Jump to content

Need to remove: mysearchdial, continue zip opener installation, savethechildren, truvi browser hijacker


Recommended Posts

Good morning,

 

Time sequence of events:

Yesterday afternoon, my son tried to download some minecraft mods.  I got home and found the following:

 

Desktop:  

Save the Children (by we care)

mysearchdial

Continue Zip Opener Installation

 

Browser default pages opened:

truvi

myspeeddial

 

Browser could reach all other pages I tried (e.g., google, wikipedia).

Manually removed save the children via windows control panel

 

Ran free version of MBAM, 200 items in category PUP found.

All were either successfully removed, or would be removed upon restart.

 

Restarted.

 

Browser hijacks still in place.

Could not get to wikipedia, google, or some other sites.  Could get to duckduckgo and malwarebytes, though.

 

Tried to manually uninstall mysearchdial using control panel

The popup told me to verify all browsers were closed first.  Closed them, tried again.  After hitting 'ok', nothing else happened.

 

Manually reconfigured chrome, IE to start the way I had them configured beforehand.

Chrome looks ok, IE still has mysearchdial as the default new page.

 

Any help you can give will be greatly appreciated!

Thanks,

-Ridcully

 

Below:  FRST.txt, addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by keith (administrator) on KEITH-HP on 14-06-2014 10:18:10
Running from C:\Users\keith\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-07-04] (Synaptics Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-07-04] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-20] (Easybits)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-22]
CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-06-11]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-19]
 
==================== Services (Whitelisted) =================
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-08-08] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-24] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-13] (Symantec Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140613.001_620\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140613.017_5d5\ENG64.SYS [126040 2014-06-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140613.017_5d5\EX64.SYS [2099288 2014-06-13] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-14 10:18 - 2014-06-14 10:19 - 00025754 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-14 10:17 - 2014-06-14 10:18 - 00000000 ____D () C:\FRST
2014-06-14 10:16 - 2014-06-14 10:16 - 02081792 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-13 18:29 - 2014-06-14 08:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-13 18:28 - 2014-06-13 18:28 - 00000000 ____D () C:\Users\keith\AppData\Local\SearchProtect
2014-06-13 18:27 - 2014-06-14 09:02 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-13 07:55 - 2014-06-14 09:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-13 06:59 - 2014-06-14 09:59 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-13 06:59 - 2014-06-14 09:02 - 00000000 ____D () C:\Users\keith\AppData\Roaming\MySearchDial
2014-06-13 06:59 - 2014-06-14 09:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Mysearchdial
2014-06-13 06:59 - 2014-06-13 06:59 - 00003228 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-06-13 06:55 - 2014-06-14 09:55 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-06-13 06:55 - 2014-06-14 09:02 - 00000000 ____D () C:\Users\keith\AppData\Roaming\DigitalSites
2014-06-13 06:55 - 2014-06-13 06:55 - 00003228 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-06-13 06:55 - 2014-06-13 06:55 - 00001100 _____ () C:\Users\keith\Desktop\Continue Zip Opener Installation.lnk
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:24 - 2014-06-11 22:24 - 00000000 ____D () C:\Users\keith\AppData\Local\{3948BFAE-98C4-49C4-9F37-FE1397290822}
2014-06-11 22:02 - 2014-06-11 22:17 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:01 - 2014-06-11 22:23 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:01 - 2014-06-11 22:06 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:11 - 2014-06-11 19:13 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:08 - 2014-06-11 19:13 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:08 - 2014-06-11 19:12 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-09 23:38 - 2014-06-09 23:38 - 00000000 ____D () C:\Users\keith\AppData\Local\{DE5B2AA0-0B31-4FE0-9312-3C2FC6863424}
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:25 - 2014-05-26 19:27 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-24 23:26 - 2014-05-25 00:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-22 21:12 - 2014-05-22 21:13 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:08 - 2014-05-22 21:12 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:07 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:01 - 2014-05-22 21:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 20:59 - 2014-05-22 21:00 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-06-09 19:53 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:16 - 2014-05-20 00:17 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
2014-05-18 10:38 - 2014-05-18 10:38 - 02734592 _____ (Python Software Foundation) C:\Windows\SysWOW64\python34.dll
2014-05-18 10:37 - 2014-05-18 10:37 - 00102912 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-05-18 10:37 - 2014-05-18 10:37 - 00102400 _____ (Python Software Foundation) C:\Windows\py.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-14 10:19 - 2014-06-14 10:18 - 00025754 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-14 10:19 - 2013-05-24 06:23 - 00000000 ____D () C:\Users\keith\AppData\Local\Temp
2014-06-14 10:18 - 2014-06-14 10:17 - 00000000 ____D () C:\FRST
2014-06-14 10:16 - 2014-06-14 10:16 - 02081792 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-14 10:01 - 2013-05-24 06:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF5ABD8-6610-4A4A-AC3B-8E36C0A70595}
2014-06-14 09:59 - 2014-06-13 06:59 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-14 09:55 - 2014-06-13 07:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-14 09:55 - 2014-06-13 06:55 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-06-14 09:53 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 09:53 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 09:52 - 2009-07-14 01:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-14 09:50 - 2013-05-24 02:14 - 01448927 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 09:46 - 2013-07-22 21:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 09:46 - 2013-05-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-14 09:45 - 2013-05-24 06:22 - 00000000 ____D () C:\Users\keith
2014-06-14 09:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 09:45 - 2009-07-14 00:51 - 00057757 _____ () C:\Windows\setupact.log
2014-06-14 09:02 - 2014-06-13 18:27 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-14 09:02 - 2014-06-13 06:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\MySearchDial
2014-06-14 09:02 - 2014-06-13 06:59 - 00000000 ____D () C:\Users\keith\AppData\Local\Mysearchdial
2014-06-14 09:02 - 2014-06-13 06:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\DigitalSites
2014-06-14 09:02 - 2013-05-24 02:22 - 00000000 ____D () C:\ProgramData\Norton
2014-06-14 09:02 - 2011-03-30 23:26 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-14 08:59 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-13 18:28 - 2014-06-13 18:28 - 00000000 ____D () C:\Users\keith\AppData\Local\SearchProtect
2014-06-13 09:35 - 2013-07-22 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 06:59 - 2014-06-13 06:59 - 00003228 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-06-13 06:55 - 2014-06-13 06:55 - 00003228 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-06-13 06:55 - 2014-06-13 06:55 - 00001100 _____ () C:\Users\keith\Desktop\Continue Zip Opener Installation.lnk
2014-06-12 17:29 - 2013-07-22 21:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 17:26 - 2013-05-30 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-12 17:25 - 2013-07-04 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:24 - 2014-06-11 22:24 - 00000000 ____D () C:\Users\keith\AppData\Local\{3948BFAE-98C4-49C4-9F37-FE1397290822}
2014-06-11 22:23 - 2014-06-11 22:01 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:17 - 2014-06-11 22:02 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:06 - 2014-06-11 22:01 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:13 - 2014-06-11 19:11 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:13 - 2014-06-11 19:08 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:12 - 2014-06-11 19:08 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-11 00:56 - 2013-12-20 20:31 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP
2014-06-11 00:23 - 2014-04-22 15:32 - 00000000 ____D () C:\Users\dub_cm_auto
2014-06-11 00:23 - 2010-11-20 23:47 - 01083446 _____ () C:\Windows\PFRO.log
2014-06-10 19:31 - 2013-06-02 15:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkeith
2014-06-10 19:31 - 2013-06-02 02:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForkeith.job
2014-06-09 23:38 - 2014-06-09 23:38 - 00000000 ____D () C:\Users\keith\AppData\Local\{DE5B2AA0-0B31-4FE0-9312-3C2FC6863424}
2014-06-09 19:53 - 2014-05-20 00:18 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-05-29 17:46 - 2013-06-15 23:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Factorio
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:27 - 2014-05-26 19:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-25 00:55 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-24 18:28 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\keith\Documents\Universe Sandbox
2014-05-22 21:14 - 2013-05-24 23:09 - 00000000 ____D () C:\Users\keith\Documents\My Games
2014-05-22 21:13 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:12 - 2014-05-22 21:08 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:07 - 2014-05-22 21:04 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:02 - 2014-05-22 21:01 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 21:00 - 2014-05-22 20:59 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:44 - 2013-06-07 17:47 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-20 00:44 - 2011-03-30 23:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:36 - 2013-06-04 07:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 00:36 - 2013-06-04 07:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-20 00:35 - 2014-01-13 14:03 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-20 00:35 - 2014-01-13 14:03 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-20 00:31 - 2013-06-22 10:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\SoftGrid Client
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:17 - 2014-05-20 00:16 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
2014-05-18 10:38 - 2014-05-18 10:38 - 02734592 _____ (Python Software Foundation) C:\Windows\SysWOW64\python34.dll
2014-05-18 10:37 - 2014-05-18 10:37 - 00102912 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-05-18 10:37 - 2014-05-18 10:37 - 00102400 _____ (Python Software Foundation) C:\Windows\py.exe
 
Some content of TEMP:
====================
C:\Users\keith\AppData\Local\Temp\1274uninstall.exe
C:\Users\keith\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\keith\AppData\Local\Temp\Sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-08 04:11
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by keith at 2014-06-14 10:19:22
Running from C:\Users\keith\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio Pro (HKLM-x32\...\Steam App 100970) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Baggin the Dragon Home Ed v2 (HKLM-x32\...\Baggin the Dragon Home Ed v2) (Version: 2.0.9 - EdAlive)
Bardbarian (HKLM-x32\...\Steam App 269490) (Version:  - TreeFortress Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Byki (x32 Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Standard (HKLM-x32\...\Byki Standard) (Version: 4.0 - Transparent Language, Inc.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0315.958.16016 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0315.958.16016 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help English (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help French (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help German (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
ccc-utility64 (Version: 2011.0315.958.16016 - ATI) Hidden
Chessmaster (HKLM-x32\...\Steam App 37200) (Version:  - PlayFirst)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version:  - Knuckle Cracker)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dungeon Siege (HKLM-x32\...\Steam App 39190) (Version:  - Gas Powered Games)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Enthought Canopy (64-bit) (HKLM\...\{93D7DF53-FDD4-4270-B83C-1EBC15FA1A87}) (Version: 1.4.0.233 - Enthought, Inc.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Everyday Genius: SquareLogic (HKLM-x32\...\Steam App 32150) (Version:  - TrueThought)
Factorio version 0.6.4 (HKLM-x32\...\Factorio_is1) (Version:  - )
Factorio version 0.8.8 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Monster Loves You! (HKLM-x32\...\Steam App 226740) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Mysearchdial (HKCU\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die 2 Workshop Tool (HKLM-x32\...\Steam App 242150) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penny Arcade's On the Rain-Slick Precipice of Darkness 4 (HKLM-x32\...\Steam App 237570) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prime World: Defenders (HKLM-x32\...\Steam App 235360) (Version:  - Nival)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Shooter: The FPS Roguelike Demo (HKLM-x32\...\Steam App 298010) (Version:  - Hippomancer)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - )
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version:  - Croteam)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Solar 2 (HKLM-x32\...\Steam App 97000) (Version:  - Murudai)
Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version:  - Malfador Machinations)
SPELL-JAM (remove only) (HKLM-x32\...\SPELL-JAM) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starlite: Astronaut Rescue (HKLM-x32\...\Steam App 266090) (Version:  - Project Whitecard Studios Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version:  - NeocoreGames)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - )
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Transparent Language System (HKLM-x32\...\Transparent Language System) (Version: 11.0 - Transparent Language, Inc.)
Transparent Language System (x32 Version: 11.0 - Transparent Language, Inc.) Hidden
Typing Tournament Home Ed v2 (HKLM-x32\...\Typing Tournament Home Ed v2) (Version: 2.0.9 - EdAlive)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ultimate Math Invaders Home Ed v2 (HKLM-x32\...\Ultimate Math Invaders Home Ed v2) (Version: 2.0.9 - EdAlive)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Zip Opener (HKCU\...\Digital Sites) (Version:  - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Words Rock Home Ed v2 (HKLM-x32\...\Words Rock Home Ed v2) (Version: 2.0.9 - EdAlive)
XSplit Broadcaster (HKLM-x32\...\{395B4656-8D3B-4586-BC07-E06E679C5E99}) (Version: 1.3.1402.2002 - SplitMediaLabs)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
13-06-2014 13:55:26 Scheduled Checkpoint
14-06-2014 00:02:58 Removed SavetheChildren App by We-Care.com v4.1.30.4
14-06-2014 12:59:11 Restore Operation
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0E029224-DC37-449B-AE6E-A7DEEE40CCFA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1F160C03-84A4-47FE-A052-B217A8A37C23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {32351754-BE95-4499-9BB2-1A6E04C2EF7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {36D9C9C7-7E87-43BB-853A-93FB817D890C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {468D7D23-5094-481D-96A4-1840EFCFC021} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {4785BB17-3A0A-4EBF-9952-5B84E54333D0} - System32\Tasks\MySearchDial => C:\Users\keith\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5DD5C320-FE3D-4243-8070-C34B6876B946} - System32\Tasks\Digital Sites => C:\Users\keith\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {6E69BD5B-BADD-4A3C-A829-1EDC7E00C4C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6F1BEF6D-E7F7-47CD-A303-BB04FC0AD60C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {89579780-77B5-4954-8E5E-49A3C7ECE9FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8A5D1F5C-E805-40DC-8DAE-BC01CA88B759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {A52AF7DF-0ADF-4FE8-B70B-0B5D4BECBD6F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {CAC923E3-7145-4C23-9E0C-5B7CA5DA2E2F} - System32\Tasks\HPCeeScheduleForkeith => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {ED2DA54D-4D69-4FAC-8DCB-5BB2E99FF1AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-10] (Microsoft)
Task: {F53521A6-33D5-4386-8438-341E9543B062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {FCFFBE22-8860-4726-B00A-008A84688B53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\keith\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkeith.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\keith\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-05-24 22:54 - 2013-05-24 22:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-05-24 02:11 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-14 17:21 - 2011-03-14 17:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 12:57 - 2011-03-15 12:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 05:21 - 2010-06-24 05:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-21 20:21 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-20 00:35 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-21 20:21 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 08:55 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-04-23 18:30 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 20:21 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-21 20:21 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-05-03 15:35 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-02-24 20:12 - 2014-02-24 20:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2013-05-24 02:10 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-01-03 07:03 - 2014-01-03 07:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 07:03 - 2014-01-03 07:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 07:03 - 2014-01-03 07:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 07:03 - 2014-01-03 07:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 07:03 - 2014-01-03 07:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2014 09:46:44 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 
Error: (06/14/2014 09:45:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2014 08:48:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26865541
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26865541
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18596707
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18596707
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/13/2014 06:33:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18595709
 
 
System errors:
=============
Error: (06/14/2014 09:46:36 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (06/14/2014 09:45:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (06/13/2014 00:42:08 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/11/2014 00:25:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (06/11/2014 00:25:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/11/2014 00:20:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/27/2014 08:52:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/27/2014 08:52:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/21/2014 08:22:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/21/2014 08:22:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (06/14/2014 09:46:44 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 
Error: (06/14/2014 09:45:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2014 08:48:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26865541
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26865541
 
Error: (06/14/2014 08:39:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18596707
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18596707
 
Error: (06/13/2014 06:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/13/2014 06:33:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18595709
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 8139.86 MB
Available physical RAM: 4822.23 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12055.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.8 GB) (Free:112.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:409.02 GB) (Free:73.27 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.66 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (MUPPET_US                       ) (CDROM) (Total:7.91 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FFDD3015)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8A53F49A)
Partition 1: (Not Active) - (Size=409 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57 GB) - (Type=05)
 
==================== End Of Log ============================

 

 

 

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Good morning, and thanks for the response.  

 

Some updates since my initial post.  I rebooted into safe mode and reran MBAM.  It found additional processes, removed them, and then rebooted.  After that, IE came up with the default page.  With the reboot that MBAM required, Microsoft installed its important updates, which included a number of security fixes.  

 

Logs from the requested runs appended.  M.BAM is still running (takes ~2 hours), and I will post when I return from work (~1730 EDT)

 

Thanks again for the assistance!

-Ridcully

===================================================

Rkill:

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/17/2014 08:35:46 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1884) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/17/2014 08:36:58 AM
Execution time: 0 hours(s), 1 minute(s), and 11 seconds(s)
 
===============================================
ERUNT
 
Completed, selected folder:  C:\Windows\ERDNT\6-17-2014
 
===============================================
 
MBAM:  Running
 
RogueKiller:  Not yet run.
Link to post
Share on other sites

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.06.10.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17126

keith :: KEITH-HP [administrator]

 

6/17/2014 8:44:57 AM

mbam-log-2014-06-17 (08-44-57).txt

 

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 630528

Time elapsed: 2 hour(s), 32 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

==============================================================================
Link to post
Share on other sites

Howdy -- here is the last item from the earlier to-do list.  

 

Please let me know what the next steps should be.  

 

Thanks,

-Ridcully

==============================================================

 

RogueKiller

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : keith [Admin rights]
Mode : Scan -- Date : 06/17/2014  20:23:09
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[suspicious.Path] Digital Sites.job -- C:\Users\keith\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] MySearchDial.job -- C:\Users\keith\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\Digital Sites -- C:\Users\keith\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\MySearchDial -- C:\Users\keith\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++
--- User ---
[MBR] 97aaf9241fec2f79db1f166c52a62ac2
[bSP] 9a8f01db0f54433417e61687745fbf94 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461621 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945809408 | Size: 15015 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TOSHIBA MK5076GSX +++++
--- User ---
[MBR] 018e2859f9757357b535303267b91890
[bSP] ac3ad0b7d60c20a969692521fcfaf959 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 418840 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 857788414 | Size: 58097 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

(additional logs coming as the scans finish)

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by keith on Tue 06/17/2014 at 21:51:07.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{00A2F309-78EE-4BCE-909F-E92AE289C38A}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{23DA7390-712C-4F1F-AA58-1308CC195960}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{2E193703-588A-435C-A4E5-A7D0E807CA65}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{3948BFAE-98C4-49C4-9F37-FE1397290822}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{398B7FFB-1D26-4843-89D7-426F5DA8B39E}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{842847B0-1ACF-4683-A917-A828E7B525C2}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{85F27814-D0C9-4124-9C0E-9F5378240012}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{8AB3CC8C-85B0-4FBD-87CF-4A1565A11696}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{8F0148CA-2C5A-495D-98AB-0F5532DBC915}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{A342D603-39B5-407A-AAA3-AB9207305D06}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{DE5B2AA0-0B31-4FE0-9312-3C2FC6863424}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{E7B15675-B3FC-4D23-B696-F5BF3D4E2DEF}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{F0941F4B-DD4C-46B5-9AFF-B5588461EFD9}
Successfully deleted: [Empty Folder] C:\Users\keith\appdata\local\{F53C8194-730A-4490-A9F5-5D7D8FB0D656}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/17/2014 at 21:58:47.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

First ADW Cleaner log -- I am going to let it remove all of these items.  

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 22:02:50
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : keith - KEITH-HP
# Running from : C:\Users\keith\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\System32\Tasks\Digital Sites
File Found : C:\Windows\System32\Tasks\MySearchDial
File Found : C:\Windows\Tasks\Digital Sites.job
File Found : C:\Windows\Tasks\MySearchDial.job
Folder Found : C:\Users\keith\AppData\Local\SearchProtect
Folder Found : C:\Users\keith\AppData\Roaming\DigitalSites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
Found [Extension] : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
AdwCleaner[R0].txt - [1752 octets] - [17/06/2014 22:02:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1812 octets] ##########
Link to post
Share on other sites

Post-restart AdwCleaner log.  I will start the MBAM scan now.  It should complete in ~2.5 hours.

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 22:06:20
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : keith - KEITH-HP
# Running from : C:\Users\keith\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\keith\AppData\Local\SearchProtect
Folder Deleted : C:\Users\keith\AppData\Roaming\DigitalSites
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Tasks\Digital Sites.job
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=batman+bey&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
AdwCleaner[R0].txt - [1908 octets] - [17/06/2014 22:02:50]
AdwCleaner[s0].txt - [2125 octets] - [17/06/2014 22:06:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2185 octets] ##########
Link to post
Share on other sites

MBAM log.  I notice that this scanned 283k items, whereas the previous scan scanned over 600k items.  It also took < 10 minutes, compared to a bit more than 2.5 hours for the previous run.

(I also notice that tonight's database update also pulled down a new version of the tool.)

 

When i went to the ESET online scanner, I never get prompted for the activeX controller.  I get a popup window (http://www.eset.com/us/online-scanner-popup/), which has a small box in the upper left corner, but nothing else.

 

Do I need to change the security settings in IE for this to run properly?  

 

 

===================================

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/17/2014
Scan Time: 10:19:34 PM
Logfile: MBAM_log_20140617_2230.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.17.13
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: keith
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283624
Time Elapsed: 9 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Click Start

  • Make sure that the option Remove found threats is unticked

Click on Advanced Settings and ensure these options are ticked:

  • Scan for potentially unwanted applications

  • Scan for potentially unsafe applications

Enable Anti-Stealth Technology

There was no option for "Scan for potentially unwanted applications"

 

Under advanced settings:

Remove found threats (unchecked)

Scan archives (checked)

Scan for potentially unsafe applications (checked)

Enable Anti-Stealth technology (checked)

 

Current scan targets:  Operating memory, local drives

Use custom proxy settings (unchecked)

Link to post
Share on other sites

ESET is currently at 15% done (143k files scanned) after 36 minutes.  I'm going to head off to bed and post results in the morning (Eastern time zone here).

 

Any idea why MBAM checked so many fewer files the second time?

 

Thanks for the help!

-Ridcully

Link to post
Share on other sites

ESET results:

No threats found:

Scanned Files:  398344

Infected files:  0

Cleaned files:  0

Total scan time:  01:52:38

Scan status:  Finished

 

FRST64  

I left it with the default settings

Whitelist:  all options checked.

Optional scan:  no options checked.

 

There was no addition.txt, since I ran the tool earlier (first entry of this email chain).  I am heading out to work now, and will be back this evening (EDT).

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by keith (administrator) on KEITH-HP on 18-06-2014 08:27:09
Running from C:\Users\keith\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-07-04] (Synaptics Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-07-04] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-20] (Easybits)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-22]
CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-06-11]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-19]
 
==================== Services (Whitelisted) =================
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-08-08] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-24] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140617.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.009\ENG64.SYS [126040 2014-06-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.009\EX64.SYS [2099288 2014-06-16] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-18 08:27 - 2014-06-18 08:27 - 00024731 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-18 08:24 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion
2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-17 22:15 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-17 22:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-17 22:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-17 22:10 - 2014-06-18 08:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 22:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-17 22:02 - 2014-06-17 22:06 - 00000000 ____D () C:\AdwCleaner
2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt
2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 21:50 - 2014-06-17 22:05 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt
2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt
2014-06-17 21:46 - 2014-06-17 21:47 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe
2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList
2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe
2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-17 08:41 - 2014-06-17 08:42 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe
2014-06-17 08:35 - 2014-06-17 08:36 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt
2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe
2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 22:25 - 2014-06-16 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-16 22:24 - 2014-06-17 20:38 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++
2014-06-16 22:24 - 2014-06-16 22:26 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe
2014-06-16 22:21 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe
2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-14 11:13 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE
2014-06-14 10:17 - 2014-06-18 08:27 - 00000000 ____D () C:\FRST
2014-06-14 10:16 - 2014-06-18 08:24 - 02081280 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-13 18:29 - 2014-06-14 08:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-13 18:27 - 2014-06-14 09:02 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-13 07:55 - 2014-06-16 00:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:02 - 2014-06-11 22:17 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:01 - 2014-06-11 22:23 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:01 - 2014-06-11 22:06 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:11 - 2014-06-11 19:13 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:08 - 2014-06-11 19:13 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:08 - 2014-06-11 19:12 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-10 19:47 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 19:47 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 19:47 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 19:47 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 19:47 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 19:47 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 19:47 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 19:47 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 19:47 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 19:47 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 19:47 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 19:47 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 19:47 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 19:47 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 19:47 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 19:47 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 19:47 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 19:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 19:47 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 19:47 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 19:47 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 19:47 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 19:47 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 19:47 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 19:47 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 19:47 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 19:47 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 19:47 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 19:47 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 19:47 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 19:47 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 19:47 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 19:47 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 19:47 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 19:47 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 19:47 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 19:47 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 19:47 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 19:47 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 19:47 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 19:47 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 19:47 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 19:47 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 19:47 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 19:47 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 19:47 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 19:47 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 19:47 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 19:47 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 19:47 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 19:47 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 19:47 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 19:47 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 19:47 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 19:47 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 19:47 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 19:47 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 19:47 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 19:47 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 19:47 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 19:46 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 19:46 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:25 - 2014-05-26 19:27 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-24 23:26 - 2014-05-25 00:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-22 21:12 - 2014-05-22 21:13 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:08 - 2014-05-22 21:12 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:07 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:01 - 2014-05-22 21:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 20:59 - 2014-05-22 21:00 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-06-09 19:53 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:16 - 2014-05-20 00:17 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
 
==================== One Month Modified Files and Folders =======
 
2014-06-18 08:27 - 2014-06-18 08:27 - 00024731 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-18 08:27 - 2014-06-14 10:17 - 00000000 ____D () C:\FRST
2014-06-18 08:27 - 2013-05-24 06:23 - 00000000 ____D () C:\Users\keith\AppData\Local\Temp
2014-06-18 08:24 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion
2014-06-18 08:24 - 2014-06-14 10:16 - 02081280 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-18 08:23 - 2013-07-22 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 08:22 - 2014-06-17 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 02:45 - 2013-05-24 02:14 - 01638824 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 01:11 - 2013-05-24 06:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF5ABD8-6610-4A4A-AC3B-8E36C0A70595}
2014-06-18 00:27 - 2013-12-20 20:31 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP
2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 22:16 - 2014-01-03 11:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-17 22:15 - 2013-07-03 20:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-17 22:14 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2013-12-26 19:00 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Malwarebytes
2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 22:08 - 2013-07-22 21:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 22:08 - 2013-05-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-17 22:07 - 2010-11-20 23:47 - 01242160 _____ () C:\Windows\PFRO.log
2014-06-17 22:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 22:07 - 2009-07-14 00:51 - 00057981 _____ () C:\Windows\setupact.log
2014-06-17 22:06 - 2014-06-17 22:02 - 00000000 ____D () C:\AdwCleaner
2014-06-17 22:05 - 2014-06-17 21:50 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt
2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt
2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt
2014-06-17 21:47 - 2014-06-17 21:46 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe
2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe
2014-06-17 20:38 - 2014-06-16 22:24 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList
2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe
2014-06-17 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-17 08:42 - 2014-06-17 08:41 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe
2014-06-17 08:36 - 2014-06-17 08:35 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt
2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe
2014-06-16 23:04 - 2013-05-24 06:29 - 00000000 ___RD () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-16 23:04 - 2013-05-24 06:29 - 00000000 ___RD () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-16 23:02 - 2009-07-14 00:45 - 00288304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 23:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-16 22:30 - 2014-06-16 22:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 22:26 - 2014-06-16 22:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe
2014-06-16 22:22 - 2014-06-16 22:21 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe
2014-06-16 19:35 - 2013-06-08 10:24 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-16 19:26 - 2013-06-07 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 00:55 - 2014-06-13 07:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-14 19:31 - 2013-06-02 15:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkeith
2014-06-14 19:31 - 2013-06-02 02:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForkeith.job
2014-06-14 15:12 - 2013-06-15 23:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Factorio
2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-14 11:14 - 2014-06-14 11:13 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE
2014-06-14 11:14 - 2013-07-06 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-14 09:45 - 2013-05-24 06:22 - 00000000 ____D () C:\Users\keith
2014-06-14 09:02 - 2014-06-13 18:27 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-14 09:02 - 2013-05-24 02:22 - 00000000 ____D () C:\ProgramData\Norton
2014-06-14 09:02 - 2011-03-30 23:26 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-14 08:59 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-12 17:29 - 2013-07-22 21:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 17:26 - 2013-05-30 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-12 17:25 - 2013-07-04 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:23 - 2014-06-11 22:01 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:17 - 2014-06-11 22:02 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:06 - 2014-06-11 22:01 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:13 - 2014-06-11 19:11 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:13 - 2014-06-11 19:08 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:12 - 2014-06-11 19:08 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-11 00:23 - 2014-04-22 15:32 - 00000000 ____D () C:\Users\dub_cm_auto
2014-06-09 19:53 - 2014-05-20 00:18 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-06-08 05:13 - 2014-06-10 19:46 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 19:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 17:17 - 2014-06-16 22:25 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-30 06:21 - 2014-06-10 19:47 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 19:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 19:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 19:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 19:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 19:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 19:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 19:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 19:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 19:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 19:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 19:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 19:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 19:47 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 19:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 19:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 19:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 19:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 19:47 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 19:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 19:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 19:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 19:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 19:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 19:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 19:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 19:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 19:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 19:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 19:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 19:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 19:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 19:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 19:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 19:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 19:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 19:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 19:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 19:47 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 19:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 19:47 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 19:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 19:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 19:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 19:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:27 - 2014-05-26 19:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-25 00:55 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-24 18:28 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\keith\Documents\Universe Sandbox
2014-05-22 21:14 - 2013-05-24 23:09 - 00000000 ____D () C:\Users\keith\Documents\My Games
2014-05-22 21:13 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:12 - 2014-05-22 21:08 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:07 - 2014-05-22 21:04 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:02 - 2014-05-22 21:01 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 21:00 - 2014-05-22 20:59 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:44 - 2013-06-07 17:47 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-20 00:44 - 2011-03-30 23:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:36 - 2013-06-04 07:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 00:36 - 2013-06-04 07:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-20 00:35 - 2014-01-13 14:03 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-20 00:35 - 2014-01-13 14:03 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-20 00:31 - 2013-06-22 10:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\SoftGrid Client
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:17 - 2014-05-20 00:16 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
 
Some content of TEMP:
====================
C:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\keith\AppData\Local\Temp\Quarantine.exe
C:\Users\keith\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 02:21
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Howdy,

 

Attached are the contents of fixlog.txt. 

 

Hope this helps,

-Ridcully

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by keith at 2014-06-19 00:07:29 Run:1
Running from C:\Users\keith\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
C:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\keith\AppData\Local\Temp\Quarantine.exe
C:\Users\keith\AppData\Local\Temp\xmlUpdater.exe
 
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}' => Key deleted successfully.
'HKCR\CLSID\{307679DE-83ED-4077-82D2-BD13FE0112B1}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}' => Key deleted successfully.
'HKCR\CLSID\{307679DE-83ED-4077-82D2-BD13FE0112B1}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKLM\Software\MozillaPlugins\@java.com/JavaPlugin' => Key deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Moved successfully.
'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2' => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\keith\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\keith\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Good morning;

 

When posting both, I got a 'message too long' error.  

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by keith (administrator) on KEITH-HP on 19-06-2014 07:45:35
Running from C:\Users\keith\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-07-04] (Synaptics Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-07-04] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-20] (Easybits)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-22]
CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-06-11]
CHR Extension: (Norton Identity Protection) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-19]
 
==================== Services (Whitelisted) =================
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-08-08] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-24] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140618.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140618.016\ENG64.SYS [126040 2014-06-16] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140618.016\EX64.SYS [2099288 2014-06-16] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-18 08:31 - 2014-06-18 08:31 - 00000000 ____D () C:\Users\keith\AppData\Local\{8D362AC9-F45B-4584-9240-B29F83BC3552}
2014-06-18 08:27 - 2014-06-19 07:46 - 00021996 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-18 08:24 - 2014-06-19 00:07 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion
2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-17 22:15 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-17 22:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-17 22:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-17 22:10 - 2014-06-19 07:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 22:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-17 22:02 - 2014-06-17 22:06 - 00000000 ____D () C:\AdwCleaner
2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt
2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 21:50 - 2014-06-17 22:05 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt
2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt
2014-06-17 21:46 - 2014-06-17 21:47 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe
2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList
2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe
2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-17 08:41 - 2014-06-17 08:42 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe
2014-06-17 08:35 - 2014-06-17 08:36 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt
2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe
2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 22:25 - 2014-06-16 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-16 22:24 - 2014-06-17 20:38 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++
2014-06-16 22:24 - 2014-06-16 22:26 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe
2014-06-16 22:21 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe
2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-14 11:13 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE
2014-06-14 10:17 - 2014-06-19 07:45 - 00000000 ____D () C:\FRST
2014-06-14 10:16 - 2014-06-19 00:07 - 02082304 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-13 18:29 - 2014-06-14 08:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-13 18:27 - 2014-06-14 09:02 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-13 07:55 - 2014-06-16 00:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:02 - 2014-06-11 22:17 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:01 - 2014-06-11 22:23 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:01 - 2014-06-11 22:06 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:11 - 2014-06-11 19:13 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:11 - 2014-06-11 19:13 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:08 - 2014-06-11 19:13 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:08 - 2014-06-11 19:12 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-10 19:47 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 19:47 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 19:47 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 19:47 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 19:47 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 19:47 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 19:47 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 19:47 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 19:47 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 19:47 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 19:47 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 19:47 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 19:47 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 19:47 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 19:47 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 19:47 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 19:47 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 19:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 19:47 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 19:47 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 19:47 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 19:47 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 19:47 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 19:47 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 19:47 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 19:47 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 19:47 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 19:47 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 19:47 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 19:47 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 19:47 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 19:47 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 19:47 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 19:47 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 19:47 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 19:47 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 19:47 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 19:47 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 19:47 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 19:47 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 19:47 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 19:47 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 19:47 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 19:47 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 19:47 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 19:47 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 19:47 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 19:47 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 19:47 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 19:47 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 19:47 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 19:47 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 19:47 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 19:47 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 19:47 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 19:47 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 19:47 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 19:47 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 19:47 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 19:47 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 19:46 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 19:46 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:25 - 2014-05-26 19:27 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-24 23:26 - 2014-05-25 00:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-22 21:12 - 2014-05-22 21:13 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:08 - 2014-05-22 21:12 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:07 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:01 - 2014-05-22 21:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 20:59 - 2014-05-22 21:00 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-06-09 19:53 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:16 - 2014-05-20 00:17 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 07:46 - 2014-06-18 08:27 - 00021996 _____ () C:\Users\keith\Desktop\FRST.txt
2014-06-19 07:46 - 2013-05-24 02:14 - 01657855 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 07:45 - 2014-06-14 10:17 - 00000000 ____D () C:\FRST
2014-06-19 07:44 - 2013-05-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-19 07:43 - 2014-06-17 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 07:43 - 2013-07-22 21:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 07:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 07:42 - 2009-07-14 00:51 - 00058037 _____ () C:\Windows\setupact.log
2014-06-19 07:40 - 2013-07-22 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 02:31 - 2013-05-24 06:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF5ABD8-6610-4A4A-AC3B-8E36C0A70595}
2014-06-19 01:43 - 2013-12-20 20:31 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP
2014-06-19 00:07 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion
2014-06-19 00:07 - 2014-06-14 10:16 - 02082304 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2014-06-18 23:56 - 2013-06-02 15:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkeith
2014-06-18 23:56 - 2013-06-02 02:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForkeith.job
2014-06-18 08:31 - 2014-06-18 08:31 - 00000000 ____D () C:\Users\keith\AppData\Local\{8D362AC9-F45B-4584-9240-B29F83BC3552}
2014-06-18 08:31 - 2014-02-22 22:52 - 00000000 ____D () C:\Users\keith\AppData\Local\Windows Live
2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 22:16 - 2014-01-03 11:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-17 22:15 - 2013-07-03 20:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-17 22:14 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 22:10 - 2013-12-26 19:00 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Malwarebytes
2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 22:07 - 2010-11-20 23:47 - 01242160 _____ () C:\Windows\PFRO.log
2014-06-17 22:06 - 2014-06-17 22:02 - 00000000 ____D () C:\AdwCleaner
2014-06-17 22:05 - 2014-06-17 21:50 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt
2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt
2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt
2014-06-17 21:47 - 2014-06-17 21:46 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe
2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe
2014-06-17 20:38 - 2014-06-16 22:24 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList
2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList
2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe
2014-06-17 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-17 08:42 - 2014-06-17 08:41 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe
2014-06-17 08:36 - 2014-06-17 08:35 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt
2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe
2014-06-16 23:02 - 2009-07-14 00:45 - 00288304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 23:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-16 22:30 - 2014-06-16 22:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 22:26 - 2014-06-16 22:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe
2014-06-16 22:22 - 2014-06-16 22:21 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe
2014-06-16 19:35 - 2013-06-08 10:24 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-16 19:26 - 2013-06-07 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 00:55 - 2014-06-13 07:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG
2014-06-14 15:12 - 2013-06-15 23:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Factorio
2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-14 11:14 - 2014-06-14 11:13 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE
2014-06-14 11:14 - 2013-07-06 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-14 09:45 - 2013-05-24 06:22 - 00000000 ____D () C:\Users\keith
2014-06-14 09:02 - 2014-06-13 18:27 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-06-14 09:02 - 2013-05-24 02:22 - 00000000 ____D () C:\ProgramData\Norton
2014-06-14 09:02 - 2011-03-30 23:26 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-14 08:59 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager
2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-06-12 17:29 - 2013-07-22 21:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 17:26 - 2013-05-30 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-12 17:25 - 2013-07-04 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent
2014-06-11 22:23 - 2014-06-11 22:01 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip
2014-06-11 22:17 - 2014-06-11 22:02 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip
2014-06-11 22:06 - 2014-06-11 22:01 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip
2014-06-11 19:13 - 2014-06-11 19:11 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub
2014-06-11 19:13 - 2014-06-11 19:11 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub
2014-06-11 19:13 - 2014-06-11 19:08 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub
2014-06-11 19:12 - 2014-06-11 19:08 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub
2014-06-11 00:23 - 2014-04-22 15:32 - 00000000 ____D () C:\Users\dub_cm_auto
2014-06-09 19:53 - 2014-05-20 00:18 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft
2014-06-08 05:13 - 2014-06-10 19:46 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 19:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 17:17 - 2014-06-16 22:25 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-30 06:21 - 2014-06-10 19:47 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 19:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 19:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 19:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 19:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 19:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 19:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 19:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 19:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 19:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 19:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 19:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 19:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 19:47 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 19:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 19:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 19:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 19:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 19:47 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 19:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 19:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 19:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 19:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 19:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 19:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 19:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 19:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 19:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 19:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 19:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 19:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 19:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 19:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 19:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 19:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 19:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 19:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 19:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 19:47 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 19:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 19:47 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 19:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 19:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 19:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 19:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe
2014-05-26 19:27 - 2014-05-26 19:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic
2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe
2014-05-25 00:55 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld3
2014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono
2014-05-24 18:28 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\keith\Documents\Universe Sandbox
2014-05-22 21:14 - 2013-05-24 23:09 - 00000000 ____D () C:\Users\keith\Documents\My Games
2014-05-22 21:13 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.ipython
2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib
2014-05-22 21:12 - 2014-05-22 21:08 - 00002607 _____ () C:\Users\keith\.enstaller4rc
2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy
2014-05-22 21:07 - 2014-05-22 21:04 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk
2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought
2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk
2014-05-22 21:02 - 2014-05-22 21:01 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought
2014-05-22 21:00 - 2014-05-22 20:59 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi
2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk
2014-05-20 00:44 - 2013-06-07 17:47 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-20 00:44 - 2011-03-30 23:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-20 00:36 - 2013-06-04 07:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 00:36 - 2013-06-04 07:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-20 00:35 - 2014-01-13 14:03 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-20 00:35 - 2014-01-13 14:03 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-20 00:31 - 2013-06-22 10:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\SoftGrid Client
2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc
2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe
2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe
2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-05-20 00:17 - 2014-05-20 00:16 - 00000000 ____D () C:\Python34
2014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 02:21
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by keith at 2014-06-19 07:47:29
Running from C:\Users\keith\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio Pro (HKLM-x32\...\Steam App 100970) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Baggin the Dragon Home Ed v2 (HKLM-x32\...\Baggin the Dragon Home Ed v2) (Version: 2.0.9 - EdAlive)
Bardbarian (HKLM-x32\...\Steam App 269490) (Version:  - TreeFortress Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Byki (x32 Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Standard (HKLM-x32\...\Byki Standard) (Version: 4.0 - Transparent Language, Inc.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0315.958.16016 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0315.958.16016 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0315.958.16016 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help English (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help French (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help German (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0315.0957.16016 - ATI) Hidden
ccc-utility64 (Version: 2011.0315.958.16016 - ATI) Hidden
Chessmaster (HKLM-x32\...\Steam App 37200) (Version:  - PlayFirst)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version:  - Knuckle Cracker)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dungeon Siege (HKLM-x32\...\Steam App 39190) (Version:  - Gas Powered Games)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Enthought Canopy (64-bit) (HKLM\...\{93D7DF53-FDD4-4270-B83C-1EBC15FA1A87}) (Version: 1.4.0.233 - Enthought, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Everyday Genius: SquareLogic (HKLM-x32\...\Steam App 32150) (Version:  - TrueThought)
Factorio version 0.6.4 (HKLM-x32\...\Factorio_is1) (Version:  - )
Factorio version 0.8.8 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Monster Loves You! (HKLM-x32\...\Steam App 226740) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die 2 Workshop Tool (HKLM-x32\...\Steam App 242150) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penny Arcade's On the Rain-Slick Precipice of Darkness 4 (HKLM-x32\...\Steam App 237570) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prime World: Defenders (HKLM-x32\...\Steam App 235360) (Version:  - Nival)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Shooter: The FPS Roguelike Demo (HKLM-x32\...\Steam App 298010) (Version:  - Hippomancer)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - )
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version:  - Croteam)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Solar 2 (HKLM-x32\...\Steam App 97000) (Version:  - Murudai)
Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version:  - Malfador Machinations)
SPELL-JAM (remove only) (HKLM-x32\...\SPELL-JAM) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starlite: Astronaut Rescue (HKLM-x32\...\Steam App 266090) (Version:  - Project Whitecard Studios Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version:  - NeocoreGames)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - )
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Transparent Language System (HKLM-x32\...\Transparent Language System) (Version: 11.0 - Transparent Language, Inc.)
Transparent Language System (x32 Version: 11.0 - Transparent Language, Inc.) Hidden
Typing Tournament Home Ed v2 (HKLM-x32\...\Typing Tournament Home Ed v2) (Version: 2.0.9 - EdAlive)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ultimate Math Invaders Home Ed v2 (HKLM-x32\...\Ultimate Math Invaders Home Ed v2) (Version: 2.0.9 - EdAlive)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Words Rock Home Ed v2 (HKLM-x32\...\Words Rock Home Ed v2) (Version: 2.0.9 - EdAlive)
XSplit Broadcaster (HKLM-x32\...\{395B4656-8D3B-4586-BC07-E06E679C5E99}) (Version: 1.3.1402.2002 - SplitMediaLabs)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
16-06-2014 23:23:51 Windows Update
17-06-2014 02:24:06 Windows Update
17-06-2014 02:31:05 Windows Update
17-06-2014 03:11:07 Windows Update
18-06-2014 02:14:33 Installed Java 7 Update 60
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0E029224-DC37-449B-AE6E-A7DEEE40CCFA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1F160C03-84A4-47FE-A052-B217A8A37C23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {32351754-BE95-4499-9BB2-1A6E04C2EF7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {36D9C9C7-7E87-43BB-853A-93FB817D890C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {468D7D23-5094-481D-96A4-1840EFCFC021} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {4785BB17-3A0A-4EBF-9952-5B84E54333D0} - \MySearchDial No Task File <==== ATTENTION
Task: {5DD5C320-FE3D-4243-8070-C34B6876B946} - \Digital Sites No Task File <==== ATTENTION
Task: {6E69BD5B-BADD-4A3C-A829-1EDC7E00C4C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6F1BEF6D-E7F7-47CD-A303-BB04FC0AD60C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {89579780-77B5-4954-8E5E-49A3C7ECE9FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8A5D1F5C-E805-40DC-8DAE-BC01CA88B759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {A52AF7DF-0ADF-4FE8-B70B-0B5D4BECBD6F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {CAC923E3-7145-4C23-9E0C-5B7CA5DA2E2F} - System32\Tasks\HPCeeScheduleForkeith => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {ED2DA54D-4D69-4FAC-8DCB-5BB2E99FF1AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-10] (Microsoft)
Task: {F53521A6-33D5-4386-8438-341E9543B062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {FCFFBE22-8860-4726-B00A-008A84688B53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkeith.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-05-24 22:54 - 2013-05-24 22:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-05-24 02:11 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-14 17:21 - 2011-03-14 17:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-21 20:21 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-20 00:35 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-21 20:21 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 08:55 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-04-23 18:30 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 20:21 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-21 20:21 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-05-03 15:35 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 17:29 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-02-24 20:12 - 2014-02-24 20:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2013-05-24 02:10 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2014 07:43:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9016
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9016
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (06/19/2014 07:43:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9016
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9016
 
Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018
 
Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004
 
Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 8139.86 MB
Available physical RAM: 4955.9 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12829.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.8 GB) (Free:103.93 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:409.02 GB) (Free:73.27 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.66 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (MUPPET_US                       ) (CDROM) (Total:7.91 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FFDD3015)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8A53F49A)
Partition 1: (Not Active) - (Size=409 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57 GB) - (Type=05)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.