Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple failures and I dont know where to start


  • This topic is locked This topic is locked
28 replies to this topic

#1 bcjames423

bcjames423

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 08 June 2013 - 04:15 PM

1) Updated iTunes to 11.0.4 thismorning along with an update for SugarSynch.
2) Firefox started crashing and acrobate was having scrolling issues.
3) I attempted to reboot my computer several times. I could not access the login screen, even in safe mode.
4) Called Dell and they wanted $250 for technical service
5) tried rebooting one more time regularly and was able to login
6) mouse functionality was off. I can move the cursor, but I am unable to move to a different window or close a window
7) backed up everything I could using keyboard navigation to my skydrive
8) tried to restore my symantec antivirus and its not turning back on. I ran a scan earlier and it didnt pick anything up. I ran a quick scan with malware bytes and it did not pick anything up.
9) I started writing this because I have a week left in my term and I have a ton of work to do and cant afford to have a broken computer.
 
What do I need to do and where do I begin?


dds:
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.21.2
Run by bcjames at 14:26:51 on 2013-06-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8124.5369 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\bcjames\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nps.edu/
uInternet Settings,ProxyOverride = *.local;localhost
mWinlogon: Userinit=userinit.exe,
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: OpenLastClosedTab.LastClosedTab: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SkyDrive] "C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
uRunOnce: [Uninstall C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\bcjames\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bcjames\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\bcjames\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\bcjames\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {05BA0540-AFBA-4046-AB45-6FF554DFB9A2} - {B42BB49F-1437-447D-998C-7566DFF8AC83} - C:\Program Files (x86)\Advanced IE History Bar\AdvHistoryBar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{468A5DAB-1313-42EA-B30F-BAE45110E2D6} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{468A5DAB-1313-42EA-B30F-BAE45110E2D6}\0554544535 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{468A5DAB-1313-42EA-B30F-BAE45110E2D6}\E474354565232343 : DhcpNameServer = 172.20.20.11 172.20.20.12
TCP: Interfaces\{D5BD927D-1FF0-47E1-9B70-628EBF48C785} : NameServer = 98.158.112.60 216.131.94.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {c28617fd-4fe7-4043-ad51-c8132ce90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64:     Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64:     SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: OpenLastClosedTab.LastClosedTab: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
BHO-X64:     LastClosedTab - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:     SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
mRun-x64: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
mRun-x64: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun-x64: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SSODL-X64: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bcjames\AppData\Roaming\Mozilla\Firefox\Profiles\41ovqs0e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI=UN27693201612329232&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - KeyBar 1.8 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\components\FASSOXPCOM.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-10 65640]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-23 98208]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-17 2428552]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-25 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-30 701512]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-25 235624]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-2-2 1832072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-25 2533400]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-15 20480]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-8 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\system32\DRIVERS\sscbfs3.sys --> C:\Windows\system32\DRIVERS\sscbfs3.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/25 22:48:03;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-9-28 254448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-15 116648]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 acsock;acsock;C:\Windows\system32\DRIVERS\acsock64.sys --> C:\Windows\system32\DRIVERS\acsock64.sys [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 256904]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-15 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-9-20 30785672]
S3 MosIrUsb;MosIrUsb.sys;C:\Windows\system32\DRIVERS\MosIrUsb.sys --> C:\Windows\system32\DRIVERS\MosIrUsb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 117144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-08 19:58:15 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86E46E42-24F4-46DE-9503-8A1D4756B84E}\mpengine.dll
2013-06-02 21:52:31 -------- d-----w- C:\Users\bcjames\AppData\Local\Microsoft Corporation
2013-06-02 14:19:38 -------- d-----w- C:\Program Files (x86)\MuvEnum
2013-06-02 13:53:37 -------- d-----w- C:\Program Files (x86)\Advanced IE History Bar
2013-05-31 15:37:33 192256 ----a-w- C:\Windows\System32\SSCbFsMntNtf3.dll
2013-05-31 15:37:32 159488 ----a-w- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
2013-05-31 15:37:32 143104 ----a-w- C:\Windows\System32\SSCbFsNetRdr3.dll
2013-05-31 15:37:31 225024 ----a-w- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
2013-05-31 15:36:57 347904 ----a-w- C:\Windows\System32\drivers\sscbfs3.sys
2013-05-31 15:36:35 -------- d-----w- C:\Program Files (x86)\SugarSync
2013-05-31 15:31:58 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-05-31 15:11:54 -------- d-----w- C:\Users\bcjames\AppData\Local\gladinet
2013-05-31 15:11:07 -------- d--h--w- C:\Gladinet
2013-05-31 13:29:41 -------- d-----w- C:\Users\bcjames\AppData\Local\{E594FD9A-131F-40A0-8CF5-CCCD7274FEC6}
2013-05-31 13:29:41 -------- d-----w- C:\Users\bcjames\AppData\Local\{4940A78E-CF66-41AD-9113-A74E9486991D}
2013-05-30 02:06:59 -------- d-----r- C:\Users\bcjames\SkyDrive
2013-05-30 02:06:58 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-05-30 02:06:44 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 00:49:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-22 15:21:06 4325376 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi
2013-05-20 21:33:48 -------- d-----w- C:\Users\bcjames\AppData\Local\Windows Live
2013-05-20 21:33:31 -------- d-----w- C:\Users\bcjames\AppData\Local\{52243B64-C847-4801-A29A-F7734D0D01B1}
2013-05-17 15:22:31 -------- d-----w- C:\Program Files\iPod
2013-05-17 15:22:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 15:22:30 -------- d-----w- C:\Program Files\iTunes
2013-05-17 15:22:30 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-17 10:08:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-17 10:08:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 10:03:48 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-05-17 10:03:44 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-05-15 13:59:30 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:59:29 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:59:29 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 13:57:10 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 13:57:01 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 13:57:01 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 13:56:56 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 13:56:22 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 13:56:19 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 13:56:13 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-12 15:13:50 -------- d-----w- C:\Users\bcjames\AppData\Local\Cyberlink
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-10 07:57:38 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2013-05-10 07:57:34 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
.
==================== Find3M  ====================
.
2013-05-15 14:05:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 14:05:16 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-23 19:37:40 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 19:37:39 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-23 19:37:39 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-19 15:27:33 545200 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-04-19 15:27:33 526768 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 14:27:29.96 ===============
 


Edited by hamluis, 09 June 2013 - 09:17 AM.
Merged posts, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 08 June 2013 - 04:38 PM

System Security Check:
 
 Results of screen317's Security Check version 0.99.51 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.6001)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 45 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player 11.7.700.202 
 Adobe Reader X 11.0.03 Adobe Reader out of Date! 
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 bcjames Documents malware help SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
 


# AdwCleaner v2.002 - Logfile created 06/08/2013 at 14:38:29
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bcjames - QUBE
# Boot Mode : Normal
# Running from : C:\Users\bcjames\Documents\malware help\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\bcjames\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\bcjames\AppData\Local\Conduit
Folder Found : C:\Users\bcjames\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\bcjames\AppData\LocalLow\Conduit
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v21.0 (en-US)
Profile name : default
File : C:\Users\bcjames\AppData\Roaming\Mozilla\Firefox\Profiles\41ovqs0e.default\prefs.js
Found : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN27693201[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3286042");
Found : user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI[...]
Found : user_pref("browser.search.selectedEngine", "KeyBar 1.8 Customized Web Search");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [20158 octets] - [17/09/2012 20:25:41]
AdwCleaner[S1].txt - [21218 octets] - [17/09/2012 20:26:19]
AdwCleaner[R2].txt - [3670 octets] - [08/06/2013 14:38:29]
########## EOF - C:\AdwCleaner[R2].txt - [3730 octets] ##########
 


had to use the freaking task manager to stop it:
 
MiniToolBox by Farbar  Version:21-04-2013
Ran by bcjames (administrator) on 08-06-2013 at 14:49:35
Running from "C:\Users\bcjames\Documents\malware help"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/08/2013 02:22:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2013 01:34:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2013 01:34:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


Wish I could rename this topic to : Mouse doesn't work, Fifrefox is crashing and so is Acrobat reader.
 
Maybe: System destabilized and crashing after iTunes update.
 
Either would be preferable.


Its wierd I try to close windows and they dont go away. I can click through them. So the system is not recognizing they are there after I try to close them. I can close the windows through the task bar, but I cant close them by hitting close or the X in the corner. So too many pop-ups mean I have to close the program, like the browser. The wheel on the mouse works in Firefox but not in IE.

UPDATE: I just spent 20 mins trying to do this on my laptop an failed. Restored to earliest restore point. Still no mouse functionality. Going to wait a half day or so and then start over with an aptly titled issue so hopefully someone will respond. Need laptop back for work tomorrow, so will start windows recovery. PLEASE HELP!!!!

 
 

Edited by bcjames423, 09 June 2013 - 12:11 PM.
Merged posts - Hamluis.


#3 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 09 June 2013 - 12:17 PM

UPDATE: I just spent 20 mins trying to do this on my laptop an failed. Restored to earliest restore point. Still no mouse functionality.

 

1315 PST - I have been on the phone and chat with a dell technical service rep. He verified my mouse and touchpad driveers by taking command of my machine. It seems to have restored partial capability to click on things and the machine is not hanging as badly. Have not had to switch back to the keyboard again.

 

Realized that I still had a program called IE last closed tab extension still installed. I picked up the malware from microsoft.com when looking for an extension that would do what it was titled to do. Silly me. Uninstalled it, rebooted, have uninstalled some extraneous games and such as well. Reset Firefox. Ran windows debugger. Machine seems to be doing better. Still glitchy. Going to try Dell's auto-configure/optimizer next. Had to install microsoft.net framework 4 to get it to run. Here goes something I hope.

 

1415 - result, need a new battery. Hardware checks out. So, its a software, malware, OS level issue.

 

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/09/2013 02:16:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\bcjames\Desktop\rkill\rkill-06-09-2013-02-16-25.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/09/2013 02:16:36 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

 

Still can't "X" out a program - Firefox specifically. Have to use the task bar to refresh the window so that I can close it.

 

Drag and Drop not working. Have to CNTL X and CNTL V.


Edited by bcjames423, 09 June 2013 - 04:53 PM.


#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:11 AM

Posted 09 June 2013 - 12:40 PM

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/


Having said that it is possible that a member of the malware removal team could respond sooner. The only thing you can do at this point if you want help is to check back for replies. Since you are subscribed to your topic you will be notified when someone does reply.

#5 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 10 June 2013 - 11:02 PM

Machine seems to be doing a lot of windows updates. Hmmmm. Problems have stabilized at least. Wonder how bad these windows updates are going to make things.

 

11JUN - scroll over functionality is back after updates, BUT system is locking up and not allowing my to shut programs down. when I lose mouse functionality its total. Im able to move icon around the desktop now. Still problems scrolling with the track wheel. external mouse was uninstalling/reinstalling so I switched USB ports. Seems to help. I hope Im moving up in the que for help...


Edited by bcjames423, 11 June 2013 - 09:31 AM.


#6 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 June 2013 - 04:56 PM

Following updates installed today:

Security Update for Windows 7 for x64-based Systems (KB2845690)
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2838727)
Windows Malicious Software Removal Tool x64 - June 2013 (KB890830)
Security Update for Windows 7 for x64-based Systems (KB2839894)
Update for Windows 7 for x64-based Systems (KB2808679)
Update for Windows 7 for x64-based Systems (KB2836502)

Security Update for Windows 7 for x64-based Systems (KB2813430)

Update for Windows 7 for x64-based Systems (KB2834140)

 

Adobe Acrobat Updated security settings.

 

I have not noticed the issues that brought about this request since the update. Maybe and OS problem then? Would still much appreciate a look over to make sure Im clean. Thanks.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 13 June 2013 - 03:22 PM

Greetings bcjames423 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far and I apologize for the delay. As you can imagine we have been quite busy.

Please run the following program for me. I would also like a specific recap of the issues you are experiencing.

===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Recap of current issues

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 15 June 2013 - 11:11 AM

Thanks for your help Gary,

 

My system was very erratic until Windows updates on Wednesday. I contacted MS tech net, received as response, and ran the OS check features. Things seemed to be going fine until this morning. When I tried to awake my computer out of hibernate mode, there was a corrupted file in the kernel. Reboot, windows tried to go through hibernate again and failed. OS started from a fresh reboot, and has been a little shaky. My antivirus software, Symantec 360, wanted to a weekly scan and iTunes wanted to update. I stopped both. Bellow are both FARBAR documents. I will work with you to the best of my ability. Thanks again.

 

Brian

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by bcjames (administrator) on 15-06-2013 09:01:16
Running from C:\Users\bcjames\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
(Microsoft Corporation) C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dropbox, Inc.) C:\Users\bcjames\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Dell) C:\Users\bcjames\AppData\Local\Apps\2.0\M1YRDHVK.K4P\TYMPVRRL.EB1\dell..tion_0f612f649c4a10af_0004.0001_c31aa52bcc853aac\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: []  [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6539880 2010-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3  [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240 2010-08-25] (NVIDIA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-02-10] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKCU\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true [12418400 2013-06-05] (SugarSync, Inc.)
HKCU\...\Run: [SkyDrive] "C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [257136 2013-06-03] (Microsoft Corporation)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKCU\...\Run: [DellSystemDetect] C:\Users\bcjames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [x]
HKCU\...\Runonce: [Uninstall C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bcjames\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-02-10] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
MountPoints2: E - E:\MI.exe
MountPoints2: {54f8fbf2-67eb-11e0-b5b5-f04da269a5b8} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {d48cc3b6-9b3b-11e1-8aaf-b1a91b933076} - E:\MI.exe
HKLM-x32\...\Run: [FAStartup]  [x]
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-17] (Sensible Vision )
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-01] ()
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-02-02] (Symantec Corporation)
HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-09-28] (cyberlink)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\scClient.exe (Impulse Point, LLC)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\bcjames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\bcjames\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bcjames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nps.edu/
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32 SearchScopes: DefaultScope {C284207B-9B27-450F-9505-10562C3AEC4F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {C284207B-9B27-450F-9505-10562C3AEC4F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN78648689223191760&UM=2
SearchScopes: HKCU - {633287DC-C694-475E-A9FF-4137C1AEF3DB} URL =
SearchScopes: HKCU - {C284207B-9B27-450F-9505-10562C3AEC4F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN78648689223191760&UM=2
SearchScopes: HKCU - {F40A13EE-C957-4D53-A57C-B392275C2FCD} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.20.20.11 172.20.20.12
Tcpip\..\Interfaces\{D5BD927D-1FF0-47E1-9B70-628EBF48C785}: [NameServer]98.158.112.60 216.131.94.5

FireFox:
========
FF ProfilePath: C:\Users\bcjames\AppData\Roaming\Mozilla\Firefox\Profiles\25mu4tt0.default-1370806093322
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.nps.edu/
CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (Angry Birds) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Drive) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (TV) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0
CHR Extension: (Translator (All Languages - Full Version)) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejfdlfbnhbecegbdefmacnakifgjofl\5.7_0
CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf\2.1.2_0
CHR Extension: (Pandora) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0
CHR Extension: (NPR Infinite Player) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf\2.1_0
CHR Extension: (Crackle) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0
CHR Extension: (Giant Translator) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabomenogfoilanojpoolflokcjfegld\1.0.2_0
CHR Extension: (PDF to Word Converter App) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam\2.1_0
CHR Extension: (Typing Test - KeyHero) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0
CHR Extension: (Build with Chrome) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf\0.0.0.2_0
CHR Extension: (Skype Click to Call) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (3D Solar System Web) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.50_0
CHR Extension: (Typing Game) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobfbeogeanchbdhboilncgnkfkibjjg\1.0.3.0_0
CHR Extension: (TypingClub) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0
CHR Extension: (Sinuous) - C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-02] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-02] (Symantec Corporation)
S4 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [254448 2010-09-28] (CyberLink)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3234848 2009-02-02] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [425800 2009-02-02] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2009-02-02] (Symantec Corporation)
S4 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1799808 2010-06-10] (AVerMedia TECHNOLOGIES, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-17] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130614.023\ENG64.SYS [126040 2013-06-08] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130614.023\ENG64.SYS [126040 2013-06-08] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130614.023\EX64.SYS [2098776 2013-06-08] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130614.023\EX64.SYS [2098776 2013-06-08] (Symantec Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2009-02-02] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [447536 2009-02-02] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2009-02-02] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2009-02-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-02-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-02-02] (Symantec Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-02-02] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2009-02-02] (Symantec Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-02-02] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-27] (Symantec Corporation)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-15 09:01 - 2013-06-15 09:01 - 00000000 ____D C:\FRST
2013-06-15 08:58 - 2013-06-15 08:58 - 01920546 ____A (Farbar) C:\Users\bcjames\Downloads\FRST64(1).exe
2013-06-15 08:58 - 2013-06-15 08:58 - 01920546 ____A (Farbar) C:\Users\bcjames\Desktop\FRST64.exe
2013-06-13 12:55 - 2013-06-13 12:56 - 01463624 ____A (Impulse Point, LLC) C:\Users\bcjames\Downloads\ServiceInstaller(1).exe
2013-06-13 12:49 - 2013-06-13 12:49 - 01463624 ____A (Impulse Point, LLC) C:\Users\bcjames\Downloads\ServiceInstaller.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 00:11 - 2013-06-13 00:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 00:11 - 2013-06-13 00:11 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 00:11 - 2013-06-13 00:11 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 00:11 - 2013-06-13 00:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-13 00:11 - 2013-06-13 00:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-13 00:11 - 2013-06-13 00:11 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-13 00:11 - 2013-06-13 00:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-13 00:11 - 2013-06-13 00:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-13 00:11 - 2013-06-13 00:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-13 00:11 - 2013-06-13 00:11 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-13 00:04 - 2013-06-13 00:15 - 00008027 ____A C:\Windows\IE10_main.log
2013-06-13 00:01 - 2012-08-23 06:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-13 00:01 - 2012-08-23 06:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-13 00:01 - 2012-08-23 06:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-13 00:00 - 2012-08-23 07:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-13 00:00 - 2012-08-23 07:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-13 00:00 - 2012-08-23 07:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-13 00:00 - 2012-08-23 06:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-13 00:00 - 2012-08-23 06:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-13 00:00 - 2012-08-23 06:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-13 00:00 - 2012-08-23 06:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-13 00:00 - 2012-08-23 06:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-13 00:00 - 2012-08-23 06:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-13 00:00 - 2012-08-23 05:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-13 00:00 - 2012-08-23 04:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-13 00:00 - 2012-08-23 04:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-13 00:00 - 2012-08-23 04:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-13 00:00 - 2012-08-23 04:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-13 00:00 - 2012-08-23 03:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-13 00:00 - 2012-08-23 03:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-13 00:00 - 2012-08-23 03:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-13 00:00 - 2012-08-23 03:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-13 00:00 - 2012-08-23 02:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-13 00:00 - 2012-08-23 01:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-13 00:00 - 2012-08-23 01:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-12 23:46 - 2012-08-24 11:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-12 23:46 - 2012-08-24 11:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-12 23:46 - 2012-08-24 11:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-12 23:46 - 2012-08-24 11:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-12 23:46 - 2012-08-24 09:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-12 23:46 - 2012-08-24 09:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-12 23:46 - 2012-08-24 09:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-12 23:46 - 2012-05-04 04:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-12 23:46 - 2012-05-04 02:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-12 22:58 - 2013-06-12 22:58 - 00000000 ____D C:\Windows\CheckSur
2013-06-12 22:52 - 2013-06-12 22:56 - 408982113 ____A C:\Users\bcjames\Downloads\Windows6.1-KB947821-v27-x64.msu
2013-06-12 22:50 - 2013-06-12 22:50 - 00347424 ____A (Microsoft Corporation) C:\Users\bcjames\Downloads\MicrosoftFixit.wu.RNP.132294533524478396.1.1.Run.exe
2013-06-12 22:46 - 2013-06-13 13:01 - 00000000 ____D C:\Windows\pss
2013-06-12 15:50 - 2013-06-12 15:52 - 00038536 ____A C:\Users\bcjames\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-06-12 11:09 - 2013-06-12 11:09 - 00000482 ____A C:\Windows\Tasks\BackRex Internet Explorer Backup.job
2013-06-12 11:00 - 2013-06-12 11:01 - 00000000 ____D C:\Program Files (x86)\BackRex Internet Explorer Backup
2013-06-12 10:47 - 2013-06-13 21:54 - 00000000 ____D C:\Users\bcjames\AppData\Local\SugarSync
2013-06-12 10:46 - 2013-06-12 10:46 - 00001907 ____A C:\Users\Public\Desktop\SugarSync.lnk
2013-06-12 10:46 - 2013-01-30 13:12 - 00225024 ____A (EldoS Corporation) C:\Windows\SysWOW64\SSCbFsNetRdr3.dll
2013-06-12 10:46 - 2013-01-30 13:12 - 00192256 ____A (EldoS Corporation) C:\Windows\System32\SSCbFsMntNtf3.dll
2013-06-12 10:46 - 2013-01-30 13:12 - 00159488 ____A (EldoS Corporation) C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
2013-06-12 10:46 - 2013-01-30 13:12 - 00143104 ____A (EldoS Corporation) C:\Windows\System32\SSCbFsNetRdr3.dll
2013-06-12 10:46 - 2013-01-30 13:11 - 00347904 ____A (EldoS Corporation) C:\Windows\System32\Drivers\sscbfs3.sys
2013-06-12 10:45 - 2013-06-12 10:45 - 20909312 ____A (SugarSync, Inc.) C:\Users\bcjames\Downloads\SugarSyncSetup (1).exe
2013-06-12 07:05 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:05 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:05 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:04 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:04 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:04 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:04 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:04 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:04 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:04 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:04 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:04 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:04 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:04 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:04 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:04 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:04 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:03 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:03 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 14:58 - 2013-06-09 14:58 - 00000949 ____A C:\Users\bcjames\Desktop\SkyDrive - Shortcut.lnk
2013-06-09 14:48 - 2013-06-15 08:45 - 00000000 ___SD C:\Users\bcjames\Google Drive
2013-06-09 14:48 - 2013-06-09 14:48 - 00001701 ____A C:\Users\bcjames\Desktop\Google Drive.lnk
2013-06-09 14:46 - 2013-06-09 14:46 - 00000000 ____D C:\Users\bcjames\AppData\LocalGoogle
2013-06-09 14:45 - 2013-06-09 14:45 - 00781760 ____A (Google Inc.) C:\Users\bcjames\Downloads\googledrivesync (1).exe
2013-06-09 14:44 - 2013-06-09 14:44 - 00781760 ____A (Google Inc.) C:\Users\bcjames\Downloads\googledrivesync.exe
2013-06-09 13:27 - 2013-06-09 13:27 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-09 13:26 - 2013-06-09 14:10 - 00000000 ____D C:\Program Files\My Dell
2013-06-09 12:47 - 2013-06-12 23:57 - 00773522 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-09 12:30 - 2013-06-09 12:30 - 00010778 ____A C:\Users\bcjames\Downloads\dellsystemdetect(1).application
2013-06-09 12:04 - 2013-06-09 12:04 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
2013-06-09 12:04 - 2013-06-09 12:04 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
2013-06-09 12:04 - 2013-06-09 12:04 - 00000552 ____A C:\Windows\System32\spsys.log
2013-06-09 11:30 - 2013-06-09 11:30 - 00000000 ____D C:\ProgramData\Citrix
2013-06-09 11:29 - 2013-06-09 11:29 - 00103832 ____A C:\Users\bcjames\GoToAssistDownloadHelper.exe
2013-06-08 18:36 - 2013-06-08 18:36 - 00000017 ____A C:\Users\bcjames\AppData\Local\resmon.resmoncfg
2013-06-08 14:38 - 2013-06-08 14:38 - 00003795 ____A C:\AdwCleaner[R2].txt
2013-06-02 22:08 - 2013-06-02 22:08 - 00677061 ____A C:\Users\bcjames\Downloads\wp216_betz.pdf
2013-06-02 14:52 - 2013-06-09 11:27 - 00000000 ____D C:\Users\bcjames\AppData\Local\Microsoft Corporation
2013-06-02 07:19 - 2013-06-09 12:51 - 00000000 ____D C:\Program Files (x86)\MuvEnum
2013-06-02 06:53 - 2013-06-02 06:53 - 00225626 ____A (585Soft) C:\Users\bcjames\Downloads\advanced-ie-history-bar.exe
2013-05-31 08:57 - 2013-05-31 08:57 - 00001042 ____A C:\Users\bcjames\Desktop\Budgets - Shortcut.lnk
2013-05-31 08:39 - 2013-06-12 10:48 - 00000749 ____A C:\Users\bcjames\Desktop\My SugarSync.lnk
2013-05-31 08:39 - 2013-05-31 08:56 - 00000000 ____D C:\Users\bcjames\Documents\My SugarSync
2013-05-31 08:36 - 2013-06-12 10:46 - 00000000 ____D C:\Program Files (x86)\SugarSync
2013-05-31 08:36 - 2013-05-31 08:36 - 00584600 ____A C:\Users\bcjames\Downloads\cbsidlm-tr1_13-SugarSync_Manager-SEO-10798179(1).exe
2013-05-31 08:32 - 2013-05-31 08:34 - 20286592 ____A (SugarSync, Inc.) C:\Users\bcjames\Downloads\SugarSyncSetup.exe
2013-05-31 08:31 - 2013-05-31 08:31 - 00033958 ____A C:\ProgramData\uninstaller.exe
2013-05-31 08:30 - 2013-05-31 08:30 - 00584600 ____A C:\Users\bcjames\Downloads\cbsidlm-tr1_13-SugarSync_Manager-SEO-10798179.exe
2013-05-31 08:11 - 2013-05-31 08:12 - 00000000 ____D C:\Users\bcjames\AppData\Local\gladinet
2013-05-31 08:11 - 2013-05-31 08:11 - 00000000 ___HD C:\Gladinet
2013-05-31 08:09 - 2013-05-31 08:09 - 21676032 ____A C:\Users\bcjames\Downloads\GladinetSetup_4.0.1027_x64.msi
2013-05-31 08:03 - 2013-05-31 08:03 - 00000000 ____D C:\Users\bcjames\Documents\SkyDriveSimpleViewer-DumpUrls-1.0
2013-05-31 06:29 - 2013-05-31 06:30 - 00000000 ____D C:\Users\bcjames\AppData\Local\{4940A78E-CF66-41AD-9113-A74E9486991D}
2013-05-31 06:29 - 2013-05-31 06:29 - 00000000 ____D C:\Users\bcjames\AppData\Local\{E594FD9A-131F-40A0-8CF5-CCCD7274FEC6}
2013-05-29 19:06 - 2013-06-15 08:45 - 00000000 ___RD C:\Users\bcjames\SkyDrive
2013-05-29 19:06 - 2013-06-09 08:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-05-29 19:06 - 2013-05-29 19:06 - 05990472 ____A (Microsoft Corporation) C:\Users\bcjames\Downloads\SkyDriveSetup.exe
2013-05-29 19:06 - 2013-05-29 19:06 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-05-28 21:47 - 2013-05-28 21:47 - 00009035 ____A C:\Users\bcjames\Downloads\1496072-running-route.gpx
2013-05-26 17:48 - 2013-06-09 08:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-26 17:48 - 2013-05-26 17:48 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-22 08:21 - 2013-05-22 08:21 - 04325376 ____A C:\ProgramData\ReadOnlyInstaller.msi
2013-05-20 14:33 - 2013-06-10 08:32 - 00000000 ____D C:\Users\bcjames\AppData\Local\Windows Live
2013-05-20 14:33 - 2013-05-20 14:33 - 00000000 ____D C:\Users\bcjames\AppData\Local\{52243B64-C847-4801-A29A-F7734D0D01B1}
2013-05-18 00:23 - 2013-06-09 08:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-17 08:24 - 2013-05-17 08:24 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 08:22 - 2013-06-09 08:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 08:22 - 2013-06-09 08:55 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 08:22 - 2013-06-09 08:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 08:22 - 2013-06-09 06:57 - 00000000 ____D C:\Program Files\iPod
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-05-16 10:14 - 2013-05-16 10:15 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\bcjames\Downloads\rkill.exe

==================== One Month Modified Files and Folders =======

2013-06-15 09:01 - 2013-06-15 09:01 - 00000000 ____D C:\FRST
2013-06-15 09:00 - 2013-03-15 08:07 - 00000000 ____D C:\Users\bcjames\Documents\PST
2013-06-15 09:00 - 2012-05-11 14:20 - 00000000 ____D C:\Users\bcjames\Documents\JCSE PST
2013-06-15 08:58 - 2013-06-15 08:58 - 01920546 ____A (Farbar) C:\Users\bcjames\Downloads\FRST64(1).exe
2013-06-15 08:58 - 2013-06-15 08:58 - 01920546 ____A (Farbar) C:\Users\bcjames\Desktop\FRST64.exe
2013-06-15 08:52 - 2011-12-15 14:26 - 00000000 ____D C:\Users\bcjames\AppData\Local\83F7CC9A-47CD-4FB0-A8E4-495302B64F22.aplzod
2013-06-15 08:51 - 2009-07-13 22:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 08:45 - 2013-06-09 14:48 - 00000000 ___SD C:\Users\bcjames\Google Drive
2013-06-15 08:45 - 2013-05-29 19:06 - 00000000 ___RD C:\Users\bcjames\SkyDrive
2013-06-15 08:45 - 2012-08-11 06:19 - 00000000 ____D C:\Users\bcjames\AppData\Roaming\Dropbox
2013-06-15 08:45 - 2011-08-03 10:36 - 00000000 ____D C:\Users\bcjames\AppData\Local\Deployment
2013-06-15 08:44 - 2012-12-04 15:09 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2013-06-15 08:44 - 2012-08-11 06:22 - 00000000 ___RD C:\Users\bcjames\Dropbox
2013-06-15 08:43 - 2012-06-15 08:08 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 08:43 - 2011-02-02 10:08 - 00000000 ____D C:\Users\bcjames\AppData\Local\SoftThinks
2013-06-15 08:43 - 2011-01-25 22:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-15 08:42 - 2012-07-28 19:30 - 00019378 ____A C:\Windows\setupact.log
2013-06-15 08:42 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 08:41 - 2009-07-13 21:45 - 00006880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 08:41 - 2009-07-13 21:45 - 00006880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 17:45 - 2009-07-13 22:10 - 01828948 ____A C:\Windows\WindowsUpdate.log
2013-06-14 17:14 - 2012-06-15 08:08 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-14 17:05 - 2012-04-06 03:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-14 12:15 - 2013-01-07 08:19 - 00000000 ____D C:\Users\bcjames\Documents\Budgets
2013-06-13 21:54 - 2013-06-12 10:47 - 00000000 ____D C:\Users\bcjames\AppData\Local\SugarSync
2013-06-13 16:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 13:01 - 2013-06-12 22:46 - 00000000 ____D C:\Windows\pss
2013-06-13 12:56 - 2013-06-13 12:55 - 01463624 ____A (Impulse Point, LLC) C:\Users\bcjames\Downloads\ServiceInstaller(1).exe
2013-06-13 12:49 - 2013-06-13 12:49 - 01463624 ____A (Impulse Point, LLC) C:\Users\bcjames\Downloads\ServiceInstaller.exe
2013-06-13 06:49 - 2011-01-25 21:10 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-13 06:00 - 2011-01-25 21:58 - 00000000 ____D C:\Windows\Panther
2013-06-13 05:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-13 00:15 - 2013-06-13 00:04 - 00008027 ____A C:\Windows\IE10_main.log
2013-06-13 00:11 - 2013-06-13 00:11 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 00:11 - 2013-06-13 00:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 00:11 - 2013-06-13 00:11 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 00:11 - 2013-06-13 00:11 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 00:11 - 2013-06-13 00:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-13 00:11 - 2013-06-13 00:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-13 00:11 - 2013-06-13 00:11 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-13 00:11 - 2013-06-13 00:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-13 00:11 - 2013-06-13 00:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-13 00:11 - 2013-06-13 00:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-13 00:11 - 2013-06-13 00:11 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-13 00:11 - 2013-06-13 00:11 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-13 00:11 - 2013-06-13 00:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-12 23:57 - 2013-06-09 12:47 - 00773522 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-12 23:48 - 2011-01-25 22:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-12 22:58 - 2013-06-12 22:58 - 00000000 ____D C:\Windows\CheckSur
2013-06-12 22:56 - 2013-06-12 22:52 - 408982113 ____A C:\Users\bcjames\Downloads\Windows6.1-KB947821-v27-x64.msu
2013-06-12 22:50 - 2013-06-12 22:50 - 00347424 ____A (Microsoft Corporation) C:\Users\bcjames\Downloads\MicrosoftFixit.wu.RNP.132294533524478396.1.1.Run.exe
2013-06-12 15:52 - 2013-06-12 15:50 - 00038536 ____A C:\Users\bcjames\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-06-12 11:09 - 2013-06-12 11:09 - 00000482 ____A C:\Windows\Tasks\BackRex Internet Explorer Backup.job
2013-06-12 11:01 - 2013-06-12 11:00 - 00000000 ____D C:\Program Files (x86)\BackRex Internet Explorer Backup
2013-06-12 10:48 - 2013-05-31 08:39 - 00000749 ____A C:\Users\bcjames\Desktop\My SugarSync.lnk
2013-06-12 10:46 - 2013-06-12 10:46 - 00001907 ____A C:\Users\Public\Desktop\SugarSync.lnk
2013-06-12 10:46 - 2013-05-31 08:36 - 00000000 ____D C:\Program Files (x86)\SugarSync
2013-06-12 10:45 - 2013-06-12 10:45 - 20909312 ____A (SugarSync, Inc.) C:\Users\bcjames\Downloads\SugarSyncSetup (1).exe
2013-06-12 09:02 - 2011-02-05 12:33 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:35 - 2011-11-10 08:19 - 00000000 ____D C:\Users\bcjames\AppData\Roaming\Spotify
2013-06-12 08:35 - 2011-11-10 08:19 - 00000000 ____D C:\Users\bcjames\AppData\Local\Spotify
2013-06-11 19:05 - 2012-04-06 03:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:05 - 2011-06-24 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 08:32 - 2013-05-20 14:33 - 00000000 ____D C:\Users\bcjames\AppData\Local\Windows Live
2013-06-09 14:58 - 2013-06-09 14:58 - 00000949 ____A C:\Users\bcjames\Desktop\SkyDrive - Shortcut.lnk
2013-06-09 14:48 - 2013-06-09 14:48 - 00001701 ____A C:\Users\bcjames\Desktop\Google Drive.lnk
2013-06-09 14:48 - 2011-02-02 10:05 - 00000000 ____D C:\users\bcjames
2013-06-09 14:46 - 2013-06-09 14:46 - 00000000 ____D C:\Users\bcjames\AppData\LocalGoogle
2013-06-09 14:46 - 2012-04-06 05:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-09 14:46 - 2011-08-03 10:36 - 00000000 ____D C:\Users\bcjames\AppData\Local\Google
2013-06-09 14:45 - 2013-06-09 14:45 - 00781760 ____A (Google Inc.) C:\Users\bcjames\Downloads\googledrivesync (1).exe
2013-06-09 14:44 - 2013-06-09 14:44 - 00781760 ____A (Google Inc.) C:\Users\bcjames\Downloads\googledrivesync.exe
2013-06-09 14:10 - 2013-06-09 13:26 - 00000000 ____D C:\Program Files\My Dell
2013-06-09 13:27 - 2013-06-09 13:27 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-09 13:27 - 2011-02-02 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-06-09 13:27 - 2011-01-25 21:01 - 00000000 ____D C:\ProgramData\Dell
2013-06-09 13:22 - 2011-02-02 11:00 - 00000000 ____D C:\Users\bcjames\AppData\Roaming\PCDr
2013-06-09 13:08 - 2012-08-21 18:42 - 00059064 ____A C:\Windows\PFRO.log
2013-06-09 13:00 - 2009-07-13 21:45 - 00024576 ____A C:\Windows\System32\umstartup.etl
2013-06-09 12:56 - 2011-01-25 21:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-09 12:54 - 2011-06-26 13:00 - 00000000 ____D C:\ProgramData\PopCap Games
2013-06-09 12:53 - 2011-02-18 14:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-09 12:51 - 2013-06-02 07:19 - 00000000 ____D C:\Program Files (x86)\MuvEnum
2013-06-09 12:30 - 2013-06-09 12:30 - 00010778 ____A C:\Users\bcjames\Downloads\dellsystemdetect(1).application
2013-06-09 12:04 - 2013-06-09 12:04 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
2013-06-09 12:04 - 2013-06-09 12:04 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
2013-06-09 12:04 - 2013-06-09 12:04 - 00000552 ____A C:\Windows\System32\spsys.log
2013-06-09 11:30 - 2013-06-09 11:30 - 00000000 ____D C:\ProgramData\Citrix
2013-06-09 11:29 - 2013-06-09 11:29 - 00103832 ____A C:\Users\bcjames\GoToAssistDownloadHelper.exe
2013-06-09 11:29 - 2012-08-27 07:43 - 00000000 ____D C:\Users\bcjames\AppData\Local\Citrix
2013-06-09 11:27 - 2013-06-02 14:52 - 00000000 ____D C:\Users\bcjames\AppData\Local\Microsoft Corporation
2013-06-09 09:30 - 2013-03-30 07:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-09 09:30 - 2012-10-18 11:21 - 00000000 ____D C:\Program Files\Common Files\ActivIdentity
2013-06-09 09:15 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\addins
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-06-09 09:15 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\TAPI
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sppui
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\Setup
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\ras
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\oobe
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\ias
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\Dism
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\com
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-09 09:15 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-06-09 09:13 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-06-09 09:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-06-09 09:12 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ShellNew
2013-06-09 09:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-06-09 09:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-09 09:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-06-09 09:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-09 09:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-06-09 09:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-06-09 09:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-09 09:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
2013-06-09 09:00 - 2011-07-19 17:52 - 00000000 ____D C:\Windows\System32\SPReview
2013-06-09 09:00 - 2011-01-25 22:45 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-09 09:00 - 2011-01-25 21:03 - 00000000 ____D C:\Windows\SysWOW64\SDA
2013-06-09 09:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\spool
2013-06-09 08:58 - 2011-07-19 17:50 - 00000000 ____D C:\Windows\System32\EventProviders
2013-06-09 08:58 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\restore
2013-06-09 08:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-09 08:56 - 2011-02-10 11:12 - 00000000 ____D C:\Windows\Minidump
2013-06-09 08:56 - 2011-01-25 21:45 - 00000000 ____D C:\Windows\en
2013-06-09 08:55 - 2013-05-17 08:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 08:55 - 2013-05-17 08:22 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 08:55 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-09 08:55 - 2012-11-08 09:43 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-09 08:55 - 2012-09-17 12:50 - 00000000 ____D C:\Users\bcjames\Documents\malware help
2013-06-09 08:55 - 2012-07-28 08:25 - 00000000 ____D C:\Program Files\CCleaner
2013-06-09 08:55 - 2011-12-14 13:54 - 00000000 ____D C:\Program Files\Bonjour
2013-06-09 08:55 - 2011-04-25 16:34 - 00000000 ____D C:\Users\bcjames\AppData\Local\Western_Digital
2013-06-09 08:55 - 2011-03-20 08:36 - 00000000 ____D C:\Program Files\PlayReady
2013-06-09 08:55 - 2011-02-02 18:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-09 08:55 - 2011-02-02 10:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-09 08:55 - 2011-01-25 21:23 - 00000000 ____D C:\ProgramData\eSellerate
2013-06-09 08:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-09 08:54 - 2013-05-29 19:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-09 08:54 - 2013-05-26 17:48 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-09 08:54 - 2013-05-18 00:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-09 08:54 - 2013-05-17 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 08:54 - 2013-03-27 20:41 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-06-09 08:54 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-09 08:54 - 2012-05-04 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-09 08:54 - 2011-09-20 16:25 - 00000000 ____D C:\Program Files (x86)\FoxTabPDFConverter
2013-06-09 08:54 - 2011-02-23 10:23 - 00000000 ____D C:\Program Files (x86)\Viewer_armyifx
2013-06-09 08:54 - 2011-01-25 21:14 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-06-09 08:54 - 2011-01-25 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-09 08:54 - 2011-01-25 21:12 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-06-09 08:54 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-09 08:53 - 2011-12-14 13:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-09 08:53 - 2011-10-04 14:03 - 00000000 ____D C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution
2013-06-09 08:53 - 2011-09-28 03:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-09 08:53 - 2011-05-01 12:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-06-09 08:53 - 2011-02-23 11:07 - 00000000 ____D C:\Program Files (x86)\ApproveIt
2013-06-09 08:53 - 2011-01-25 21:33 - 00000000 ____D C:\dell
2013-06-09 08:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-06-09 07:04 - 2011-03-03 15:31 - 00000000 ____D C:\Users\bcjames\AppData\Roaming\Skype
2013-06-09 07:00 - 2011-01-25 21:12 - 00000000 ____D C:\ProgramData\Skype
2013-06-09 06:57 - 2013-05-17 08:22 - 00000000 ____D C:\Program Files\iPod
2013-06-09 06:43 - 2011-02-02 18:14 - 00000000 __RHD C:\MSOCache
2013-06-08 18:36 - 2013-06-08 18:36 - 00000017 ____A C:\Users\bcjames\AppData\Local\resmon.resmoncfg
2013-06-08 14:38 - 2013-06-08 14:38 - 00003795 ____A C:\AdwCleaner[R2].txt
2013-06-02 22:08 - 2013-06-02 22:08 - 00677061 ____A C:\Users\bcjames\Downloads\wp216_betz.pdf
2013-06-02 06:53 - 2013-06-02 06:53 - 00225626 ____A (585Soft) C:\Users\bcjames\Downloads\advanced-ie-history-bar.exe
2013-06-01 10:36 - 2011-12-08 15:31 - 00000000 ____D C:\Users\bcjames\Documents\Knox's Stuff
2013-05-31 08:57 - 2013-05-31 08:57 - 00001042 ____A C:\Users\bcjames\Desktop\Budgets - Shortcut.lnk
2013-05-31 08:56 - 2013-05-31 08:39 - 00000000 ____D C:\Users\bcjames\Documents\My SugarSync
2013-05-31 08:48 - 2011-11-29 17:02 - 00000000 ____D C:\Users\bcjames\Desktop\NPS
2013-05-31 08:44 - 2012-10-04 19:16 - 00000000 ____D C:\Users\bcjames\Documents\Scouting
2013-05-31 08:42 - 2012-06-15 09:22 - 00000000 ____D C:\Users\bcjames\Documents\Military Stuff
2013-05-31 08:42 - 2012-06-15 09:20 - 00000000 ____D C:\Users\bcjames\Documents\Tin
2013-05-31 08:36 - 2013-05-31 08:36 - 00584600 ____A C:\Users\bcjames\Downloads\cbsidlm-tr1_13-SugarSync_Manager-SEO-10798179(1).exe
2013-05-31 08:34 - 2013-05-31 08:32 - 20286592 ____A (SugarSync, Inc.) C:\Users\bcjames\Downloads\SugarSyncSetup.exe
2013-05-31 08:31 - 2013-05-31 08:31 - 00033958 ____A C:\ProgramData\uninstaller.exe
2013-05-31 08:30 - 2013-05-31 08:30 - 00584600 ____A C:\Users\bcjames\Downloads\cbsidlm-tr1_13-SugarSync_Manager-SEO-10798179.exe
2013-05-31 08:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Resources
2013-05-31 08:12 - 2013-05-31 08:11 - 00000000 ____D C:\Users\bcjames\AppData\Local\gladinet
2013-05-31 08:11 - 2013-05-31 08:11 - 00000000 ___HD C:\Gladinet
2013-05-31 08:09 - 2013-05-31 08:09 - 21676032 ____A C:\Users\bcjames\Downloads\GladinetSetup_4.0.1027_x64.msi
2013-05-31 08:03 - 2013-05-31 08:03 - 00000000 ____D C:\Users\bcjames\Documents\SkyDriveSimpleViewer-DumpUrls-1.0
2013-05-31 06:32 - 2011-02-02 18:15 - 00000000 ____D C:\Users\bcjames\AppData\Local\Microsoft Help
2013-05-31 06:30 - 2013-05-31 06:29 - 00000000 ____D C:\Users\bcjames\AppData\Local\{4940A78E-CF66-41AD-9113-A74E9486991D}
2013-05-31 06:29 - 2013-05-31 06:29 - 00000000 ____D C:\Users\bcjames\AppData\Local\{E594FD9A-131F-40A0-8CF5-CCCD7274FEC6}
2013-05-29 19:06 - 2013-05-29 19:06 - 05990472 ____A (Microsoft Corporation) C:\Users\bcjames\Downloads\SkyDriveSetup.exe
2013-05-29 19:06 - 2013-05-29 19:06 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-05-28 21:47 - 2013-05-28 21:47 - 00009035 ____A C:\Users\bcjames\Downloads\1496072-running-route.gpx
2013-05-26 17:48 - 2013-05-26 17:48 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-22 08:21 - 2013-05-22 08:21 - 04325376 ____A C:\ProgramData\ReadOnlyInstaller.msi
2013-05-21 14:41 - 2012-06-18 14:11 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-05-20 14:33 - 2013-05-20 14:33 - 00000000 ____D C:\Users\bcjames\AppData\Local\{52243B64-C847-4801-A29A-F7734D0D01B1}
2013-05-17 08:24 - 2013-05-17 08:24 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-05-17 08:21 - 2013-05-17 08:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-05-17 07:03 - 2009-07-13 21:45 - 00465160 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 10:15 - 2013-05-16 10:14 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\bcjames\Downloads\rkill.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\bcjames\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 00:42

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by bcjames at 2013-06-15 09:03:21 Run:
Running from C:\Users\bcjames\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

AccelerometerP11 (Version: 2.00.11.15)
Accidental Damage Services Agreement (Version: 2.0.0)
ActivClient CAC x64 (Version: 6.2)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.7)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Premiere Elements 8.0 (Version: 8.0)
Adobe Premiere Elements 8.0 (Version: 8.0.1)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ApproveIt Desktop (Version: 6.50.25.1000)
AVerMedia H339 Hybrid TV Tuner 2.2.64.64 (Version: 2.2.64.64)
BackRex Internet Explorer Backup (Version: 2.8)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.01065)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cozi (Version: 1.0.4323.24051)
CyberLink PowerDVD 9.6 (Version: 9.6.1.3328)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.51)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell System Detect (Version: 4.1.2.11)
Dell Webcam Central (Version: 2.00.35)
DirectXInstallService (Version: 9.0.2)
DivX Setup (Version: 2.6.1.22)
Dropbox (Version: 1.6.18)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
Face Recognition (Version: 3.0.86.1)
Google Chrome (Version: 27.0.1453.110)
Google Drive (Version: 1.9.4536.8202)
Google Earth (Version: 7.1.1.1580)
Google Update Helper (Version: 1.3.21.145)
IBM Lotus Forms Viewer 3.5.1 (Version: 7.6.1.315)
iCloud (Version: 2.1.2.8)
InstallRoot 3.15.1 (Version: 3.15.1)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Internet Explorer (Version: 8)
iTunes (Version: 11.0.3.42)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 45 (64-bit) (Version: 6.0.450)
Java™ 6 Update 45 (Version: 6.0.450)
JMicron Flash Media Controller Driver (Version: 1.0.52.4)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 17.0.2010.0530)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
My Dell (Version: 3.3.6261.27)
NOOK for PC (Version: 2.5.6.9575)
NVIDIA Display Control Panel (Version: 6.14.12.5951)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.09.0814)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5951)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar ProTrainer (Version: 5.20.130)
Portal
Quickset64 (Version: 10.8.5)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6240)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Burn (Version: 1.0.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.105)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
SafeConnect
Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001)
Sid Meier's Civilization V
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Quicktracks for Premiere Elements 8.0 (Version: 3.11.3090)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spotify (Version: 0.9.0.133.gd18ed589)
StarCraft II (Version: 2.0.7.25293)
Steam (Version: 1.0.0.0)
SugarSync (Version: 2.0.24.113934)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Synaptics Pointing Device Driver (Version: 15.1.4.0)
The Walking Dead
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VD64Inst (Version: 1.00.0000)
Viewer_armyifx (Version: 3.5.1)
VLC media player 2.0.5 (Version: 2.0.5)
VTech Download Agent Library (Version: 1.00.0000)
WD SmartWare (Version: 1.1.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points  =========================

10-06-2013 10:00:12 Windows Update
11-06-2013 03:54:55 Windows Update
12-06-2013 16:00:51 Windows Update
12-06-2013 17:46:12 Device Driver Package Install: SugarSync Virtual File System
13-06-2013 05:57:53 Windows Update
13-06-2013 06:46:57 Windows Update
13-06-2013 13:50:06 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2013 08:36:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0xc74
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3994

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3994

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/15/2013 08:51:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (06/15/2013 08:47:26 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (06/15/2013 08:45:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/15/2013 08:43:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (06/15/2013 08:43:15 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (06/15/2013 08:40:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (06/15/2013 08:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (06/15/2013 08:33:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (06/15/2013 08:32:59 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (06/15/2013 08:32:10 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:45:15 PM on ?6/?14/?2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (06/15/2013 08:36:16 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f2c7401ce69dda09cf7aeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll50a2a202-d5d1-11e2-8ba3-f04da269a5b8

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992

Error: (06/14/2013 05:45:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3994

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3994

Error: (06/14/2013 05:45:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

Error: (06/14/2013 05:45:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8124.38 MB
Available physical RAM: 5254.72 MB
Total Pagefile: 16246.94 MB
Available Pagefile: 13161.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.95 GB) (Free:358.26 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 6A1C9B2E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 15 June 2013 - 01:49 PM

Hi Brian,

Thanks for the update on the state of your computer. Let's first do this please.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: []  [x]
HKLM-x32\...\Run: [FAStartup]  [x]
HKLM-x32\...\Run: []  [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]
2013-05-31 06:29 - 2013-05-31 06:30 - 00000000 ____D C:\Users\bcjames\AppData\Local\{4940A78E-CF66-41AD-9113-A74E9486991D}
2013-05-31 06:29 - 2013-05-31 06:29 - 00000000 ____D C:\Users\bcjames\AppData\Local\{E594FD9A-131F-40A0-8CF5-CCCD7274FEC6}
2013-05-20 14:33 - 2013-05-20 14:33 - 00000000 ____D C:\Users\bcjames\AppData\Local\{52243B64-C847-4801-A29A-F7734D0D01B1}
C:\ProgramData\uninstaller.exe
C:\Users\bcjames\GoToAssistDownloadHelper.exe
MountPoints2: E - E:\MI.exe
MountPoints2: {54f8fbf2-67eb-11e0-b5b5-f04da269a5b8} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {d48cc3b6-9b3b-11e1-8aaf-b1a91b933076} - E:\MI.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS log
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 15 June 2013 - 02:24 PM

Step 1:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013
Ran by bcjames at 2013-06-15 12:19:44 Run:1
Running from C:\Users\bcjames\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
SessionLauncher => Service deleted successfully.
RimUsb => Service deleted successfully.
RxFilter => Service deleted successfully.
C:\Users\bcjames\AppData\Local\{4940A78E-CF66-41AD-9113-A74E9486991D} => Moved successfully.
C:\Users\bcjames\AppData\Local\{E594FD9A-131F-40A0-8CF5-CCCD7274FEC6} => Moved successfully.
C:\Users\bcjames\AppData\Local\{52243B64-C847-4801-A29A-F7734D0D01B1} => Moved successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.
C:\Users\bcjames\GoToAssistDownloadHelper.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54f8fbf2-67eb-11e0-b5b5-f04da269a5b8} => Key deleted successfully.
HKCR\CLSID\{54f8fbf2-67eb-11e0-b5b5-f04da269a5b8} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48cc3b6-9b3b-11e1-8aaf-b1a91b933076} => Key deleted successfully.
HKCR\CLSID\{d48cc3b6-9b3b-11e1-8aaf-b1a91b933076} => Key not found.

==== End of Fixlog ====

 

 



#11 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 15 June 2013 - 02:35 PM

Step 2:

 

explorer locked up on me again trying to open the txt file. wow.

 

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 12:25:51
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bcjames - QUBE
# Boot Mode : Normal
# Running from : C:\Users\bcjames\Desktop\Malware Help2\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\bcjames\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\bcjames\AppData\Local\Conduit
Folder Deleted : C:\Users\bcjames\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\bcjames\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bcjames\AppData\Roaming\Mozilla\Firefox\Profiles\25mu4tt0.default-1370806093322\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\bcjames\AppData\Roaming\Mozilla\Firefox\Profiles\25mu4tt0.default-1370806093322\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\bcjames\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20158 octets] - [17/09/2012 20:25:41]
AdwCleaner[R2].txt - [7286 octets] - [08/06/2013 14:38:29]
AdwCleaner[R3].txt - [3547 octets] - [15/06/2013 12:25:30]
AdwCleaner[S1].txt - [21218 octets] - [17/09/2012 20:26:19]
AdwCleaner[S2].txt - [3548 octets] - [15/06/2013 12:25:51]

########## EOF - C:\AdwCleaner[S2].txt - [3608 octets] ##########
 

 



#12 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 15 June 2013 - 03:14 PM

Step 3:

Window Defender did not like me downloading JRT. Froze machine for 10 mins.

Security tools disabled before running:

Windows Defender - disabled real time protection

Symantec Endpoint protection - disabled

Malware Bytes - unchecked protection in options-exit

Windows Firewall - off

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by bcjames on Sat 06/15/2013 at 13:01:09.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C284207B-9B27-450F-9505-10562C3AEC4F}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\bcjames\AppData\Roaming\startnow toolbar"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [Folder] C:\Users\bcjames\AppData\Roaming\mozilla\firefox\profiles\25mu4tt0.default-1370806093322\jetpack
Emptied folder: C:\Users\bcjames\AppData\Roaming\mozilla\firefox\profiles\25mu4tt0.default-1370806093322\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/15/2013 at 13:07:17.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 15 June 2013 - 03:24 PM

OK,

Have you had an opportunity to run Farbar's Service Scanner?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 bcjames423

bcjames423
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 15 June 2013 - 04:38 PM

Dang it. I thoguht that was what I ran in the first step. Do I need to redo the steps?

 

Farbar Service Scanner Version: 13-06-2013
Ran by bcjames (administrator) on 15-06-2013 at 14:35:28
Running from "C:\Users\bcjames\Desktop\Malware Help2"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 07:05] - [2013-05-07 23:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 07:04] - [2013-05-12 22:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

Attached Files

  • Attached File  FSS.txt   2.39KB   0 downloads


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 15 June 2013 - 05:33 PM

HI Brian,

Thank you for the information. No need to rerun any of the other programs.

Please run this program now.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running? What symptoms are you experiencing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users