E-B1C4-7A1D359B3B31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-01 21:34 - 2012-10-01 21:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 18:23 - 2010-10-20 18:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2013-10-29 17:35 - 2013-09-10 19:51 - 03109376 _____ () C:\Users\Sgraessle\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2012-08-03 13:53 - 2012-08-03 13:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll2011-01-12 08:08 - 2011-01-12 08:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll2012-10-24 08:34 - 2012-10-24 08:34 - 00886272 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\System.Data.SQLite.dll2012-10-24 08:45 - 2012-10-24 08:45 - 01105920 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\NDISAPI.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2012-10-01 21:33 - 2012-10-01 21:33 - 00022640 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll2012-08-27 14:29 - 2012-08-27 14:29 - 00031744 _____ () C:\Users\Sgraessle\AppData\Local\ATT Connect\Participant\IwRegVC90.dll2012-08-27 14:09 - 2012-08-27 14:09 - 00010240 _____ () C:\Users\Sgraessle\AppData\Local\ATT Connect\Participant\exchndl.dll2014-03-17 07:35 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-02-11 14:29 - 2014-02-11 14:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 18:45 - 2010-10-20 18:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-03-17 07:35 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-17 07:35 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-17 07:35 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-17 07:35 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-17 07:35 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2014-03-17 07:35 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Administrator\Desktop\HardDrive Swap.bat:SummaryInformationAlternateDataStreams: C:\Users\Administrator\Desktop\HardDrive Swap.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Sgraessle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\windows\pss\Samsung Magician.lnk.StartupMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe ==================== Faulty Device Manager Devices ============= Name: WD SES Device USB DeviceDescription: WD SES Device USB DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (03/29/2014 11:05:31 AM) (Source: McLogEvent) (User: NT AUTHORITY)Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 40000 ms to complete a request. The process will be terminated.Thread id : 3780 (0xec4) Thread address : 0x00000000779D15EA Thread message : Build VSCORE.15.0.0.466 / 5600.1067 Object being scanned = \Device\HarddiskVolume2\Program Files (x86)\Trondent Development Corp\Infuzer\Infuzer.exe by C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (03/29/2014 11:02:44 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/18/2014 07:55:17 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 04:32:40 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x2064Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:39 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x3e8Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:39 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x2904Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:39 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x28f0Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:39 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x4c8Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:38 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x37a0Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 Error: (03/17/2014 04:32:38 PM) (Source: Application Error) (User: )Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63aFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x3344Faulting application start time: 0xSearchProtocolHost.exe0Faulting application path: SearchProtocolHost.exe1Faulting module path: SearchProtocolHost.exe2Report Id: SearchProtocolHost.exe3 System errors:=============Error: (03/29/2014 11:06:43 AM) (Source: TermService) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (03/29/2014 11:06:10 AM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (03/29/2014 11:05:40 AM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee McShield service, but this action failed with the following error: %%1056 Error: (03/29/2014 11:05:32 AM) (Source: Service Control Manager) (User: )Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (03/29/2014 11:04:37 AM) (Source: Microsoft-Windows-GroupPolicy) (User: INFOR)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/29/2014 11:03:09 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/29/2014 11:01:47 AM) (Source: NETLOGON) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain INFOR due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (03/18/2014 06:11:44 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/18/2014 05:48:21 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/18/2014 05:37:44 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions:=========================Error: (03/29/2014 11:05:31 AM) (Source: McLogEvent)(User: NT AUTHORITY)Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe400003780 (0xec4)0x00000000779D15EA Build VSCORE.15.0.0.466 / 5600.1067 Object being scanned = \Device\HarddiskVolume2\Program Files (x86)\Trondent Development Corp\Infuzer\Infuzer.exe by C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (03/29/2014 11:02:44 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/18/2014 07:55:17 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 04:32:40 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000000500000000206401cf42286c389cadC:\windows\sysWow64\SearchProtocolHost.exeunknowna9fdefb3-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:39 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c0000005000000003e801cf42286c1116e9C:\windows\sysWow64\SearchProtocolHost.exeunknowna9d61bce-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:39 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000000500000000290401cf42286be94304C:\windows\sysWow64\SearchProtocolHost.exeunknowna9ae960a-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:39 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c00000050000000028f001cf42286bc28093C:\windows\sysWow64\SearchProtocolHost.exeunknowna986e935-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:39 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c0000005000000004c801cf42286b9b9711C:\windows\sysWow64\SearchProtocolHost.exeunknowna9604dd4-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:38 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c00000050000000037a001cf42286b5194abC:\windows\sysWow64\SearchProtocolHost.exeunknowna9170ec2-ae1b-11e3-805d-446d57cb2b92 Error: (03/17/2014 04:32:38 PM) (Source: Application Error)(User: )Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000000500000000334401cf42286b0dfafeC:\windows\sysWow64\SearchProtocolHost.exeunknowna8d39c25-ae1b-11e3-805d-446d57cb2b92 ==================== Memory info =========================== Percentage of memory in use: 24%Total physical RAM: 16340.89 MBAvailable physical RAM: 12295.94 MBTotal Pagefile: 32679.97 MBAvailable Pagefile: 28001.38 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:698.15 GB) (Free:321.07 GB) NTFSDrive f: (1TB Passport Portable) (Fixed) (Total:931.48 GB) (Free:254.04 GB) NTFSDrive g: (SSD) (Fixed) (Total:209.68 GB) (Free:32.44 GB) NTFSDrive j: (White 300GB Seagate) (Fixed) (Total:276.6 GB) (Free:251.02 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 547DC7D5)Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=698 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9BBBD473)Partition 1: (Not Active) - (Size=210 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0003F448)Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ========================================================Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4EAC5488)Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)Partition 2: (Active) - (Size=277 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. I have searched far and wide for information and this is my last shot. I have a WIndow 7 64-bit ASUS laptop. It frequently "freezes" on bootup. After trying to figure out event logs, etc. and lots of searches, I found that if I access "Component Services" (dcomcnfg.exe), go to the properties of "My Computer", go to the "COM Security" tab, click the "Edit Limits" in the "Launch and Activation Permissions" and allowed the "remote activation" option. This resolved my startup issues but I'm concerned about what potential risk this has created. I ran full scan with MBAM and also with the "Beta Rootkit" tool and neither found issues. I've since disabled it. If I need this for a specific application (non threatening), is there anyway to identify it and then create a profile for that remote connection? etc. Thanks in advance for any guidance
  5. Anti-Malware Pro found and quarantined "backdoor.bredavi" successfully. I'm just not sure how it got there or whether I should be concerned about other issues that havn't been detected yet. Any ideas?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.