Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser runs slow with random redirects - laptop nearly useless


  • This topic is locked This topic is locked
17 replies to this topic

#1 packbacker83

packbacker83

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 20 February 2014 - 11:34 PM

I am using Windows 7 with the latest version of Chrome.  The internet has become useless because of how slow it runs.  The pc in general has also slowed down and sometimes takes 2 or 3 minutes to open a word document or basic xl spreadsheet.  They had me run some things over in the Windows 7 forum but we reached the point they said i should come here.

 

Here is the DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.17.2
Run by Owner at 23:19:17 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3765.1011 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
c:\postgreSQL\bin\pg_ctl.exe
c:\postgreSQL\bin\postgres.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN36HD4H4Z05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Microsoft Webupdater] "C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe"
uRun: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [Microsoft Webupdater] "C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\Sendori.dll
TCP: NameServer = 10.0.7.2
TCP: Interfaces\{5FE5D339-9AD8-4D51-8380-3348D5158671} : DHCPNameServer = 65.205.178.194
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380} : DHCPNameServer = 10.0.7.2
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\144545231373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\24A57573E4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\455616368656974435C4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\6427F6E64796562733136383 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{93A03DEB-E8BA-4DB3-9949-EC81FF8B2380}\D4F6E637475627 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: hijackthis.exe - i_.exe
IFEO: housecalllauncher.exe - c_.exe
IFEO: rstrui.exe - r_.exe
IFEO: spybotsd.exe - c_.exe
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: hijackthis.exe - i_.exe
x64-IFEO: housecalllauncher.exe - c_.exe
x64-IFEO: rstrui.exe - r_.exe
x64-IFEO: spybotsd.exe - c_.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-01-03 01:32; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-25 55024]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-11-21 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-11-21 1147480]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-10 46368]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-11-21 162392]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSviA64.sys [2014-2-19 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-11-21 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-11-21 590936]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-1 173272]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-11-21 275696]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-12-17 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-12-17 69640]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-9-24 67584]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-1-25 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-3 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-1-25 158976]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-11-13 74272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-1-8 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-1-8 9800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-25 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-27 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2013-1-25 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-27 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-24 1255736]
.
=============== Created Last 30 ================
.
2014-02-21 02:22:55 -------- d-----w- C:\Program Files\CCleaner
2014-02-20 20:56:06 169685608 ----atw- C:\Windows\SysWow64\00003035.tmp
2014-02-20 20:55:35 169685608 ----atw- C:\Windows\SysWow64\00000778.tmp
2014-02-19 01:30:45 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-02-18 03:11:09 63824 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{a1bb9be6-729f-4049-a36a-aad335c86c01}\ARPPRODUCTICON.exe
2014-02-18 03:11:07 -------- d-----w- C:\Users\Owner\AppData\Local\DIRECTV Player
2014-02-17 04:59:12 -------- d-----w- C:\Program Files (x86)\ESET
2014-02-15 02:42:37 -------- d-----w- C:\Windows\ERUNT
2014-02-15 02:22:01 -------- d-----w- C:\AdwCleaner
2014-02-12 09:36:40 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 09:36:40 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 09:25:55 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-12 09:24:56 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-11 21:38:29 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-11 21:38:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-11 21:38:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-11 21:38:28 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-11 21:36:47 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-11 21:36:47 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-11 21:36:47 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-11 21:36:47 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-11 05:48:24 29704 ----a-w- C:\Windows\System32\nitrolocalmon9.dll
2014-02-11 05:48:24 17928 ----a-w- C:\Windows\System32\nitrolocalui9.dll
2014-02-11 05:34:20 -------- d-----w- C:\ProgramData\Package Cache
2014-02-11 04:49:37 29704 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2014-02-11 04:49:37 17928 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2014-02-11 04:48:54 -------- d-----w- C:\Program Files\Common Files\Nitro
2014-02-11 04:48:53 -------- d-----w- C:\Program Files (x86)\Nitro
2014-02-11 04:48:53 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro
2014-02-09 13:58:08 49940480 ----a-w- C:\Program Files (x86)\GUT720F.tmp
2014-02-09 13:58:08 -------- d-----w- C:\Program Files (x86)\GUM720E.tmp
2014-02-01 03:22:05 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2014-01-27 05:55:05 -------- d-----w- C:\Windows\Migration
2014-01-27 05:48:45 -------- d-----w- C:\history
2014-01-27 05:43:44 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-01-27 05:42:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-27 05:42:10 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-26 06:03:56 -------- d-----w- C:\Users\Owner\AppData\Local\CarbonPoker
2014-01-26 03:37:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\Nitro
2014-01-26 03:34:15 -------- d-----w- C:\ProgramData\Nitro
2014-01-26 03:34:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Downloaded Installations
.
==================== Find3M  ====================
.
2014-02-18 04:18:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-18 04:18:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-11 03:50:10 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-12-17 20:07:10 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-12-03 08:48:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-03 08:48:17 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 23:22:56.07 ===============
 


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 21 February 2014 - 04:27 AM

Hi there,

judging from your log I'd say you infected your computer by trying to install a pirated version of Nitro Pro. Does that make sense?


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 22 February 2014 - 02:54 AM

Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Owner (administrator) on OWNER-PC on 22-02-2014 02:20:48
Running from C:\Users\Owner\Desktop\Bleeping
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Webupdater] - C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe [169365504 2013-09-13] (Heaventools Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Microsoft Webupdater] - C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe [169365504 2013-09-13] (Heaventools Software) <===== ATTENTION
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] - C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)
IFEO\hijackthis.exe: [Debugger] ct_.exe
IFEO\housecalllauncher.exe: [Debugger] az_.exe
IFEO\rstrui.exe: [Debugger] he_.exe
IFEO\spybotsd.exe: [Debugger] au_.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-21]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-25]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]
CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-25]
CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
 
==================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140221.009\ENG64.SYS [126040 2014-01-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140221.009\EX64.SYS [2099288 2014-01-24] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
U3 ahgi8fja; C:\Windows\System32\Drivers\ahgi8fja.sys [0 ] (Microsoft Corporation)
S3 gwiopm; \??\C:\Users\Owner\AppData\Local\Temp\HBCD\gwiopm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-22 02:19 - 2014-02-22 02:20 - 00000000 ____D () C:\FRST
2014-02-22 02:18 - 2014-02-22 02:20 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping
2014-02-22 01:18 - 2014-02-22 02:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-02-20 22:46 - 2014-02-22 00:33 - 00000168 _____ () C:\Windows\setupact.log
2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}
2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg
2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 21:22 - 2014-02-20 21:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 21:17 - 2014-02-20 21:18 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe
2014-02-20 16:44 - 2014-02-21 12:16 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls
2014-02-20 15:56 - 2014-02-20 15:56 - 169685608 ____T () C:\Windows\SysWOW64\00003035.tmp
2014-02-20 15:55 - 2014-02-20 15:55 - 169685608 ____T () C:\Windows\SysWOW64\00000778.tmp
2014-02-20 14:00 - 2014-02-20 14:01 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls
2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-18 20:19 - 2014-02-18 20:26 - 131703088 _____ () C:\Users\Owner\Downloads\setup_11.0.1.1245.x01_2014_02_19_03_38.exe
2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe
2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe
2014-02-18 14:10 - 2014-02-18 14:12 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe
2014-02-17 22:11 - 2014-02-21 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player
2014-02-17 22:10 - 2014-02-22 02:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 22:10 - 2014-02-22 02:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe
2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-16 23:57 - 2014-02-16 23:58 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 21:22 - 2014-02-14 21:27 - 00000000 ____D () C:\AdwCleaner
2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe
2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe
2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe
2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe
2014-02-12 04:36 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:36 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 04:26 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 04:26 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 04:26 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 04:26 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 04:26 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 04:26 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 04:26 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 04:26 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 04:26 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 04:26 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 04:26 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 04:26 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 04:26 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 04:26 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 04:26 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 04:26 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 04:26 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 04:26 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 04:26 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 04:26 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 04:26 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 04:25 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 04:25 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 04:25 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 04:25 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 04:25 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 04:25 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 04:25 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 04:25 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 04:25 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 04:25 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 04:25 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 04:25 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 04:25 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 04:25 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 04:25 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 04:25 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 04:25 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 04:24 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 02:25 - 2014-02-12 02:25 - 01741608 _____ (Premium Installer ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe
2014-02-11 16:38 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 16:38 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 16:38 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 16:38 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 16:38 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 16:38 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 16:37 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 16:37 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 16:37 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 16:37 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 16:37 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 16:37 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 16:37 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 16:37 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 16:37 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 16:37 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 16:37 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 16:37 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 16:37 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 16:37 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 16:36 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 16:36 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 16:36 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 16:36 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-11 00:48 - 2013-12-17 15:06 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-02-11 00:48 - 2013-12-17 15:06 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-02-11 00:34 - 2014-02-11 00:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 00:29 - 2014-02-11 00:29 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9 (1).exe
2014-02-10 23:49 - 2012-12-13 11:47 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2014-02-10 23:49 - 2012-12-13 11:47 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2014-02-10 23:48 - 2014-02-16 20:50 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-10 23:05 - 2014-02-10 23:08 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro Pro 8.5.6.5.Multi6.[Eng,Esp,Ital,Fran,Deut,Nederl].x86.&.x64+keygen
2014-02-10 22:59 - 2014-02-10 23:09 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid}
2014-02-09 08:58 - 2014-02-09 08:59 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp
2014-02-09 08:58 - 2014-02-09 08:59 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp
2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe
2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff
2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2014-01-31 20:18 - 2014-01-31 20:21 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe
2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls
2014-01-27 00:50 - 2014-01-31 06:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-27 00:50 - 2014-01-31 06:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-27 00:49 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-27 00:49 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-27 00:49 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-27 00:49 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-27 00:49 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-27 00:49 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-27 00:49 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-27 00:49 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-27 00:49 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-27 00:49 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-27 00:49 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-27 00:49 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-27 00:49 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-27 00:49 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-27 00:49 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-27 00:49 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-27 00:49 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-27 00:49 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-27 00:49 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-27 00:49 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-27 00:49 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-27 00:49 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-27 00:49 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-27 00:49 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-27 00:42 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-27 00:42 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-26 22:57 - 2014-01-31 22:22 - 00018342 _____ () C:\Users\Owner\Downloads\install.log
2014-01-26 22:52 - 2014-01-26 22:55 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup.exe
2014-01-26 19:52 - 2014-01-26 19:52 - 01030144 _____ () C:\Users\Owner\Downloads\Wellness Coordinator SAMPLE schedule.xls
2014-01-26 01:03 - 2014-02-21 11:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\CarbonPoker
2014-01-25 23:04 - 2014-01-25 23:04 - 00169929 _____ () C:\Users\Owner\Downloads\theagingbrain-110301113100-phpapp02.pptx
2014-01-25 23:03 - 2014-01-25 23:03 - 01659904 _____ () C:\Users\Owner\Downloads\virtualsupportforcaregiversofpersonswithalzheimers-110321160856-phpapp02.ppt
2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180325-phpapp02.pptx
2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180241-phpapp02.pptx
2014-01-25 23:02 - 2014-01-25 23:02 - 02695944 _____ () C:\Users\Owner\Downloads\theartsdementia-121102141030-phpapp02.pptx
2014-01-25 23:02 - 2014-01-25 23:02 - 00169642 _____ () C:\Users\Owner\Downloads\powerpointpresentationebp-111214123521-phpapp02.pptx
2014-01-25 23:01 - 2014-01-25 23:01 - 09115648 _____ () C:\Users\Owner\Downloads\barbarasharpdementiaandsightloss-131210143332-phpapp01.ppt
2014-01-25 23:00 - 2014-01-25 23:00 - 03156480 _____ () C:\Users\Owner\Downloads\whydotheydothat1-100327064247-phpapp01.ppt
2014-01-25 23:00 - 2014-01-25 23:00 - 00365056 _____ () C:\Users\Owner\Downloads\challengingbehaviorsshort-100326114129-phpapp01-130228115656-phpapp01.ppt
2014-01-25 22:59 - 2014-01-25 22:59 - 01935579 _____ () C:\Users\Owner\Downloads\thegemsofcaregiving-shortversion-100326104845-phpapp01.pptx
2014-01-25 22:59 - 2014-01-25 22:59 - 01284096 _____ () C:\Users\Owner\Downloads\bathing-100327062714-phpapp02.ppt
2014-01-25 22:59 - 2014-01-25 22:59 - 01162179 _____ () C:\Users\Owner\Downloads\caringforlovedoneswithdementia1-29-13-130711095659-phpapp02.pptx
2014-01-25 22:37 - 2014-01-26 19:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro
2014-01-25 22:34 - 2014-02-10 23:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Downloaded Installations
2014-01-25 22:34 - 2014-01-25 22:34 - 00000000 ____D () C:\ProgramData\Nitro
2014-01-25 22:30 - 2014-01-25 22:30 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9.exe
2014-01-25 18:16 - 2014-01-25 18:16 - 00019066 _____ () C:\Users\Owner\Downloads\activity programming - special challenges.pptx
2014-01-24 19:21 - 2014-01-24 19:32 - 00000000 ____D () C:\Users\Owner\Downloads\60 Poker eBooks
2014-01-24 19:20 - 2014-01-24 19:20 - 00038337 _____ () C:\Users\Owner\Downloads\60 Poker eBooks[www.bestpokertorrents.com].torrent
2014-01-24 19:19 - 2014-01-24 19:19 - 00004132 _____ () C:\Users\Owner\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com].torrent
 
==================== One Month Modified Files and Folders =======
 
2014-02-22 02:20 - 2014-02-22 02:19 - 00000000 ____D () C:\FRST
2014-02-22 02:20 - 2014-02-22 02:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping
2014-02-22 02:19 - 2014-02-17 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 02:19 - 2014-02-17 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 02:19 - 2013-01-23 15:07 - 01088836 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 02:18 - 2014-02-22 01:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-22 02:18 - 2013-01-25 16:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 02:18 - 2013-01-25 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-22 02:15 - 2013-07-22 08:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker
2014-02-22 01:47 - 2013-01-25 18:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 00:43 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-22 00:43 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-22 00:33 - 2014-02-20 22:46 - 00000168 _____ () C:\Windows\setupact.log
2014-02-22 00:33 - 2013-01-25 18:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-22 00:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 12:16 - 2014-02-20 16:44 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls
2014-02-21 11:29 - 2013-04-04 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\eclipse
2014-02-21 11:07 - 2014-01-26 01:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CarbonPoker
2014-02-21 10:10 - 2014-01-08 07:46 - 00000000 ____D () C:\Program Files (x86)\Sendori
2014-02-21 10:06 - 2014-02-17 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player
2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-02-20 23:14 - 2013-10-10 21:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 21:56 - 2013-08-04 06:41 - 00000000 ____D () C:\Program Files (x86)\MacGo
2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}
2014-02-20 21:34 - 2013-01-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg
2014-02-20 21:27 - 2013-03-05 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-02-20 21:27 - 2013-01-26 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2014-02-20 21:26 - 2013-01-23 15:03 - 00000000 ____D () C:\Windows\Panther
2014-02-20 21:25 - 2013-12-05 06:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 21:25 - 2013-03-05 22:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 21:23 - 2014-02-20 21:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 21:18 - 2014-02-20 21:17 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe
2014-02-20 16:25 - 2013-01-24 08:44 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-20 14:01 - 2014-02-20 14:00 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls
2014-02-19 06:55 - 2013-01-27 19:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin
2014-02-19 00:31 - 2013-05-28 19:41 - 00000092 _____ () C:\Users\Owner\Desktop\direct tv.txt
2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-18 20:26 - 2014-02-18 20:19 - 131703088 _____ () C:\Users\Owner\Downloads\setup_11.0.1.1245.x01_2014_02_19_03_38.exe
2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe
2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe
2014-02-18 14:12 - 2014-02-18 14:10 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe
2014-02-18 11:55 - 2013-01-25 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-02-18 11:12 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe
2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-16 23:58 - 2014-02-16 23:57 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-02-16 21:34 - 2014-01-20 19:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven
2014-02-16 20:50 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-16 04:12 - 2013-07-27 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:01 - 2013-01-24 14:32 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 21:27 - 2014-02-14 21:22 - 00000000 ____D () C:\AdwCleaner
2014-02-14 18:12 - 2013-10-10 21:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe
2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe
2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe
2014-02-14 06:20 - 2013-03-10 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-14 06:20 - 2013-03-10 10:40 - 00000000 ____D () C:\ProgramData\Skype
2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe
2014-02-12 22:17 - 2013-01-26 19:42 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-02-12 12:25 - 2013-01-26 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 08:37 - 2013-01-25 11:34 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 05:43 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 02:25 - 2014-02-12 02:25 - 01741608 _____ (Premium Installer ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe
2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-11 00:47 - 2014-02-11 00:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 00:29 - 2014-02-11 00:29 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9 (1).exe
2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-10 23:45 - 2014-01-25 22:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Downloaded Installations
2014-02-10 23:09 - 2014-02-10 22:59 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid}
2014-02-10 23:08 - 2014-02-10 23:05 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro Pro 8.5.6.5.Multi6.[Eng,Esp,Ital,Fran,Deut,Nederl].x86.&.x64+keygen
2014-02-10 17:42 - 2013-01-25 18:10 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 17:42 - 2013-01-25 18:10 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 09:01 - 2013-01-25 18:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 08:59 - 2014-02-09 08:58 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp
2014-02-09 08:59 - 2014-02-09 08:58 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp
2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe
2014-02-08 23:04 - 2013-04-05 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager
2014-02-08 22:58 - 2013-04-05 19:47 - 00000000 ____D () C:\Users\postgres
2014-02-08 08:24 - 2013-01-27 19:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Newsbin
2014-02-08 08:22 - 2013-11-17 21:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff
2014-02-07 23:26 - 2013-05-17 05:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-02-06 07:16 - 2014-02-12 04:25 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 04:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 04:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 04:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 04:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 04:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 04:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 04:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 04:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 04:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:48 - 2014-02-12 04:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:38 - 2014-02-12 04:25 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 04:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 04:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 04:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 04:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 04:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 04:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:57 - 2014-02-12 04:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:52 - 2014-02-12 04:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 04:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 04:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 04:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 04:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 04:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 04:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:25 - 2014-02-12 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:24 - 2014-02-12 04:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 04:25 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 04:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 04:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 04:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 04:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 04:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 04:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff
2014-02-02 23:35 - 2013-12-30 09:55 - 00014831 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx
2014-02-01 06:46 - 2013-05-06 19:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}
2014-01-31 22:43 - 2013-04-05 19:31 - 00000000 ____D () C:\Program Files (x86)\PSQLINSTALL
2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2014-01-31 22:22 - 2014-01-26 22:57 - 00018342 _____ () C:\Users\Owner\Downloads\install.log
2014-01-31 20:21 - 2014-01-31 20:18 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe
2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls
2014-01-27 01:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-26 22:55 - 2014-01-26 22:52 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup.exe
2014-01-26 19:52 - 2014-01-26 19:52 - 01030144 _____ () C:\Users\Owner\Downloads\Wellness Coordinator SAMPLE schedule.xls
2014-01-26 19:35 - 2014-01-25 22:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro
2014-01-25 23:04 - 2014-01-25 23:04 - 00169929 _____ () C:\Users\Owner\Downloads\theagingbrain-110301113100-phpapp02.pptx
2014-01-25 23:03 - 2014-01-25 23:03 - 01659904 _____ () C:\Users\Owner\Downloads\virtualsupportforcaregiversofpersonswithalzheimers-110321160856-phpapp02.ppt
2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180325-phpapp02.pptx
2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180241-phpapp02.pptx
2014-01-25 23:02 - 2014-01-25 23:02 - 02695944 _____ () C:\Users\Owner\Downloads\theartsdementia-121102141030-phpapp02.pptx
2014-01-25 23:02 - 2014-01-25 23:02 - 00169642 _____ () C:\Users\Owner\Downloads\powerpointpresentationebp-111214123521-phpapp02.pptx
2014-01-25 23:01 - 2014-01-25 23:01 - 09115648 _____ () C:\Users\Owner\Downloads\barbarasharpdementiaandsightloss-131210143332-phpapp01.ppt
2014-01-25 23:00 - 2014-01-25 23:00 - 03156480 _____ () C:\Users\Owner\Downloads\whydotheydothat1-100327064247-phpapp01.ppt
2014-01-25 23:00 - 2014-01-25 23:00 - 00365056 _____ () C:\Users\Owner\Downloads\challengingbehaviorsshort-100326114129-phpapp01-130228115656-phpapp01.ppt
2014-01-25 22:59 - 2014-01-25 22:59 - 01935579 _____ () C:\Users\Owner\Downloads\thegemsofcaregiving-shortversion-100326104845-phpapp01.pptx
2014-01-25 22:59 - 2014-01-25 22:59 - 01284096 _____ () C:\Users\Owner\Downloads\bathing-100327062714-phpapp02.ppt
2014-01-25 22:59 - 2014-01-25 22:59 - 01162179 _____ () C:\Users\Owner\Downloads\caringforlovedoneswithdementia1-29-13-130711095659-phpapp02.pptx
2014-01-25 22:34 - 2014-01-25 22:34 - 00000000 ____D () C:\ProgramData\Nitro
2014-01-25 22:30 - 2014-01-25 22:30 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9.exe
2014-01-25 18:16 - 2014-01-25 18:16 - 00019066 _____ () C:\Users\Owner\Downloads\activity programming - special challenges.pptx
2014-01-24 19:32 - 2014-01-24 19:21 - 00000000 ____D () C:\Users\Owner\Downloads\60 Poker eBooks
2014-01-24 19:20 - 2014-01-24 19:20 - 00038337 _____ () C:\Users\Owner\Downloads\60 Poker eBooks[www.bestpokertorrents.com].torrent
2014-01-24 19:19 - 2014-01-24 19:19 - 00004132 _____ () C:\Users\Owner\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com].torrent
 
Files to move or delete:
====================
C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\javasysmo2266926979759898993.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3455512536184911466.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4314073434141753065.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5297585515190156013.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-19 05:45
 
==================== End Of Log ============================
 
 
Here is addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Owner at 2014-02-22 02:24:54
Running from C:\Users\Owner\Desktop\Bleeping
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x32 Version:  - )
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
Ailt TIFF TIF to PPT PPTX Converter 6.1 (x32 Version:  - Ailtware,Inc.)
AVG SafeGuard toolbar (x32 Version: 17.3.2.101 - AVG Technologies)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (x32 Version: 1.3.347.0 - Microsoft Corporation)
CarbonPoker (HKCU Version: 6.0 - )
CCleaner (Version: 4.10 - Piriform)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0337 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell Webcam Central (x32 Version: 1.40.05 - Creative Technology Ltd)
DIRECTV Player (x32 Version: 9.2 - DIRECTV)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
EaseUS Data Recovery Wizard 7.0 (x32 Version:  - EaseUS)
EaseUS Partition Master 9.3.0 (x32 Version:  - EaseUS)
ESET Online Scanner v3 (x32 Version:  - )
Free Studio version 2013 (x32 Version: 6.1.12.925 - DVDVideoSoft Ltd.)
Gamers Unite! Snag Bar (HKCU Version:  - )
Google Chrome (x32 Version: 33.0.1750.117 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Holdem Manager 2 (x32 Version:  - )
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (x32 Version: 28.0.0 - Hewlett Packard)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Turbo Boost Technology Driver (x32 Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1 - Creative Technology Ltd)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Newsbin Pro (Version: 6.41 - DJI Interprises, LLC)
Nitro Pro 9 (Version: 9.0.5.9 - Nitro) Hidden
Nitro Pro 9 (x32 Version: 9.0.5.9 - Nitro)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.26.D - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (x32 Version: 2.0.26.D - O2Micro International LTD.)
Okdo Gif Tif to PowerPoint Converter 4.9 (x32 Version:  - Okdo Software, Inc.)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PokerStove version 1.24 (x32 Version:  - )
PostgreSQL 8.4 (x32 Version: 8.4 - PostgreSQL Global Development Group)
PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)
QuickPar 0.9 (x32 Version: 0.9 - Peter B. Clements)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Premier (x32 Version: 10.1 - Roxio)
Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Sendori (x32 Version: 2.0.16 - Sendori, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (x32 Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
SoulseekQt (x32 Version:  - )
Synaptics Pointing Device Driver (Version: 15.0.3.0 - Synaptics Incorporated)
Tag&Rename 3.7.5 beta 1 (x32 Version: 3.7.5 beta 1 - Softpointer Inc)
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1925 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0433 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnciper (x32 Version: 012.000.1276 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0F79A8A9-1EE6-45CD-B150-820A88E8F783} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {15CA5B62-1812-441E-B630-DCEBA46A506C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: {3D186C17-D832-4253-8020-54669A5B9F30} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {696E4C7E-4AFB-477A-954D-6AB03B7A8974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: {83C79606-B181-4F22-91B3-2A8E70F8A2F2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A1CE7B56-C835-4104-99F9-C9FF493C9176} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {A6909A0C-5FEC-41C1-86CD-8E29F3B0CA92} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B793CC7D-75E8-4989-ACD4-C0977B1D92F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07877480 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2013-09-24 13:17 - 2013-09-24 13:17 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-04-05 19:38 - 2013-02-05 01:09 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2013-04-05 19:38 - 2012-08-14 08:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00332128 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 03094880 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 02157928 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-11-17 11:44 - 2013-11-17 11:44 - 07554400 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00689000 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 01403224 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-11-17 11:45 - 2013-11-17 11:45 - 00091976 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\z.dll
2014-02-22 00:50 - 2014-02-19 20:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-22 00:50 - 2014-02-19 20:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-22 00:50 - 2014-02-19 20:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-22 00:50 - 2014-02-19 20:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-22 00:50 - 2014-02-19 20:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-22 00:50 - 2014-02-19 20:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-22 00:50 - 2014-02-19 20:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2014 00:33:55 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:55 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:54 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:54 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:53 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:53 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:51 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:51 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:50 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:50 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:49 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 00:33:49 ESTFATAL:  the database system is starting up
 
Error: (02/21/2014 11:19:08 AM) (Source: Application Hang) (User: )
Description: The program client.exe version 2014.217.1328.1760 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2284
 
Start Time: 01cf2f1efba71638
 
Termination Time: 850
 
Application Path: C:\Program Files (x86)\CarbonPoker\client.exe
 
Report Id: d243017d-9b13-11e3-b432-0026b9dbb059
 
Error: (02/21/2014 08:43:04 AM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (02/21/2014 08:39:01 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-21 08:39:01 ESTFATAL:  the database system is starting up
 
Error: (02/20/2014 10:51:31 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
System errors:
=============
Error: (02/22/2014 00:35:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (02/22/2014 00:35:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (02/22/2014 00:33:49 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error: 
%%2
 
Error: (02/21/2014 08:41:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.
 
Error: (02/21/2014 08:39:03 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error: 
%%2
 
Error: (02/21/2014 08:32:28 AM) (Source: DCOM) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (02/21/2014 08:30:38 AM) (Source: DCOM) (User: )
Description: {C50477A2-69CD-4614-95CE-AB653E65F039}
 
Error: (02/21/2014 07:27:46 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service failed to start due to the following error: 
%%1053
 
Error: (02/21/2014 07:27:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
 
Error: (02/21/2014 07:26:08 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/22/2014 00:33:55 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:55 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:54 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:54 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:53 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:53 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:51 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:51 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:50 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:50 ESTFATAL:  the database system is starting up
 
Error: (02/22/2014 00:33:49 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 00:33:49 ESTFATAL:  the database system is starting up
 
Error: (02/21/2014 11:19:08 AM) (Source: Application Hang)(User: )
Description: client.exe2014.217.1328.1760228401cf2f1efba71638850C:\Program Files (x86)\CarbonPoker\client.exed243017d-9b13-11e3-b432-0026b9dbb059
 
Error: (02/21/2014 08:43:04 AM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (02/21/2014 08:39:01 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-21 08:39:01 ESTFATAL:  the database system is starting up
 
Error: (02/20/2014 10:51:31 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-01-25 11:24:37.744
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-01-25 11:24:37.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-01-25 11:24:33.236
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-01-25 11:24:33.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 61%
Total physical RAM: 3764.54 MB
Available physical RAM: 1467 MB
Total Pagefile: 7527.27 MB
Available Pagefile: 2000.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:8.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1A9F0BFB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 22 February 2014 - 01:50 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 February 2014 - 12:18 AM

I have tried to run combofix 3 times.  Each time was immediately after a reboot and each time resulted in this error:

 

     A little box opens with the title "Windows Command Processor

 

It says "Windows Command Processor has stopped working"

 

"A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution is avsailable"

 

After that the only active button is "Close Program" and the combofix program stops running.

 

There is no other information nor message.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 23 February 2014 - 09:20 AM

Ok.


Step 1

Please download this attached Attached File  fixlist.txt   1.27KB   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.
Reboot your computer.



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 February 2014 - 08:43 PM

Here is fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2014 02

Ran by Owner at 2014-02-23 19:49:23 Run:1

Running from C:\Users\Owner\Desktop\Bleeping

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [Microsoft Webupdater] - C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe [169365504 2013-09-13] (Heaventools Software)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Microsoft Webupdater] - C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe [169365504 2013-09-13] (Heaventools Software) <===== ATTENTION

C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780

IFEO\hijackthis.exe: [Debugger] ct_.exe

IFEO\housecalllauncher.exe: [Debugger] az_.exe

IFEO\rstrui.exe: [Debugger] he_.exe

IFEO\spybotsd.exe: [Debugger] au_.exe

S3 gwiopm; \??\C:\Users\Owner\AppData\Local\Temp\HBCD\gwiopm.sys [X]

2014-01-25 22:30 - 2014-01-25 22:30 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9.exe

2014-02-11 00:29 - 2014-02-11 00:29 - 01629744 _____ (Nitro) C:\Users\Owner\Downloads\nitro_pro9 (1).exe

2014-02-10 23:05 - 2014-02-10 23:08 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro Pro 8.5.6.5.Multi6.[Eng,Esp,Ital,Fran,Deut,Nederl].x86.&.x64+keygen

2014-02-10 22:59 - 2014-02-10 23:09 - 00000000 ____D () C:\Users\Owner\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid}

C:\Users\Owner\AppData\Local\Temp\*.dll

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Microsoft Webupdater => Value deleted successfully.

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Webupdater => Value deleted successfully.

 

"C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780" directory move:

 

Could not move "C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe" => Scheduled to move on reboot.

Could not move "C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780" directory. => Scheduled to move on reboot.

 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.

gwiopm => Service deleted successfully.

C:\Users\Owner\Downloads\nitro_pro9.exe => Moved successfully.

C:\Users\Owner\Downloads\nitro_pro9 (1).exe => Moved successfully.

C:\Users\Owner\Downloads\Nitro Pro 8.5.6.5.Multi6.[Eng,Esp,Ital,Fran,Deut,Nederl].x86.&.x64+keygen => Moved successfully.

C:\Users\Owner\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid} => Moved successfully.

C:\Users\Owner\AppData\Local\Temp\*.dll => Moved successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-23 19:52:01)<=

 

"C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe" => File could not move.

C:\Users\Owner\AppData\Local\Temp\Rar$EXa0.780 => Is moved successfully.

 

==== End of Fixlog ====

 

 

Here is frst.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02

Ran by Owner (administrator) on OWNER-PC on 23-02-2014 20:19:51

Running from C:\Users\Owner\Desktop\Bleeping

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\pg_ctl.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriControl.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)

HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)

HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)

HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] - C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-21]

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchKeyword: ask

CHR DefaultSearchProvider: Norton Safe Search

CHR DefaultSearchURL: http://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()

CHR Plugin: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-25]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-25]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-25]

CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]

CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-25]

CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]

 

==================== Services (Whitelisted) =================

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]

S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140223.005\ENG64.SYS [126040 2014-01-24] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140223.005\EX64.SYS [2099288 2014-01-24] (Symantec Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

U3 a5yywp47; C:\Windows\System32\Drivers\a5yywp47.sys [0 ] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-23 16:18 - 2014-02-23 19:51 - 00001166 _____ () C:\Windows\PFRO.log

2014-02-23 16:17 - 2014-02-23 16:17 - 00000000 _____ () C:\Windows\SysWOW64\sho1720.tmp

2014-02-23 10:58 - 2014-02-23 16:12 - 00000000 ___SD () C:\ComboFix

2014-02-23 08:31 - 2014-02-23 08:31 - 00000000 _____ () C:\Windows\SysWOW64\sho7603.tmp

2014-02-23 08:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-23 08:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-23 08:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-23 08:16 - 2014-02-23 08:24 - 00000000 ____D () C:\Qoobox

2014-02-22 22:49 - 2014-02-22 22:49 - 00000000 ____D () C:\Windows\erdnt

2014-02-22 22:44 - 2014-02-22 22:45 - 05183886 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe

2014-02-22 21:45 - 2014-02-22 21:46 - 169685608 ____T () C:\Windows\SysWOW64\00006785.tmp

2014-02-22 21:45 - 2014-02-22 21:45 - 169685608 ____T () C:\Windows\SysWOW64\00029727.tmp

2014-02-22 02:19 - 2014-02-23 20:19 - 00000000 ____D () C:\FRST

2014-02-22 02:18 - 2014-02-23 20:19 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-02-22 01:18 - 2014-02-22 02:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com

2014-02-20 22:46 - 2014-02-23 19:51 - 00000672 _____ () C:\Windows\setupact.log

2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}

2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg

2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-20 21:22 - 2014-02-20 21:23 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-20 21:17 - 2014-02-20 21:18 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe

2014-02-20 16:44 - 2014-02-21 12:16 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls

2014-02-20 14:00 - 2014-02-20 14:01 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls

2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe

2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe

2014-02-18 14:10 - 2014-02-18 14:12 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-02-17 22:11 - 2014-02-22 21:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player

2014-02-17 22:10 - 2014-02-23 20:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-17 22:10 - 2014-02-22 02:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe

2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-16 23:57 - 2014-02-16 23:58 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 21:22 - 2014-02-14 21:27 - 00000000 ____D () C:\AdwCleaner

2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe

2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe

2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe

2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe

2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe

2014-02-12 04:36 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 04:36 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-12 04:26 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 04:26 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-12 04:26 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-12 04:26 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-12 04:26 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 04:26 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-12 04:26 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-12 04:26 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 04:26 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-12 04:26 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-12 04:26 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-12 04:26 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-12 04:26 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-12 04:26 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-12 04:26 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 04:26 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-12 04:26 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-12 04:26 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-12 04:26 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-12 04:26 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-12 04:26 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-12 04:25 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 04:25 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 04:25 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-12 04:25 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-12 04:25 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-12 04:25 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 04:25 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-12 04:25 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-12 04:25 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 04:25 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 04:25 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-12 04:25 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-12 04:25 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 04:25 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-12 04:25 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-12 04:25 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-12 04:25 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-12 04:24 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 02:25 - 2014-02-12 02:25 - 01741608 _____ (Premium Installer ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe

2014-02-11 16:38 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-11 16:38 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-11 16:38 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-11 16:38 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-11 16:38 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-11 16:38 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-11 16:37 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-11 16:37 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-11 16:37 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-11 16:37 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-11 16:37 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-11 16:36 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-11 16:36 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-11 16:36 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-11 16:36 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk

2014-02-11 00:48 - 2013-12-17 15:06 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll

2014-02-11 00:48 - 2013-12-17 15:06 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll

2014-02-11 00:34 - 2014-02-11 00:47 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-10 23:49 - 2012-12-13 11:47 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll

2014-02-10 23:49 - 2012-12-13 11:47 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll

2014-02-10 23:48 - 2014-02-16 20:50 - 00000000 ____D () C:\Program Files (x86)\Nitro

2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro

2014-02-09 08:58 - 2014-02-09 08:59 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp

2014-02-09 08:58 - 2014-02-09 08:59 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp

2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe

2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff

2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2

2014-01-31 20:18 - 2014-01-31 20:21 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe

2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls

2014-01-27 00:50 - 2014-01-31 06:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-01-27 00:50 - 2014-01-31 06:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-01-27 00:49 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-01-27 00:49 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-01-27 00:49 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-01-27 00:49 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-01-27 00:49 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-01-27 00:49 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-01-27 00:49 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-01-27 00:49 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-01-27 00:49 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-01-27 00:49 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-01-27 00:49 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-01-27 00:49 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-01-27 00:49 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-01-27 00:49 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-01-27 00:49 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-01-27 00:49 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-01-27 00:49 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-01-27 00:49 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-01-27 00:49 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2014-01-27 00:49 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-01-27 00:49 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-01-27 00:49 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-01-27 00:49 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-01-27 00:49 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-01-27 00:42 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-01-27 00:42 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-01-26 22:57 - 2014-01-31 22:22 - 00018342 _____ () C:\Users\Owner\Downloads\install.log

2014-01-26 22:52 - 2014-01-26 22:55 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup.exe

2014-01-26 19:52 - 2014-01-26 19:52 - 01030144 _____ () C:\Users\Owner\Downloads\Wellness Coordinator SAMPLE schedule.xls

2014-01-26 01:03 - 2014-02-21 11:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\CarbonPoker

2014-01-25 23:04 - 2014-01-25 23:04 - 00169929 _____ () C:\Users\Owner\Downloads\theagingbrain-110301113100-phpapp02.pptx

2014-01-25 23:03 - 2014-01-25 23:03 - 01659904 _____ () C:\Users\Owner\Downloads\virtualsupportforcaregiversofpersonswithalzheimers-110321160856-phpapp02.ppt

2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180325-phpapp02.pptx

2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180241-phpapp02.pptx

2014-01-25 23:02 - 2014-01-25 23:02 - 02695944 _____ () C:\Users\Owner\Downloads\theartsdementia-121102141030-phpapp02.pptx

2014-01-25 23:02 - 2014-01-25 23:02 - 00169642 _____ () C:\Users\Owner\Downloads\powerpointpresentationebp-111214123521-phpapp02.pptx

2014-01-25 23:01 - 2014-01-25 23:01 - 09115648 _____ () C:\Users\Owner\Downloads\barbarasharpdementiaandsightloss-131210143332-phpapp01.ppt

2014-01-25 23:00 - 2014-01-25 23:00 - 03156480 _____ () C:\Users\Owner\Downloads\whydotheydothat1-100327064247-phpapp01.ppt

2014-01-25 23:00 - 2014-01-25 23:00 - 00365056 _____ () C:\Users\Owner\Downloads\challengingbehaviorsshort-100326114129-phpapp01-130228115656-phpapp01.ppt

2014-01-25 22:59 - 2014-01-25 22:59 - 01935579 _____ () C:\Users\Owner\Downloads\thegemsofcaregiving-shortversion-100326104845-phpapp01.pptx

2014-01-25 22:59 - 2014-01-25 22:59 - 01284096 _____ () C:\Users\Owner\Downloads\bathing-100327062714-phpapp02.ppt

2014-01-25 22:59 - 2014-01-25 22:59 - 01162179 _____ () C:\Users\Owner\Downloads\caringforlovedoneswithdementia1-29-13-130711095659-phpapp02.pptx

2014-01-25 22:37 - 2014-01-26 19:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro

2014-01-25 22:34 - 2014-02-10 23:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Downloaded Installations

2014-01-25 22:34 - 2014-01-25 22:34 - 00000000 ____D () C:\ProgramData\Nitro

2014-01-25 18:16 - 2014-01-25 18:16 - 00019066 _____ () C:\Users\Owner\Downloads\activity programming - special challenges.pptx

2014-01-24 19:21 - 2014-01-24 19:32 - 00000000 ____D () C:\Users\Owner\Downloads\60 Poker eBooks

2014-01-24 19:20 - 2014-01-24 19:20 - 00038337 _____ () C:\Users\Owner\Downloads\60 Poker eBooks[www.bestpokertorrents.com].torrent

2014-01-24 19:19 - 2014-01-24 19:19 - 00004132 _____ () C:\Users\Owner\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com].torrent

 

==================== One Month Modified Files and Folders =======

 

2014-02-23 20:19 - 2014-02-22 02:19 - 00000000 ____D () C:\FRST

2014-02-23 20:19 - 2014-02-22 02:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-02-23 20:18 - 2014-02-17 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-23 20:15 - 2014-01-08 07:46 - 00000000 ____D () C:\Program Files (x86)\Sendori

2014-02-23 20:00 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-23 20:00 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-23 19:56 - 2013-01-23 15:07 - 01198834 _____ () C:\Windows\WindowsUpdate.log

2014-02-23 19:51 - 2014-02-23 16:18 - 00001166 _____ () C:\Windows\PFRO.log

2014-02-23 19:51 - 2014-02-20 22:46 - 00000672 _____ () C:\Windows\setupact.log

2014-02-23 19:51 - 2013-01-25 18:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-23 19:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-23 19:47 - 2013-01-25 18:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-23 16:28 - 2013-03-05 22:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

2014-02-23 16:26 - 2013-01-25 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live

2014-02-23 16:17 - 2014-02-23 16:17 - 00000000 _____ () C:\Windows\SysWOW64\sho1720.tmp

2014-02-23 16:12 - 2014-02-23 10:58 - 00000000 ___SD () C:\ComboFix

2014-02-23 08:31 - 2014-02-23 08:31 - 00000000 _____ () C:\Windows\SysWOW64\sho7603.tmp

2014-02-23 08:24 - 2014-02-23 08:16 - 00000000 ____D () C:\Qoobox

2014-02-23 02:24 - 2013-07-22 08:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker

2014-02-23 02:24 - 2013-04-04 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\eclipse

2014-02-22 23:54 - 2013-01-27 19:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin

2014-02-22 22:49 - 2014-02-22 22:49 - 00000000 ____D () C:\Windows\erdnt

2014-02-22 22:45 - 2014-02-22 22:44 - 05183886 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe

2014-02-22 21:46 - 2014-02-22 21:45 - 169685608 ____T () C:\Windows\SysWOW64\00006785.tmp

2014-02-22 21:45 - 2014-02-22 21:45 - 169685608 ____T () C:\Windows\SysWOW64\00029727.tmp

2014-02-22 21:37 - 2014-02-17 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player

2014-02-22 02:19 - 2014-02-17 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-22 02:18 - 2014-02-22 01:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-22 02:18 - 2013-01-25 16:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-22 02:18 - 2013-01-25 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-21 12:16 - 2014-02-20 16:44 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls

2014-02-21 11:07 - 2014-01-26 01:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CarbonPoker

2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com

2014-02-20 23:14 - 2013-10-10 21:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox

2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-20 21:56 - 2013-08-04 06:41 - 00000000 ____D () C:\Program Files (x86)\MacGo

2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}

2014-02-20 21:34 - 2013-01-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Roxio

2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg

2014-02-20 21:27 - 2013-03-05 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent

2014-02-20 21:27 - 2013-01-26 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite

2014-02-20 21:26 - 2013-01-23 15:03 - 00000000 ____D () C:\Windows\Panther

2014-02-20 21:25 - 2013-12-05 06:46 - 00000000 ____D () C:\Windows\Minidump

2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-20 21:23 - 2014-02-20 21:22 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-20 21:18 - 2014-02-20 21:17 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe

2014-02-20 16:25 - 2013-01-24 08:44 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-20 14:01 - 2014-02-20 14:00 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls

2014-02-19 00:31 - 2013-05-28 19:41 - 00000092 _____ () C:\Users\Owner\Desktop\direct tv.txt

2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe

2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe

2014-02-18 14:12 - 2014-02-18 14:10 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-02-18 11:12 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe

2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-16 23:58 - 2014-02-16 23:57 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-02-16 21:34 - 2014-01-20 19:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven

2014-02-16 20:50 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files (x86)\Nitro

2014-02-16 04:12 - 2013-07-27 02:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-16 03:01 - 2013-01-24 14:32 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 21:27 - 2014-02-14 21:22 - 00000000 ____D () C:\AdwCleaner

2014-02-14 18:12 - 2013-10-10 21:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar

2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe

2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe

2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe

2014-02-14 06:20 - 2013-03-10 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-02-14 06:20 - 2013-03-10 10:40 - 00000000 ____D () C:\ProgramData\Skype

2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe

2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe

2014-02-12 22:17 - 2013-01-26 19:42 - 00000000 ____D () C:\Program Files (x86)\ImgBurn

2014-02-12 12:25 - 2013-01-26 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-12 08:37 - 2013-01-25 11:34 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-12 05:43 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini

2014-02-12 02:25 - 2014-02-12 02:25 - 01741608 _____ (Premium Installer ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe

2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk

2014-02-11 00:47 - 2014-02-11 00:34 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro

2014-02-10 23:45 - 2014-01-25 22:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Downloaded Installations

2014-02-10 17:42 - 2013-01-25 18:10 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-10 17:42 - 2013-01-25 18:10 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-09 09:01 - 2013-01-25 18:10 - 00000000 ____D () C:\Program Files (x86)\Google

2014-02-09 08:59 - 2014-02-09 08:58 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp

2014-02-09 08:59 - 2014-02-09 08:58 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp

2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe

2014-02-08 23:04 - 2013-04-05 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager

2014-02-08 22:58 - 2013-04-05 19:47 - 00000000 ____D () C:\Users\postgres

2014-02-08 08:24 - 2013-01-27 19:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Newsbin

2014-02-08 08:22 - 2013-11-17 21:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff

2014-02-07 23:26 - 2013-05-17 05:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc

2014-02-06 07:16 - 2014-02-12 04:25 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 06:30 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 06:30 - 2014-02-12 04:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 06:12 - 2014-02-12 04:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 06:07 - 2014-02-12 04:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 06:06 - 2014-02-12 04:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 05:57 - 2014-02-12 04:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 05:56 - 2014-02-12 04:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 05:52 - 2014-02-12 04:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 05:49 - 2014-02-12 04:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 05:48 - 2014-02-12 04:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 05:48 - 2014-02-12 04:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 05:38 - 2014-02-12 04:25 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 05:32 - 2014-02-12 04:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 05:20 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 05:17 - 2014-02-12 04:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 05:11 - 2014-02-12 04:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 05:01 - 2014-02-12 04:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 05:00 - 2014-02-12 04:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-12 04:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 04:57 - 2014-02-12 04:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 04:52 - 2014-02-12 04:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 04:52 - 2014-02-12 04:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 04:50 - 2014-02-12 04:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 04:49 - 2014-02-12 04:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 04:47 - 2014-02-12 04:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 04:46 - 2014-02-12 04:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 04:25 - 2014-02-12 04:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 04:25 - 2014-02-12 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 04:24 - 2014-02-12 04:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 04:22 - 2014-02-12 04:25 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 04:13 - 2014-02-12 04:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 04:09 - 2014-02-12 04:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 04:03 - 2014-02-12 04:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 03:55 - 2014-02-12 04:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 03:41 - 2014-02-12 04:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 03:40 - 2014-02-12 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 03:36 - 2014-02-12 04:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 03:34 - 2014-02-12 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff

2014-02-02 23:35 - 2013-12-30 09:55 - 00014831 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx

2014-02-01 06:46 - 2013-05-06 19:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}

2014-01-31 22:43 - 2013-04-05 19:31 - 00000000 ____D () C:\Program Files (x86)\PSQLINSTALL

2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2

2014-01-31 22:22 - 2014-01-26 22:57 - 00018342 _____ () C:\Users\Owner\Downloads\install.log

2014-01-31 20:21 - 2014-01-31 20:18 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe

2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls

2014-01-27 01:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-01-26 22:55 - 2014-01-26 22:52 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup.exe

2014-01-26 19:52 - 2014-01-26 19:52 - 01030144 _____ () C:\Users\Owner\Downloads\Wellness Coordinator SAMPLE schedule.xls

2014-01-26 19:35 - 2014-01-25 22:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro

2014-01-25 23:04 - 2014-01-25 23:04 - 00169929 _____ () C:\Users\Owner\Downloads\theagingbrain-110301113100-phpapp02.pptx

2014-01-25 23:03 - 2014-01-25 23:03 - 01659904 _____ () C:\Users\Owner\Downloads\virtualsupportforcaregiversofpersonswithalzheimers-110321160856-phpapp02.ppt

2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180325-phpapp02.pptx

2014-01-25 23:03 - 2014-01-25 23:03 - 00122806 _____ () C:\Users\Owner\Downloads\theeffectsofalzheimersdiseaseonthecaregiver-111212180241-phpapp02.pptx

2014-01-25 23:02 - 2014-01-25 23:02 - 02695944 _____ () C:\Users\Owner\Downloads\theartsdementia-121102141030-phpapp02.pptx

2014-01-25 23:02 - 2014-01-25 23:02 - 00169642 _____ () C:\Users\Owner\Downloads\powerpointpresentationebp-111214123521-phpapp02.pptx

2014-01-25 23:01 - 2014-01-25 23:01 - 09115648 _____ () C:\Users\Owner\Downloads\barbarasharpdementiaandsightloss-131210143332-phpapp01.ppt

2014-01-25 23:00 - 2014-01-25 23:00 - 03156480 _____ () C:\Users\Owner\Downloads\whydotheydothat1-100327064247-phpapp01.ppt

2014-01-25 23:00 - 2014-01-25 23:00 - 00365056 _____ () C:\Users\Owner\Downloads\challengingbehaviorsshort-100326114129-phpapp01-130228115656-phpapp01.ppt

2014-01-25 22:59 - 2014-01-25 22:59 - 01935579 _____ () C:\Users\Owner\Downloads\thegemsofcaregiving-shortversion-100326104845-phpapp01.pptx

2014-01-25 22:59 - 2014-01-25 22:59 - 01284096 _____ () C:\Users\Owner\Downloads\bathing-100327062714-phpapp02.ppt

2014-01-25 22:59 - 2014-01-25 22:59 - 01162179 _____ () C:\Users\Owner\Downloads\caringforlovedoneswithdementia1-29-13-130711095659-phpapp02.pptx

2014-01-25 22:34 - 2014-01-25 22:34 - 00000000 ____D () C:\ProgramData\Nitro

2014-01-25 18:16 - 2014-01-25 18:16 - 00019066 _____ () C:\Users\Owner\Downloads\activity programming - special challenges.pptx

2014-01-24 19:32 - 2014-01-24 19:21 - 00000000 ____D () C:\Users\Owner\Downloads\60 Poker eBooks

2014-01-24 19:20 - 2014-01-24 19:20 - 00038337 _____ () C:\Users\Owner\Downloads\60 Poker eBooks[www.bestpokertorrents.com].torrent

2014-01-24 19:19 - 2014-01-24 19:19 - 00004132 _____ () C:\Users\Owner\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com].torrent

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-19 05:45

 

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 24 February 2014 - 03:48 AM

How is your computer running now? Are there still any symptoms?


Step 1

Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!


#9 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 24 February 2014 - 08:58 PM

It is running much faster now thank you, but I think it still has a way to go

 

Here is mbam-log

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.24.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Owner :: OWNER-PC [administrator]

 

2/24/2014 8:02:24 AM

mbam-log-2014-02-24 (08-02-24).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239196

Time elapsed: 6 minute(s), 7 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Owner\Downloads\Java_Updater_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

 

(end)

 
 
here is the ESET log
 
ESETSmartInstaller@High as downloader log:
all ok
DLL:pipe not connected. attempts=120
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
DLL:pipe not connected. attempts=120
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1e15c8824d4c7d449ef9b53266e6ea90
# engine=17202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-24 06:23:14
# local_time=2014-02-24 01:23:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 0 155772779 0 0
# compatibility_mode=5893 16776574 100 94 18888264 144809644 0 0
# scanned=409222
# found=17
# cleaned=0
# scan_time=17283
sh=FAEC9C07DDBCEF6B8FC9243DC4E01945EF42AA9D ft=1 fh=4b054aeef455a592 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Backup 11292012\desktop\zaSetupWeb_101_101_000_en.exe"
sh=685C5C232AB3620AF3B7C9771F0D0A8E45FF7025 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Backup 11292012\Documents\Archives\MSOffice2010Pro\MS.Office.2010.Pro.Plus.iso"
sh=637FAEC0C76D5FD1F291341514D911553D4FF5C5 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.JAE trojan" ac=I fn="C:\Backup 11292012\Documents\Newsbin Download\alt.binaries.test\Copy(1) of 3 Daniel Hall - Top 5 Secrets to Writing, Publishing & Profiting from Your .rar"
sh=CD6DD8D923CB6C88FDBFA6487FA65D7CEF7F682D ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\Alcohol120.Portable.1.96.rar"
sh=9BDA59A26B75C85AF6FB61FD02E1C5C4F1369444 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70.rar"
sh=20F7F1215C59D0F0B18FBD27429556F261EDBCEE ft=1 fh=bb1f3b8fe6aeca14 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\cnet_smart-pdf-converter-pro-setup_exe.exe"
sh=A252331C5D7080E8D4AA0ABB110C834423188361 ft=1 fh=3f9ce49950469d30 vn="Win32/DownloadAdmin.A.Gen potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\gimp-setup.exe"
sh=6D863C63AEC5D799FCF8FA29BEFAA1A9A62500C9 ft=1 fh=c71c0011d8c1df3d vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\iLividSetupV1.exe.dap"
sh=684ED67DD91D6F2E14FA89D42AF7703C5F60B420 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\Office.2010.Activator.rar"
sh=C8FC69153D78859EBB9070B11B697702C5A9BB91 ft=1 fh=40c63596a68a52cd vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70\BatchRenamePro\Keygen and patch\Keygen.exe"
sh=CB5C6545CC7D0108C3315092A10BFC025BAB5799 ft=1 fh=26022cc2739f4681 vn="a variant of Win32/HackTool.Patcher.U potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\NeroBurningROM.11.0.10500\Patch\Patch.exe"
sh=F4A22C0FFB365DF4551E5E2BBFC82C1D62E48069 ft=1 fh=c71c0011ebe5c035 vn="a variant of Win32/Injector.ANEX trojan" ac=I fn="C:\FRST\Quarantine\Rar$EXa0.78023-02-2014_19-49-27\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe"
sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="C:\Users\Owner\AppData\Local\Temp\Av-test.txt"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\ccsetup410.exe"
sh=5E6A0950D61C36F74BDDBB3E5123A0A844683BEA ft=1 fh=52470d0f717b11f5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\epm.exe"
sh=AC331FC17EDB1DB1463BC349FEF9557D034AD635 ft=1 fh=2d193fcb43bbe26d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\FreeStudio.exe"
sh=6C14FB7A268D8941A092BDF2B17A563724454299 ft=1 fh=4a584e441d23f7f9 vn="Win32/Toolbar.Babylon.T potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ReimageRepair.exe"


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 25 February 2014 - 05:01 AM

The logs don't show active malware anymore.

Are there still redirects occuring or any other symptoms (apart from not being as fast as it could be)?



#11 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 February 2014 - 07:24 AM

No.  No redirects only speed as far as i can tell.



#12 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 February 2014 - 08:55 PM

Any further instructions?



#13 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 26 February 2014 - 08:26 PM

OOPS.  Spoke too soon.  Browser just redirected to 

 

http://tech.manolith.com/searchresults3.aspx?keywords=video+websites 



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 27 February 2014 - 03:37 AM

Ok, then we need a fresh FRST log:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#15 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 27 February 2014 - 08:02 AM

Here is frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02

Ran by Owner (administrator) on OWNER-PC on 27-02-2014 08:01:20

Running from C:\Users\Owner\Desktop\Bleeping

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\pg_ctl.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

() C:\Program Files (x86)\CarbonPoker\client.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)

HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)

HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)

HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] - C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-21]

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchKeyword: ask

CHR DefaultSearchProvider: Norton Safe Search

CHR DefaultSearchURL: http://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()

CHR Plugin: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-25]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-25]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-25]

CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]

CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-25]

CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]

 

==================== Services (Whitelisted) =================

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]

S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140226.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.024\ENG64.SYS [126040 2014-01-24] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.024\EX64.SYS [2099288 2014-01-24] (Symantec Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

U3 a3dq8vad; C:\Windows\System32\Drivers\a3dq8vad.sys [0 ] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-24 08:30 - 2014-02-24 08:30 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (2).exe

2014-02-24 07:57 - 2014-02-24 07:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes

2014-02-24 07:56 - 2014-02-24 07:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-24 07:56 - 2014-02-24 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-24 07:56 - 2014-02-24 07:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-24 07:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-23 16:18 - 2014-02-24 08:27 - 00001504 _____ () C:\Windows\PFRO.log

2014-02-23 16:17 - 2014-02-23 16:17 - 00000000 _____ () C:\Windows\SysWOW64\sho1720.tmp

2014-02-23 10:58 - 2014-02-23 16:12 - 00000000 ___SD () C:\ComboFix

2014-02-23 08:31 - 2014-02-23 08:31 - 00000000 _____ () C:\Windows\SysWOW64\sho7603.tmp

2014-02-23 08:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-23 08:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-23 08:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-23 08:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-23 08:16 - 2014-02-23 08:24 - 00000000 ____D () C:\Qoobox

2014-02-22 22:49 - 2014-02-22 22:49 - 00000000 ____D () C:\Windows\erdnt

2014-02-22 22:44 - 2014-02-22 22:45 - 05183886 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe

2014-02-22 02:19 - 2014-02-27 08:01 - 00000000 ____D () C:\FRST

2014-02-22 02:18 - 2014-02-27 08:01 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-02-22 01:18 - 2014-02-22 02:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com

2014-02-20 22:46 - 2014-02-24 08:27 - 00000728 _____ () C:\Windows\setupact.log

2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}

2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg

2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-20 21:22 - 2014-02-20 21:23 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-20 21:17 - 2014-02-20 21:18 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe

2014-02-20 16:44 - 2014-02-21 12:16 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls

2014-02-20 14:00 - 2014-02-20 14:01 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls

2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe

2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe

2014-02-18 14:10 - 2014-02-18 14:12 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-02-17 22:11 - 2014-02-24 08:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player

2014-02-17 22:10 - 2014-02-27 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-17 22:10 - 2014-02-22 02:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe

2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-16 23:57 - 2014-02-16 23:58 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 21:22 - 2014-02-14 21:27 - 00000000 ____D () C:\AdwCleaner

2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe

2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe

2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe

2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe

2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe

2014-02-12 04:36 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 04:36 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-12 04:26 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 04:26 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-12 04:26 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-12 04:26 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-12 04:26 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 04:26 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-12 04:26 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-12 04:26 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 04:26 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-12 04:26 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-12 04:26 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-12 04:26 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-12 04:26 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-12 04:26 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-12 04:26 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 04:26 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-12 04:26 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-12 04:26 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-12 04:26 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-12 04:26 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-12 04:26 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-12 04:25 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 04:25 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 04:25 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-12 04:25 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-12 04:25 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-12 04:25 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 04:25 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-12 04:25 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-12 04:25 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 04:25 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 04:25 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-12 04:25 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-12 04:25 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 04:25 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-12 04:25 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-12 04:25 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-12 04:25 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-12 04:24 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-11 16:38 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-11 16:38 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-11 16:38 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-11 16:38 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-11 16:38 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-11 16:38 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-11 16:37 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-11 16:37 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-11 16:37 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-11 16:37 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-11 16:37 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-11 16:37 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-11 16:37 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-11 16:37 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-11 16:37 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-11 16:36 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-11 16:36 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-11 16:36 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-11 16:36 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk

2014-02-11 00:48 - 2013-12-17 15:06 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll

2014-02-11 00:48 - 2013-12-17 15:06 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll

2014-02-11 00:34 - 2014-02-11 00:47 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-10 23:49 - 2012-12-13 11:47 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll

2014-02-10 23:49 - 2012-12-13 11:47 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll

2014-02-10 23:48 - 2014-02-16 20:50 - 00000000 ____D () C:\Program Files (x86)\Nitro

2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro

2014-02-09 08:58 - 2014-02-09 08:59 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp

2014-02-09 08:58 - 2014-02-09 08:59 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp

2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe

2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff

2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2

2014-01-31 20:18 - 2014-01-31 20:21 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe

2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls

 

==================== One Month Modified Files and Folders =======

 

2014-02-27 08:01 - 2014-02-22 02:19 - 00000000 ____D () C:\FRST

2014-02-27 08:01 - 2014-02-22 02:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-02-27 07:47 - 2013-01-25 18:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-27 07:18 - 2014-02-17 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-27 05:51 - 2014-01-08 07:46 - 00000000 ____D () C:\Program Files (x86)\Sendori

2014-02-27 04:34 - 2013-01-23 15:07 - 01348598 _____ () C:\Windows\WindowsUpdate.log

2014-02-27 00:06 - 2013-07-22 08:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker

2014-02-26 17:47 - 2013-01-25 18:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-26 08:20 - 2013-04-05 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager

2014-02-24 08:37 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-24 08:37 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-24 08:30 - 2014-02-24 08:30 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (2).exe

2014-02-24 08:27 - 2014-02-23 16:18 - 00001504 _____ () C:\Windows\PFRO.log

2014-02-24 08:27 - 2014-02-20 22:46 - 00000728 _____ () C:\Windows\setupact.log

2014-02-24 08:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-24 08:23 - 2014-02-17 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\DIRECTV Player

2014-02-24 07:57 - 2014-02-24 07:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes

2014-02-24 07:56 - 2014-02-24 07:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-24 07:56 - 2014-02-24 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-24 07:56 - 2014-02-24 07:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-23 22:32 - 2013-12-28 23:14 - 00000000 ____D () C:\Users\Owner\Desktop\JumpDrive

2014-02-23 16:28 - 2013-03-05 22:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

2014-02-23 16:26 - 2013-01-25 19:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live

2014-02-23 16:17 - 2014-02-23 16:17 - 00000000 _____ () C:\Windows\SysWOW64\sho1720.tmp

2014-02-23 16:12 - 2014-02-23 10:58 - 00000000 ___SD () C:\ComboFix

2014-02-23 08:31 - 2014-02-23 08:31 - 00000000 _____ () C:\Windows\SysWOW64\sho7603.tmp

2014-02-23 08:24 - 2014-02-23 08:16 - 00000000 ____D () C:\Qoobox

2014-02-23 02:24 - 2013-04-04 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\eclipse

2014-02-22 23:54 - 2013-01-27 19:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin

2014-02-22 22:49 - 2014-02-22 22:49 - 00000000 ____D () C:\Windows\erdnt

2014-02-22 22:45 - 2014-02-22 22:44 - 05183886 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe

2014-02-22 02:19 - 2014-02-17 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-22 02:18 - 2014-02-22 01:18 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-22 02:18 - 2013-01-25 16:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-22 02:18 - 2013-01-25 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-21 12:16 - 2014-02-20 16:44 - 00678400 _____ () C:\Users\Owner\Downloads\HHC 02232014.xls

2014-02-21 11:07 - 2014-01-26 01:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CarbonPoker

2014-02-20 23:17 - 2014-02-20 23:17 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com

2014-02-20 23:14 - 2013-10-10 21:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox

2014-02-20 22:46 - 2014-02-20 22:46 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-20 21:56 - 2013-08-04 06:41 - 00000000 ____D () C:\Program Files (x86)\MacGo

2014-02-20 21:49 - 2014-02-20 21:49 - 00003230 _____ () C:\Windows\System32\Tasks\{322BCA0A-5556-41D2-9A87-641DEACED13F}

2014-02-20 21:34 - 2013-01-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Roxio

2014-02-20 21:30 - 2014-02-20 21:30 - 00108186 _____ () C:\Users\Owner\Documents\cc_20140220_213006.reg

2014-02-20 21:27 - 2013-03-05 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent

2014-02-20 21:27 - 2013-01-26 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite

2014-02-20 21:26 - 2013-01-23 15:03 - 00000000 ____D () C:\Windows\Panther

2014-02-20 21:25 - 2013-12-05 06:46 - 00000000 ____D () C:\Windows\Minidump

2014-02-20 21:23 - 2014-02-20 21:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-02-20 21:23 - 2014-02-20 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-20 21:23 - 2014-02-20 21:22 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-20 21:18 - 2014-02-20 21:17 - 04721920 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup410.exe

2014-02-20 16:25 - 2013-01-24 08:44 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-20 14:01 - 2014-02-20 14:00 - 00641536 _____ () C:\Users\Owner\Downloads\HHC 01262014.xls

2014-02-19 00:31 - 2013-05-28 19:41 - 00000092 _____ () C:\Users\Owner\Desktop\direct tv.txt

2014-02-18 20:30 - 2014-02-18 20:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-18 20:15 - 2014-02-18 20:15 - 00730008 _____ (Reimage®) C:\Users\Owner\Downloads\ReimageRepair.exe

2014-02-18 18:47 - 2014-02-18 18:47 - 01276304 _____ () C:\Users\Owner\Downloads\MalAware.exe

2014-02-18 14:12 - 2014-02-18 14:10 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

2014-02-18 11:12 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-17 22:07 - 2014-02-17 22:07 - 15382504 _____ (DIRECTV) C:\Users\Owner\Downloads\DIRECTV_Player_9.2.exe

2014-02-16 23:59 - 2014-02-16 23:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-16 23:58 - 2014-02-16 23:57 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2014-02-16 21:34 - 2014-01-20 19:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven

2014-02-16 20:50 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files (x86)\Nitro

2014-02-16 04:12 - 2013-07-27 02:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-16 03:01 - 2013-01-24 14:32 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-14 21:42 - 2014-02-14 21:42 - 00000000 ____D () C:\Windows\ERUNT

2014-02-14 21:27 - 2014-02-14 21:22 - 00000000 ____D () C:\AdwCleaner

2014-02-14 18:12 - 2013-10-10 21:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar

2014-02-14 15:48 - 2014-02-14 15:48 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-9402.exe

2014-02-14 07:37 - 2014-02-14 07:37 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64-11466.exe

2014-02-14 06:25 - 2014-02-14 06:25 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe

2014-02-14 06:20 - 2013-03-10 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-02-14 06:20 - 2013-03-10 10:40 - 00000000 ____D () C:\ProgramData\Skype

2014-02-14 06:07 - 2014-02-14 06:07 - 01037530 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe

2014-02-14 06:06 - 2014-02-14 06:06 - 01166132 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-02-14 06:05 - 2014-02-14 06:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe

2014-02-12 22:17 - 2013-01-26 19:42 - 00000000 ____D () C:\Program Files (x86)\ImgBurn

2014-02-12 12:25 - 2013-01-26 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-12 08:37 - 2013-01-25 11:34 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-12 05:43 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini

2014-02-11 00:48 - 2014-02-11 00:48 - 00001962 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk

2014-02-11 00:47 - 2014-02-11 00:34 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-10 23:48 - 2014-02-10 23:48 - 00000000 ____D () C:\Program Files\Common Files\Nitro

2014-02-10 23:45 - 2014-01-25 22:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Downloaded Installations

2014-02-10 17:42 - 2013-01-25 18:10 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-10 17:42 - 2013-01-25 18:10 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-09 09:01 - 2013-01-25 18:10 - 00000000 ____D () C:\Program Files (x86)\Google

2014-02-09 08:59 - 2014-02-09 08:58 - 49940480 _____ () C:\Program Files (x86)\GUT720F.tmp

2014-02-09 08:59 - 2014-02-09 08:58 - 00000000 ____D () C:\Program Files (x86)\GUM720E.tmp

2014-02-09 08:57 - 2014-02-09 08:57 - 00847320 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe

2014-02-08 22:58 - 2013-04-05 19:47 - 00000000 ____D () C:\Users\postgres

2014-02-08 08:24 - 2013-01-27 19:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Newsbin

2014-02-08 08:22 - 2013-11-17 21:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff

2014-02-07 23:26 - 2013-05-17 05:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc

2014-02-06 07:16 - 2014-02-12 04:25 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 06:30 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 06:30 - 2014-02-12 04:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 06:12 - 2014-02-12 04:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 06:07 - 2014-02-12 04:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 06:06 - 2014-02-12 04:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 05:57 - 2014-02-12 04:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 05:56 - 2014-02-12 04:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 05:52 - 2014-02-12 04:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 05:49 - 2014-02-12 04:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 05:48 - 2014-02-12 04:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 05:48 - 2014-02-12 04:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 05:38 - 2014-02-12 04:25 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 05:32 - 2014-02-12 04:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 05:20 - 2014-02-12 04:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 05:17 - 2014-02-12 04:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 05:11 - 2014-02-12 04:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 05:01 - 2014-02-12 04:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 05:00 - 2014-02-12 04:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-12 04:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 04:57 - 2014-02-12 04:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 04:52 - 2014-02-12 04:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 04:52 - 2014-02-12 04:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 04:50 - 2014-02-12 04:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 04:49 - 2014-02-12 04:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 04:47 - 2014-02-12 04:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 04:46 - 2014-02-12 04:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 04:25 - 2014-02-12 04:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 04:25 - 2014-02-12 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 04:24 - 2014-02-12 04:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 04:22 - 2014-02-12 04:25 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 04:13 - 2014-02-12 04:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 04:09 - 2014-02-12 04:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 04:03 - 2014-02-12 04:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 03:55 - 2014-02-12 04:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 03:41 - 2014-02-12 04:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 03:40 - 2014-02-12 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 03:36 - 2014-02-12 04:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 03:34 - 2014-02-12 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-05 19:32 - 2014-02-05 19:32 - 00070894 _____ () C:\Users\Owner\Downloads\laurels-havenlogin.tiff

2014-02-02 23:35 - 2013-12-30 09:55 - 00014831 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx

2014-02-01 06:46 - 2013-05-06 19:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}

2014-01-31 22:43 - 2013-04-05 19:31 - 00000000 ____D () C:\Program Files (x86)\PSQLINSTALL

2014-01-31 22:22 - 2014-01-31 22:22 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2

2014-01-31 22:22 - 2014-01-26 22:57 - 00018342 _____ () C:\Users\Owner\Downloads\install.log

2014-01-31 20:21 - 2014-01-31 20:18 - 95607269 _____ () C:\Users\Owner\Downloads\7990_HoldemManager2Setup (1).exe

2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-01-31 06:54 - 2014-01-27 00:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-01-29 07:46 - 2014-01-29 07:46 - 00054272 _____ () C:\Users\Owner\Downloads\BU46039 EE list 1.28.14_NURSING.xls

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\javasysmo3634381667808746113.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4266221005749720531.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4831007757989375678.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-19 05:45

 

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users