delsenbeck Posted July 25, 2014 ID:857862 Share Posted July 25, 2014 I think my computer has malware. My computer is up-to-date with Windows update, and I've updated and run malwarebytes, adwcleaner, hitmanpro, rkill. Symptoms: sluggish performance, periodic freezes of programs, and Google Chrome continues to show costminn as an extension after removing it. Malwarebytes scans continue to show superfish files as well. FRST.txt and Addition.txt pastes below. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01Ran by Dave (administrator) on DAVE-PC on 25-07-2014 17:11:56Running from C:\Users\Dave\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(AMD) C:\Windows\System32\atieclxx.exe(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4872\Battle.net.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe() C:\Users\Dave\AppData\Local\Hyper - Browser\Hyper - Browser.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\Dave\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-30] (IDT, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-10] (Microsoft Corporation)HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-05-14] (CyberLink Corp.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [Google Update] => "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)Lsa: [Notification Packages] DPPassFilter scecliStartup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: HP SimplePass Identity Protection Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll (DigitalPersona, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 10.59.0.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtensionFF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-11]FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExtFF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-23] Chrome: =======CHR HomePage: CHR StartupUrls: "hxxp://www.facebook.com/", "hxxp://www.gmail.com/"CHR DefaultSearchKeyword: v9CHR Plugin: (Shockwave Flash) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-11]CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-11]CHR Extension: (cosstminn) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefgaobciliephjkajgnikgbckkbkkci [2014-07-19]CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-11]CHR Extension: (cosstminn) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefgaobciliephjkajgnikgbckkbkkci\2.0 [2014-07-19]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [241648 2011-03-21] (CyberLink)R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-26] (Hewlett-Packard Company) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-20] (Hewlett-Packard Company)R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-10] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-10] (Microsoft Corporation)S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-24] ()R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-25] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-10] (Microsoft Corporation)S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-04] (Identive)R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-05-13] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 17:11 - 2014-07-25 17:12 - 00025577 _____ () C:\Users\Dave\Downloads\FRST.txt2014-07-25 17:11 - 2014-07-25 17:11 - 00000000 ____D () C:\FRST2014-07-25 17:08 - 2014-07-25 17:10 - 02093568 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe2014-07-25 16:05 - 2014-07-25 16:08 - 00002324 _____ () C:\Users\Dave\Desktop\Rkill.txt2014-07-25 15:59 - 2014-07-25 16:01 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\rkill.exe2014-07-24 18:03 - 2014-07-24 18:03 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-24 18:01 - 2014-07-24 18:01 - 00001086 _____ () C:\Windows\system32\.crusader2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-24 17:37 - 2014-07-24 18:02 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-24 17:10 - 2014-07-25 15:17 - 00000012 ____H () C:\dvmexp.idx2014-07-24 17:09 - 2014-07-24 17:09 - 00000000 ___HD () C:\dvmexp2014-07-24 17:03 - 2014-07-24 17:10 - 00000000 ____D () C:\temp2014-07-24 17:00 - 2014-07-24 18:08 - 00000000 ____D () C:\AdwCleaner2014-07-24 16:53 - 2014-07-24 16:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\HitmanPro_x64.exe2014-07-24 16:52 - 2014-07-24 16:53 - 01354223 _____ () C:\Users\Dave\Downloads\adwcleaner_3.216.exe2014-07-23 22:48 - 2014-07-23 23:02 - 51330378 _____ () C:\Users\Dave\Downloads\Unconfirmed 663470.crdownload2014-07-22 17:11 - 2014-07-24 17:16 - 00000000 ___RD () C:\Users\Dave\Dropbox2014-07-22 17:11 - 2014-07-22 17:11 - 00001041 _____ () C:\Users\Dave\Desktop\Dropbox.lnk2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-07-22 17:07 - 2014-07-24 17:15 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox2014-07-22 17:07 - 2014-07-22 17:07 - 00323696 _____ (Dropbox, Inc.) C:\Users\Dave\Downloads\DropboxInstaller.exe2014-07-21 23:25 - 2014-07-21 23:37 - 108293368 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\msert.exe2014-07-21 23:23 - 2014-07-21 23:41 - 223165336 ____N (Symantec Corporation) C:\Users\Dave\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe2014-07-19 22:54 - 2014-07-19 23:28 - 00000000 ____D () C:\Users\Dave\AppData\Local\29842014-07-19 22:54 - 2014-07-19 22:55 - 00000000 ____D () C:\Users\Dave\AppData\Local\Hyper - Browser2014-07-19 22:54 - 2014-07-19 22:54 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner2014-07-19 22:54 - 2014-07-19 22:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Packages2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\ProgramData\fa44f3b9b7d85d912014-07-13 18:50 - 2014-07-13 18:50 - 00000000 ____D () C:\Users\Dave\Documents\SUNY Maritime2014-07-13 18:04 - 2014-07-13 18:04 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-13 18:04 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\Program Files\iTunes2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-13 18:03 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iPod2014-07-10 23:30 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Public\Documents\CyberLink2014-07-10 23:30 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Dave\Documents\CyberLink2014-07-10 23:26 - 2014-07-10 23:26 - 00002203 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\PDVD2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 142014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\SUPPORTDIR2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\install_clap2014-07-10 23:21 - 2014-07-10 23:22 - 188169104 _____ () C:\Users\Dave\Documents\PowerDVD_14.0.4028.58_DVD140430-04.exe2014-07-10 23:20 - 2014-07-10 23:20 - 01029080 _____ (CyberLink) C:\Users\Dave\Downloads\CyberLink_PowerDVD_Downloader.exe2014-07-10 21:55 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 21:55 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 21:55 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 21:55 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 21:55 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-10 21:55 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 21:55 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-10 21:55 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 21:55 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-10 21:55 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-10 21:55 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 21:55 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 21:55 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-10 21:55 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-10 21:55 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-10 21:55 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-10 21:55 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 21:55 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:55 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 21:55 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:55 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 21:55 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 21:55 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 21:55 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 21:55 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 21:55 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 21:55 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-10 21:55 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 21:55 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:55 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-10 21:55 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 21:55 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 21:55 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 21:55 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 21:55 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 21:55 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-10 21:55 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-10 21:55 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-10 21:55 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-10 21:55 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 21:55 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:55 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 21:55 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 21:55 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 21:55 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 21:55 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 21:55 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 21:55 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 21:55 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:55 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 21:55 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 21:55 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 21:55 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-10 21:55 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 21:55 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 21:55 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-10 21:55 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 21:55 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 21:54 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 21:54 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 21:54 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 21:54 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 21:54 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 21:54 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 21:54 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-10 21:54 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-10 21:54 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 21:30 - 2014-07-10 21:32 - 551293744 _____ () C:\Users\Dave\Desktop\Windows6.1-KB947821-v33-x64.msu2014-07-10 21:11 - 2014-07-10 21:11 - 00000000 ____D () C:\Windows\CheckSur2014-07-09 21:44 - 2014-07-18 20:51 - 00000650 _____ () C:\Users\Dave\Desktop\NYC Trip Ideas.txt2014-06-27 23:16 - 2014-06-27 23:16 - 00000110 _____ () C:\Users\Dave\Desktop\PCVST contacts.txt2014-06-27 21:39 - 2014-06-27 21:39 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 17:12 - 2014-07-25 17:11 - 00025577 _____ () C:\Users\Dave\Downloads\FRST.txt2014-07-25 17:11 - 2014-07-25 17:11 - 00000000 ____D () C:\FRST2014-07-25 17:11 - 2013-10-26 22:07 - 00000000 ____D () C:\Users\Dave\AppData\Local\Battle.net2014-07-25 17:10 - 2014-07-25 17:08 - 02093568 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe2014-07-25 17:02 - 2014-02-15 09:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job2014-07-25 16:41 - 2014-05-23 04:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-25 16:19 - 2012-03-30 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-25 16:18 - 2012-09-11 07:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-25 16:15 - 2011-07-09 09:43 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job2014-07-25 16:08 - 2014-07-25 16:05 - 00002324 _____ () C:\Users\Dave\Desktop\Rkill.txt2014-07-25 16:01 - 2014-07-25 15:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\rkill.exe2014-07-25 15:34 - 2010-06-26 05:48 - 01895413 _____ () C:\Windows\WindowsUpdate.log2014-07-25 15:23 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-25 15:23 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-25 15:22 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-25 15:17 - 2014-07-24 17:10 - 00000012 ____H () C:\dvmexp.idx2014-07-25 15:16 - 2013-08-26 07:30 - 00032155 _____ () C:\Windows\setupact.log2014-07-25 15:16 - 2012-09-11 07:29 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-25 15:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-25 10:23 - 2012-10-11 08:00 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForDave.job2014-07-24 22:26 - 2012-10-11 08:00 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDave2014-07-24 22:25 - 2011-12-01 07:36 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-07-24 22:25 - 2010-09-30 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-07-24 18:08 - 2014-07-24 17:00 - 00000000 ____D () C:\AdwCleaner2014-07-24 18:08 - 2010-06-26 05:54 - 00832266 _____ () C:\Windows\PFRO.log2014-07-24 18:03 - 2014-07-24 18:03 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-24 18:02 - 2014-07-24 17:37 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-24 18:01 - 2014-07-24 18:01 - 00001086 _____ () C:\Windows\system32\.crusader2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-24 17:16 - 2014-07-22 17:11 - 00000000 ___RD () C:\Users\Dave\Dropbox2014-07-24 17:15 - 2014-07-22 17:07 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox2014-07-24 17:10 - 2014-07-24 17:03 - 00000000 ____D () C:\temp2014-07-24 17:09 - 2014-07-24 17:09 - 00000000 ___HD () C:\dvmexp2014-07-24 16:59 - 2014-07-24 16:53 - 11188736 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\HitmanPro_x64.exe2014-07-24 16:53 - 2014-07-24 16:52 - 01354223 _____ () C:\Users\Dave\Downloads\adwcleaner_3.216.exe2014-07-24 16:38 - 2013-10-26 22:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-07-23 23:03 - 2012-05-20 21:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-23 23:03 - 2012-05-20 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-23 23:02 - 2014-07-23 22:48 - 51330378 _____ () C:\Users\Dave\Downloads\Unconfirmed 663470.crdownload2014-07-23 22:52 - 2010-09-22 05:32 - 00000000 ____D () C:\Users\Dave2014-07-23 18:29 - 2012-05-20 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-22 21:37 - 2013-10-26 22:09 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2014-07-22 17:23 - 2010-12-24 22:02 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Skype2014-07-22 17:11 - 2014-07-22 17:11 - 00001041 _____ () C:\Users\Dave\Desktop\Dropbox.lnk2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-07-22 17:07 - 2014-07-22 17:07 - 00323696 _____ (Dropbox, Inc.) C:\Users\Dave\Downloads\DropboxInstaller.exe2014-07-22 16:56 - 2011-03-07 07:38 - 00004682 _____ () C:\Users\Dave\Documents\info.txt2014-07-21 23:41 - 2014-07-21 23:23 - 223165336 ____N (Symantec Corporation) C:\Users\Dave\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe2014-07-21 23:37 - 2014-07-21 23:25 - 108293368 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\msert.exe2014-07-20 10:15 - 2011-07-09 09:43 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job2014-07-19 23:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages2014-07-19 23:28 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\29842014-07-19 22:55 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Hyper - Browser2014-07-19 22:54 - 2014-07-19 22:54 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner2014-07-19 22:54 - 2014-07-19 22:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Packages2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\ProgramData\fa44f3b9b7d85d912014-07-19 22:54 - 2012-09-11 07:28 - 00000000 ____D () C:\Users\Dave\AppData\Local\Google2014-07-19 22:54 - 2012-09-11 07:28 - 00000000 ____D () C:\Program Files (x86)\Google2014-07-19 22:54 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-07-19 22:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2014-07-19 19:49 - 2014-06-10 09:48 - 00000315 _____ () C:\Users\Dave\Desktop\Nozomi test & vacation schedule.txt2014-07-18 20:51 - 2014-07-09 21:44 - 00000650 _____ () C:\Users\Dave\Desktop\NYC Trip Ideas.txt2014-07-13 18:50 - 2014-07-13 18:50 - 00000000 ____D () C:\Users\Dave\Documents\SUNY Maritime2014-07-13 18:04 - 2014-07-13 18:04 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-13 18:04 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iTunes2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-13 18:03 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iPod2014-07-11 09:02 - 2014-02-15 09:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job2014-07-11 08:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 23:32 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Public\Documents\CyberLink2014-07-10 23:32 - 2010-02-27 23:46 - 00000000 ____D () C:\ProgramData\CyberLink2014-07-10 23:30 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Dave\Documents\CyberLink2014-07-10 23:26 - 2014-07-10 23:26 - 00002203 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\PDVD2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 142014-07-10 23:26 - 2011-04-18 18:27 - 00000000 ____D () C:\Users\Dave\AppData\Local\CyberLink2014-07-10 23:26 - 2010-02-27 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-07-10 23:24 - 2010-02-27 22:40 - 00000000 ____D () C:\ProgramData\Temp2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\SUPPORTDIR2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\install_clap2014-07-10 23:23 - 2010-02-27 23:47 - 00000000 ____D () C:\Program Files (x86)\CyberLink2014-07-10 23:22 - 2014-07-10 23:21 - 188169104 _____ () C:\Users\Dave\Documents\PowerDVD_14.0.4028.58_DVD140430-04.exe2014-07-10 23:20 - 2014-07-10 23:20 - 01029080 _____ (CyberLink) C:\Users\Dave\Downloads\CyberLink_PowerDVD_Downloader.exe2014-07-10 22:06 - 2009-07-14 00:45 - 00424392 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 22:04 - 2014-05-07 09:36 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 22:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 22:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 22:02 - 2010-02-27 22:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-10 22:00 - 2013-07-11 05:36 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 21:57 - 2010-09-26 09:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 21:32 - 2014-07-10 21:30 - 551293744 _____ () C:\Users\Dave\Desktop\Windows6.1-KB947821-v33-x64.msu2014-07-10 21:11 - 2014-07-10 21:11 - 00000000 ____D () C:\Windows\CheckSur2014-07-08 20:19 - 2012-03-30 21:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 20:19 - 2012-03-30 21:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 20:19 - 2011-06-09 10:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-05 10:36 - 2014-06-22 08:19 - 00000000 ____D () C:\Users\Dave\Documents\Tokorozawas2014-07-04 08:41 - 2010-09-25 11:48 - 00000000 ____D () C:\Users\Dave\AppData\Local\CrashDumps2014-07-03 08:23 - 2009-07-14 01:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-29 22:09 - 2014-07-10 21:54 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-27 23:16 - 2014-06-27 23:16 - 00000110 _____ () C:\Users\Dave\Desktop\PCVST contacts.txt2014-06-27 22:07 - 2013-07-29 07:54 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc2014-06-27 21:39 - 2014-06-27 21:39 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-06-27 21:39 - 2013-07-29 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN Some content of TEMP:====================C:\Users\Dave\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjm074.dllC:\Users\Dave\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\Quarantine.exeC:\Users\Dave\AppData\Local\Temp\UNT3F58.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F59.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F69.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6B.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6E.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6F.tmp.exeC:\Users\Dave\AppData\Local\Temp\vlc-2.1.3-win32.exeC:\Users\Dave\AppData\Local\Temp\VOPackage.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 06:37 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
delsenbeck Posted July 25, 2014 Author ID:857863 Share Posted July 25, 2014 Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01Ran by Dave at 2014-07-25 17:12:50Running from C:\Users\Dave\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.82 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.82 - WildTangent) HiddenCall of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCatalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) HiddenCCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hiddenccc-core-static (x32 Version: 2010.0909.1412.23625 - ATI) Hiddenccc-utility64 (Version: 2010.0909.1412.23625 - ATI) HiddenChuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenCinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.102 - CinemaNow, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Contents (x32 Version: 1.6.0.286 - Corel Corporation) HiddenCorel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) HiddenCorel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2527 - CyberLink Corp.)CyberLink DVD Suite (x32 Version: 7.0.2527 - CyberLink Corp.) HiddenCyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4028.58 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDay of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) HiddenDiablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) HiddenDon't Starve (HKLM-x32\...\Steam App 219740) (Version: - )Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) HiddenDota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) HiddenerLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenEscape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) HiddenESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Facebook Video Calling 1.0.0.7339 (HKLM-x32\...\{EEA5F1E7-E934-4F4E-85C8-8FEC9CCE525C}) (Version: 1.0.7339 - Skype Limited)Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE (x32 Version: 2.2.0.82 - WildTangent) HiddenFile Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10144.3282 - Hewlett-Packard)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )HP Game Console (x32 Version: - WildTangent) HiddenHP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.5122 - Hewlett-Packard)HP MediaSmart DVD (x32 Version: 4.2.5122 - Hewlett-Packard) HiddenHP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)HP MediaSmart Internet TV (x32 Version: 3.2.2513 - Hewlett-Packard) HiddenHP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)HP MediaSmart Music (x32 Version: 4.0.3722 - Hewlett-Packard) HiddenHP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)HP MediaSmart Photo (x32 Version: 4.0.3722 - Hewlett-Packard) HiddenHP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)HP MediaSmart Video (x32 Version: 4.0.3722 - Hewlett-Packard) HiddenHP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)HP MediaSmart Webcam (x32 Version: 4.0.2511 - Hewlett-Packard) HiddenHP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2261 - HP Photo Creations Powered by RocketLife)HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.9.1 - DeviceVM Inc.)HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)HP SimplePass Identity Protection (HKLM-x32\...\{148D943E-A62A-40FD-83F5-4AC0AC85E4F4}) (Version: 5.20.205 - DigitalPersona, Inc.)HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)HP User Guides 0177 (HKLM-x32\...\{8DA0CD14-79DF-49BF-B133-409C004F27E1}) (Version: 1.01.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.11 - Hulu LLC)Hyper - Browser (HKLM-x32\...\Hyper - Browser) (Version: 74.0.0.422 - web research foundation)ICA (x32 Version: 1.6.0.286 - Corel Corporation) HiddenICA (x32 Version: 1.6.1.116 - Corel Corporation) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) HiddenIPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) HiddenISCOM (x32 Version: 1.6.0.286 - Corel Corporation) HiddenISCOM (x32 Version: 1.6.1.116 - Corel Corporation) HiddeniTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2515 - CyberLink Corp.) HiddenLeague of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)League of Legends (x32 Version: 1.3 - Riot Games) HiddenLeft 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)LWS Facebook (x32 Version: 13.50.854.0 - Logitech) HiddenLWS Gallery (x32 Version: 13.51.827.0 - Logitech) HiddenLWS Help_main (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Launcher (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Twitter (x32 Version: 13.30.1346.0 - Logitech) HiddenLWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) HiddenLWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) HiddenLWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMovie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) HiddenNikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)Penguins! (x32 Version: 2.2.0.82 - WildTangent) HiddenPhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) HiddenPicture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.82 - WildTangent) HiddenPortal (HKLM-x32\...\Steam App 400) (Version: - Valve)Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.)Power2Go (x32 Version: 6.1.3715 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.)PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) HiddenPOWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) HiddenPSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) HiddenPureHD (x32 Version: 1.6.0.286 - Corel Corporation) HiddenPX Profile Update (x32 Version: 1.00.1. - AMD) HiddenQuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) HiddenRoxio CinemaNow 2.0 (x32 Version: 1.0.254 - Hewlett-Packard) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSetup (x32 Version: 1.6.0.286 - Corel Corporation) HiddenSetup (x32 Version: 1.6.1.116 - Corel Corporation) HiddenShare (x32 Version: 1.6.0.286 - Corel Corporation) HiddenShare64 (Version: 1.6.0.286 - Corel Corporation) HiddenSid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version: - Firaxis Games)Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenThe Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)Validity Sensors DDK (HKLM\...\{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}) (Version: 4.1.129.0 - Validity Sensors, Inc.)Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)VIO (x32 Version: 1.6.0.286 - Corel Corporation) HiddenVirtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) HiddenVSPro (x32 Version: 1.6.0.286 - Corel Corporation) HiddenWarcraft III (HKLM-x32\...\Warcraft III) (Version: - )Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) HiddenYahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-575872417-1751023796-2398206445-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04E58193-FDF9-45AD-8606-D0BDBFD4E8F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exeTask: {39029022-10FD-4F37-AB0B-DD1DC76FC2C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {458E8408-C31E-4595-A0D5-FDF6EFEDA53C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-20] (Hewlett-Packard)Task: {68FF3DD5-8206-48B4-8997-7C81CC3A7E05} - System32\Tasks\Hyper - Browser Runner => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exeTask: {6CA32CFC-8D1F-4651-AC2A-45F15A92E592} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2681C0W005ST => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-20] (Hewlett-Packard)Task: {7176DE27-2116-419E-9C85-18515F0640CD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)Task: {7C1A101E-4950-411D-A31D-813A20D27484} - System32\Tasks\{4001064D-C001-43B0-9010-F3C8967519D0} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-07] (Skype Technologies S.A.)Task: {7E187474-606B-4B85-8ED9-BC74DDA57865} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {831715CC-2448-4E42-BE0E-FC83CC9B3C97} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)Task: {8C14C0E6-BA04-41D4-9C04-D25998A6332A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exeTask: {924BADF5-8394-4195-BB3C-F033AAC92095} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()Task: {9D38538B-9A02-4EDE-8CB2-A968C7D6A4CF} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exeTask: {B6F41066-2F9B-4634-B8D6-95CEEB4B49D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN17Q1S0G305KD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-20] (Hewlett-Packard)Task: {C239AE04-4054-4E98-AB2C-2ED96414ECE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C4C4F8F6-C6B6-4C3A-BE76-DBEEEA00DA53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {C802EDA8-B7CA-4D37-A7A3-6D8E816CE9B4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()Task: {E2B776DD-BB2A-42A7-9F04-8043BD8EA959} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exeTask: {EBED6CC9-0E79-4CD1-9B85-D9B0538AF45C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {EF0ABE0E-C3D4-4C7B-A97A-78217003AF68} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-16] (Hewlett-Packard Co.)Task: {F2DE894F-FE83-43B3-9E84-CECBE1267ABC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {F89C0B76-17E7-43AA-9FAB-3877DEB0D735} - System32\Tasks\HPCeeScheduleForDave => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)Task: {FC46D935-1496-4E41-9140-A312A4456AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForDave.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-18 18:04 - 2010-01-18 18:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe2012-09-12 11:38 - 2012-09-12 11:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe2010-09-09 02:50 - 2010-09-09 02:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-09-09 01:11 - 2010-09-09 01:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2014-07-16 08:56 - 2014-07-16 08:56 - 00099328 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Hyper - Browser.exe2014-02-05 11:52 - 2014-02-05 11:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-05 11:52 - 2014-02-05 11:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-11-22 01:00 - 2010-11-22 01:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll2010-11-22 01:00 - 2010-11-22 01:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll2010-11-22 01:00 - 2010-11-22 01:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2012-09-12 11:38 - 2012-09-12 11:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll2012-09-12 11:38 - 2012-09-12 11:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll2012-09-12 11:38 - 2012-09-12 11:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll2012-09-12 11:38 - 2012-09-12 11:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll2012-09-12 11:38 - 2012-09-12 11:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll2014-07-10 23:24 - 2014-05-14 04:54 - 00866056 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll2014-07-10 23:24 - 2013-12-10 03:39 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd2014-07-10 23:24 - 2013-12-10 03:39 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd2014-07-10 23:24 - 2013-12-10 03:39 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd2014-07-10 23:24 - 2013-12-10 03:39 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd2014-07-10 23:24 - 2014-05-14 04:54 - 00044296 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DHProcedure\DHProcedure.dll2012-09-12 11:39 - 2012-09-12 11:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll2014-07-24 16:12 - 2014-07-24 16:12 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4872\libcef.dll2014-07-24 16:12 - 2014-07-24 16:12 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4872\libglesv2.dll2014-07-24 16:12 - 2014-07-24 16:12 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4872\libegl.dll2014-07-19 22:55 - 2013-12-03 22:48 - 04055504 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\31.0.1650.63\pdf.dll2014-07-19 22:55 - 2013-12-03 22:48 - 00399312 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\31.0.1650.63\ppGoogleNaClPluginChrome.dll2014-07-19 22:55 - 2013-12-03 22:47 - 01619408 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\31.0.1650.63\ffmpegsumo.dll2014-07-25 15:56 - 2013-08-13 08:15 - 00206336 _____ () C:\Users\Dave\AppData\Local\Temp\{AFA287AA-9D39-4431-BFF1-24E263C930B2}\{FECFB145-60DB-4C26-9EDA-3625E039E1E0}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll2014-07-19 22:55 - 2013-12-03 22:48 - 13586896 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll2014-07-16 08:57 - 2014-07-16 08:57 - 00060416 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\ManXec.dll2014-07-16 08:57 - 2014-07-16 08:57 - 00039936 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\PrfIns.dll2014-07-16 08:56 - 2014-07-16 08:56 - 00047616 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\WbSes.dll2014-07-16 08:56 - 2014-07-16 08:56 - 00046592 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\WdcMan.dll2014-07-16 08:56 - 2014-07-16 08:56 - 00038400 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\WblSupp.dll2014-07-16 08:56 - 2014-07-16 08:56 - 00032768 _____ () C:\Users\Dave\AppData\Local\Hyper - Browser\Modules\CmnUtls.dll2014-07-18 17:25 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 17:25 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 17:25 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 17:25 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 17:25 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-07-18 17:25 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll2014-07-25 17:05 - 2013-08-13 08:15 - 00206336 _____ () C:\Users\Dave\AppData\Local\Temp\{AFA287AA-9D39-4431-BFF1-24E263C930B2}\{6E6627CA-F0DC-42E0-8131-1F10C385781B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeMSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverMSCONFIG\startupreg: HP Photosmart 5520 series (NET) => "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2681C0W005ST:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeMSCONFIG\startupreg: HPToneControl => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exeMSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenMSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN TrayMSCONFIG\startupreg: ISUSPM => "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -schedulerMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exeMSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDEDMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundMSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Games\Steam\Steam.exe" -silentMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/25/2014 03:48:18 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Hearthstone.exe version 1.1.0.6024 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b04 Start Time: 01cfa83fcf631138 Termination Time: 81 Application Path: C:\Program Files (x86)\Hearthstone\Hearthstone.exe Report Id: 5d6d06fa-1434-11e4-a259-c80aa9e22fc1 Error: (07/24/2014 10:24:03 PM) (Source: Google Update) (EventID: 20) (User: Dave-PC)Description: Network Request Error.Error: 0x80040880. Http status code: 200.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 27206 Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 27206 Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 26208 Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 26208 Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/24/2014 06:53:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 25210 Error: (07/24/2014 06:53:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 25210 System errors:=============Error: (07/25/2014 04:32:48 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/25/2014 04:21:49 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/25/2014 04:21:44 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/25/2014 04:09:24 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/25/2014 03:42:48 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/25/2014 03:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/25/2014 10:25:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/24/2014 11:22:20 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/24/2014 11:22:15 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (07/24/2014 11:00:57 PM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Microsoft Office Sessions:=========================Error: (07/25/2014 03:48:18 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hearthstone.exe1.1.0.60241b0401cfa83fcf63113881C:\Program Files (x86)\Hearthstone\Hearthstone.exe5d6d06fa-1434-11e4-a259-c80aa9e22fc1 Error: (07/24/2014 10:24:03 PM) (Source: Google Update) (EventID: 20) (User: Dave-PC)Description: Network Request Error.Error: 0x80040880. Http status code: 200.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040880. Http status code 200.trying WinHTTP.Send request returned 0x80072f8f. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 27206 Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 27206 Error: (07/24/2014 06:53:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 26208 Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 26208 Error: (07/24/2014 06:53:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/24/2014 06:53:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 25210 Error: (07/24/2014 06:53:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 25210 ==================== Memory info =========================== Percentage of memory in use: 63%Total physical RAM: 6077.86 MBAvailable physical RAM: 2194.91 MBTotal Pagefile: 12153.9 MBAvailable Pagefile: 6942.16 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:442.69 GB) (Free:132.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:44.74 GB) NTFSDrive e: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:3.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 41EA23B6)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2E463B52)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 26, 2014 ID:857994 Share Posted July 26, 2014 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following: Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools. Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers. Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy. I would like first to see malwarebytes report. Also, please use attach a file option, it makes my work easier. Thanks Scan with Malwarebytes' Anti-MalwarePlease re-run Malwarebytes' Anti-Malware.First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
delsenbeck Posted July 27, 2014 Author ID:858352 Share Posted July 27, 2014 TwinHeadedEagle, Thank you for your help. Attached is my latest Malwarebytes scan. JUL26 Scan.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 27, 2014 ID:858510 Share Posted July 27, 2014 Okay, now run FRST again, check Addition.txt, press Scan and attach both reports. Link to post Share on other sites More sharing options...
delsenbeck Posted July 27, 2014 Author ID:858799 Share Posted July 27, 2014 FRST and Addition reports attached. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 28, 2014 ID:859075 Share Posted July 28, 2014 First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled): - Adobe Reader 9.5.5 MUI - Hyper - Browse - Java 6 Update 17 - Pando Media Booster Latest versions of Java and Adobe Reader available here --> http://www.java.com/en/ and here http://get.adobe.com/uk/reader/ Make sure to uncheck optional offers. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your desktop.Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please include the contents of that file in your reply.fixlist.txt Link to post Share on other sites More sharing options...
delsenbeck Posted July 28, 2014 Author ID:859131 Share Posted July 28, 2014 Attached text files: Fixlog.txt AdwCleanerS2.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 28, 2014 ID:859135 Share Posted July 28, 2014 Scan with Malwarebytes' Anti-Malware Please re-run Malwarebytes' Anti-Malware.First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
delsenbeck Posted July 28, 2014 Author ID:859401 Share Posted July 28, 2014 Malwarebytes scan log attached. Nothing was found. 28JUL Scan.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 29, 2014 ID:859566 Share Posted July 29, 2014 Very good, tell me how is your PC now? Link to post Share on other sites More sharing options...
delsenbeck Posted July 30, 2014 Author ID:860103 Share Posted July 30, 2014 I've used it several hours and haven't experienced any sluggishness or freezes, nor has the costminn extension reappeared in google chrome thus far. I'll run another scan tomorrow. Thank you for your help. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 30, 2014 ID:860145 Share Posted July 30, 2014 Ok, then let me know Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing. Recommended reading: MUST READ - security tips: Computer Security - a short guide to staying safer online.Simple and easy ways to keep your computer safe and secure on the InternetMUST READ - general maintenance: What to do if your Computer is running slowly? Recommended additional software: TFC - to clean unneeded temporary files.Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.McShield - to prevent infections spread by removable media.CryptoPrevent - to secure yourself from very severe CryptoLocker infection.Unchecky - to prevent from installing additional foistware, implemented in legitimate installations. • The following will implement some post-cleanup procedures: => Please download DelFix by Xplode to your Desktop. Run the tool and check the following boxes below; Remove disinfection tools Create registry backup Purge System Restore Click Run button and wait a few seconds for the programme completes his work.At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt) The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFixTool deletes old system restore points and create a fresh system restore point after cleaning. My help is free for everybody.If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: Thank you! Stay safe,TwinHeadedEagle Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2014 Root Admin ID:860680 Share Posted July 31, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts