Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torrents opening randomly; MBAM finds "Malware-Gen"


  • This topic is locked This topic is locked
25 replies to this topic

#1 Malickfan86

Malickfan86

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 27 February 2014 - 12:50 AM

I've been having this problem for over a month now but it died down for several weeks and now it looks like it's back.

 

When I'm using my computer I get random pop-ups of my uTorrent client with a downloaded torrent file. Luckily I have it set to "prompt" and I have enough common sense to not download any of them. Two days ago I was asked to download NASCAR and Rambo. Since then I have seen other torrents with a letter and numbers, like s15. Recently I got one called Strider. They show up as sequenced RAR files in the client.

 

Anyway, a Windows Defender scan found nothing. MBAM found "Malware-Gen" on an executable in C:\Users\[NAME]\AppData\Local\Temp. I've quarantined and restarted but it comes back. The same folder contains the torrent files (meaning, for those that are unfamiliar with this method of downloading, just the link to the content and not the actual content). These small files of roughly 10-50KB are not infected.

 

I worried that I may have a rootkit so I ran MBAR with Windows Defender disabled and my internet off. It found nothing. That's good news, I guess. I just ran another MBAM scan and it found nothing as well. The problem seems to have subsided since the last torrent opened six hours ago but nothing has changed so chances are it's still active.

 

There is another suspicious file in this same folder. It is called sysXboot6931420083826696576.jar and it cannot be deleted.

 

I am running Windows 8.1 Pro. Let me know if you need more information on hardware or software.

 

If anyone can help me get rid of this, I would appreciate it. I can't find anything similar on Google.


Edited by Malickfan86, 27 February 2014 - 12:53 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 AM

Posted 27 February 2014 - 04:30 AM





Hello Malickfan86,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 27 February 2014 - 12:02 PM

Hi Gringo,

 

Thanks for assisting me.

 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by [Name] (administrator) on [Name]-PC on 27-02-2014 11:54:56
Running from C:\Users\[Name]\Desktop
Windows 8.1 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Incendo Technology) C:\Program Files (x86)\Vectir\Vectir.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dropbox, Inc.) C:\Users\[Name]\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\WINDOWS\syswow64\wwahost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7763256 2013-03-06] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2233080 2013-01-11] ()
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-10-23] (Microsoft Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Vectir] - C:\Program Files (x86)\Vectir\Vectir.exe [1792512 2013-11-21] (Incendo Technology)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [sysXboot] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\[Name]\AppData\Local\Temp\sysXboot6931420083826696576.jar" <===== ATTENTION
Startup: C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\[Name]\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 10 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://news.bbc.co.uk/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\[Name]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKCU: hp.com/HPDetect - C:\Users\[Name]\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\hulu.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\itunes.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\linkedin.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\LiveSearch.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\netflixcom.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\youtube.xml
FF Extension: Canadian English Dictionary - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\en-CA@dictionaries.addons.mozilla.org [2013-11-21]
FF Extension: Fast Dial - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\fastdial@telega.phpnet.us [2014-01-18]
FF Extension: Pocket - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\isreaditlater@ideashower.com [2013-07-01]
FF Extension: Forecastfox - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-05-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-06]
FF Extension: AddThis - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-15]
FF Extension: HP Detect - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-09]
FF Extension: Add to Amazon Wish List Button - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\amznUWL2@amazon.com.xpi [2014-01-16]
FF Extension: Autofill Forms - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\autofillForms@blueimp.net.xpi [2013-05-15]
FF Extension: InvisibleHand - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-05-15]
FF Extension: feedly - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\feedly@devhd.xpi [2014-01-19]
FF Extension: FireGestures - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\firegestures@xuldev.org.xpi [2013-05-15]
FF Extension: FoxyScrobbler - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-02-07]
FF Extension: Locationbar&#178; - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\locationbar2@design-noir.de.xpi [2013-05-15]
FF Extension: Personas Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\personas@christopher.beard.xpi [2013-05-15]
FF Extension: FlashGot - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-15]
FF Extension: StumbleUpon - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-05-15]
FF Extension: Adblock Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]
FF Extension: Tab Mix Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-15]
FF Extension: Greasemonkey - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-16]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-10-23] (Microsoft Corp.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
S4 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8480256 2013-01-10] (SMSC)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-01-14] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-01-14] (SMSC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-19] (Acronis International GmbH)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-02-27] ()
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 11:54 - 2014-02-27 11:55 - 00035333 _____ () C:\Users\[Name]\Desktop\FRST.txt
2014-02-27 11:50 - 2014-02-27 11:54 - 00000000 ____D () C:\FRST
2014-02-27 11:49 - 2014-02-27 11:50 - 02155520 _____ (Farbar) C:\Users\[Name]\Desktop\FRST64.exe
2014-02-27 11:25 - 2014-02-27 11:25 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-27 01:45 - 2014-02-27 02:01 - 00001316 _____ () C:\WINDOWS\PFRO.log
2014-02-26 19:02 - 2014-02-26 19:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\[Name]\Downloads\mbar-1.07.0.1009.exe
2014-02-26 19:02 - 2014-02-26 19:02 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-25 01:49 - 2014-02-27 11:54 - 00712309 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-24 03:09 - 2014-02-24 03:10 - 59904000 _____ () C:\Users\[Name]\Downloads\calibre-64bit-1.25.0.msi
2014-02-24 02:19 - 2014-02-24 02:19 - 00003584 _____ () C:\Users\Mcx1-[Name]-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 01:55 - 2014-02-24 01:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2014-02-24 00:58 - 2014-02-24 00:58 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\VirtualStore
2014-02-24 00:44 - 2014-02-24 00:44 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Hewlett-Packard
2014-02-24 00:41 - 2014-02-24 00:41 - 00000020 ___SH () C:\Users\Mcx1-[Name]-PC\ntuser.ini
2014-02-24 00:40 - 2014-02-24 00:41 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC
2014-02-24 00:40 - 2013-10-19 16:14 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\Documents\hp.system.package.metadata
2014-02-24 00:40 - 2013-10-19 16:13 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Macromedia
2014-02-24 00:40 - 2013-10-19 16:13 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Microsoft Help
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-24 00:18 - 2014-02-24 03:14 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Media Player Classic
2014-02-24 00:18 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\MPC-HC
2014-02-24 00:17 - 2014-02-24 00:17 - 11380512 _____ (MPC-HC Team ) C:\Users\[Name]\Downloads\MPC-HC.1.7.3.x64.exe
2014-02-12 18:44 - 2014-02-12 18:44 - 00017806 _____ () C:\Users\[Name]\Downloads\W8_Flag_OAKside.zip
2014-02-12 18:21 - 2014-01-07 20:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-12 18:21 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-12 18:21 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-12 18:21 - 2014-01-04 10:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-12 18:21 - 2014-01-04 10:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-12 18:21 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-12 18:21 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-12 18:21 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-12 18:21 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-12 18:21 - 2014-01-02 18:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-12 18:21 - 2014-01-02 18:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-12 18:21 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-12 18:21 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-12 18:21 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-12 18:21 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-12 18:21 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-12 18:21 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-12 18:21 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-12 18:21 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-12 18:21 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-12 18:21 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-12 18:21 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-12 18:21 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-12 18:21 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-12 18:21 - 2013-12-27 05:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-12 18:21 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-12 18:21 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-12 18:21 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-12 18:21 - 2013-12-27 03:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-12 18:21 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-12 18:21 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-12 18:21 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-12 18:21 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-12 18:21 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-12 18:21 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-12 18:21 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-12 18:21 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-12 18:21 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-12 18:21 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-12 18:21 - 2013-12-09 03:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-12 18:21 - 2013-12-08 23:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-12 18:21 - 2013-12-08 22:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-12 17:47 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 17:47 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 17:47 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 17:47 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 17:47 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 17:47 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 17:47 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 17:47 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 17:47 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 17:47 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 17:47 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 17:47 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 17:47 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 17:47 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 17:47 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 17:47 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 17:47 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 17:47 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 17:47 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 17:47 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 17:47 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 17:47 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 17:47 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 17:47 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 17:47 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 17:47 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 17:47 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 17:47 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 17:47 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 17:47 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 17:47 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 17:47 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 17:47 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 17:47 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 17:47 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 17:47 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 17:47 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 17:47 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 17:47 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 17:47 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 17:47 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 17:47 - 2014-01-04 09:03 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 17:47 - 2014-01-04 08:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 17:47 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 17:47 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 17:47 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 17:47 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 17:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 17:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 17:46 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 17:46 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 17:46 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 17:46 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 17:46 - 2014-01-02 18:54 - 00063488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-02-12 17:46 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 17:46 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 17:46 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 17:46 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 17:46 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 17:46 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 17:46 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 17:46 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 17:46 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 17:46 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-10 20:03 - 2014-02-10 20:11 - 25035644 _____ () C:\Users\[Name]\Downloads\vlc-2.1.3-win64.exe
2014-02-10 19:57 - 2014-02-10 19:58 - 22196888 _____ (CBS Interactive) C:\Users\[Name]\Downloads\DownloadApp_1_6_2_150_Setup.exe
2014-02-10 03:44 - 2014-02-10 03:44 - 00038744 _____ () C:\WINDOWS\SysWOW64\DiscHandler.exe
2014-02-03 20:42 - 2014-02-03 20:43 - 00000000 ____D () C:\Program Files (x86)\GOG Games
2014-02-03 20:37 - 2014-02-03 20:41 - 19097592 ____R ( ) C:\Users\[Name]\Downloads\patch_hotline_miami_2.0.1.5.exe
2014-02-03 20:37 - 2014-02-03 20:41 - 181814760 ____R (GOG.com ) C:\Users\[Name]\Downloads\setup_hotline_miami_2.0.0.4.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-01-28 21:00 - 2014-01-28 21:00 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\HewlettPackard

==================== One Month Modified Files and Folders =======

2014-02-27 11:55 - 2014-02-27 11:54 - 00035333 _____ () C:\Users\[Name]\Desktop\FRST.txt
2014-02-27 11:55 - 2013-05-15 23:37 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Dropbox
2014-02-27 11:54 - 2014-02-27 11:50 - 00000000 ____D () C:\FRST
2014-02-27 11:54 - 2014-02-25 01:49 - 00712309 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-27 11:50 - 2014-02-27 11:49 - 02155520 _____ (Farbar) C:\Users\[Name]\Desktop\FRST64.exe
2014-02-27 11:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-27 11:30 - 2013-05-13 04:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1170371211-3377574443-1108615615-1003
2014-02-27 11:29 - 2013-10-20 06:38 - 00000000 __RDO () C:\Users\[Name]\SkyDrive
2014-02-27 11:27 - 2013-05-12 22:20 - 00000000 ___RD () C:\Users\[Name]\Documents\My Dropbox
2014-02-27 11:26 - 2013-07-01 00:40 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 11:25 - 2014-02-27 11:25 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-27 11:25 - 2014-01-09 00:03 - 00002888 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-02-27 11:25 - 2013-05-24 18:11 - 00000278 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-02-27 11:25 - 2012-11-21 10:55 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-02-27 11:24 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-27 02:01 - 2014-02-27 01:45 - 00001316 _____ () C:\WINDOWS\PFRO.log
2014-02-27 02:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-27 01:46 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-27 01:43 - 2013-05-13 12:02 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\uTorrent
2014-02-27 01:05 - 2013-07-01 00:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 23:42 - 2013-09-09 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 19:02 - 2014-02-26 19:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\[Name]\Downloads\mbar-1.07.0.1009.exe
2014-02-26 19:02 - 2014-02-26 19:02 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-26 18:52 - 2013-05-13 00:54 - 05185084 _____ (Swearware) C:\Users\[Name]\Downloads\ComboFix.exe
2014-02-25 23:59 - 2013-11-12 15:00 - 00003148 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor[Name]
2014-02-25 23:59 - 2013-11-12 15:00 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor[Name].job
2014-02-25 22:57 - 2012-05-13 22:21 - 00175616 ___SH () C:\Users\[Name]\Documents\Thumbs.db
2014-02-25 19:47 - 2013-05-24 21:23 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Hoyle Puzzle and Board Games
2014-02-25 19:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-25 17:26 - 2013-05-13 04:45 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Adobe
2014-02-24 20:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-24 17:33 - 2013-05-12 22:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-02-24 17:33 - 2013-05-12 22:21 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-24 03:14 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Media Player Classic
2014-02-24 03:11 - 2013-05-15 23:24 - 00000000 ____D () C:\Program Files\Calibre2
2014-02-24 03:10 - 2014-02-24 03:09 - 59904000 _____ () C:\Users\[Name]\Downloads\calibre-64bit-1.25.0.msi
2014-02-24 03:03 - 2013-08-21 10:27 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\vlc
2014-02-24 02:19 - 2014-02-24 02:19 - 00003584 _____ () C:\Users\Mcx1-[Name]-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 02:02 - 2013-05-15 23:28 - 00000000 ____D () C:\ProgramData\MediaBrowser
2014-02-24 01:56 - 2014-02-24 01:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2014-02-24 01:21 - 2013-05-16 19:51 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\DivX
2014-02-24 00:58 - 2014-02-24 00:58 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\VirtualStore
2014-02-24 00:44 - 2014-02-24 00:44 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Hewlett-Packard
2014-02-24 00:41 - 2014-02-24 00:41 - 00000020 ___SH () C:\Users\Mcx1-[Name]-PC\ntuser.ini
2014-02-24 00:41 - 2014-02-24 00:40 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC
2014-02-24 00:18 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\MPC-HC
2014-02-24 00:18 - 2013-05-15 23:27 - 00000000 ____D () C:\Program Files\MPC-HC
2014-02-24 00:17 - 2014-02-24 00:17 - 11380512 _____ (MPC-HC Team ) C:\Users\[Name]\Downloads\MPC-HC.1.7.3.x64.exe
2014-02-24 00:10 - 2013-05-16 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-24 00:10 - 2013-05-16 11:56 - 00000000 ____D () C:\ProgramData\DivX
2014-02-24 00:09 - 2013-05-16 12:00 - 00000000 ____D () C:\Program Files\DivX
2014-02-24 00:07 - 2013-05-16 11:57 - 00000000 _____ () C:\END
2014-02-23 22:51 - 2013-10-19 17:44 - 00000790 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 00:18 - 2013-05-15 23:15 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Last.fm
2014-02-19 20:00 - 2013-07-01 00:40 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 20:00 - 2013-07-01 00:40 - 00003642 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 17:48 - 2013-05-15 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 16:00 - 2013-11-12 16:59 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 16:00 - 2013-11-12 16:59 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 21:43 - 2013-05-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 22:49 - 2013-05-18 04:46 - 00585216 ___SH () C:\Users\[Name]\Desktop\Thumbs.db
2014-02-13 22:49 - 2013-05-18 04:46 - 00000132 _____ () C:\Users\[Name]\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-12 18:44 - 2014-02-12 18:44 - 00017806 _____ () C:\Users\[Name]\Downloads\W8_Flag_OAKside.zip
2014-02-12 18:38 - 2013-05-13 04:45 - 00000000 ___RD () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-12 18:38 - 2013-05-13 04:45 - 00000000 ___RD () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-12 18:36 - 2013-08-22 09:44 - 06066168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-12 17:53 - 2013-05-16 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 17:51 - 2012-07-26 00:26 - 00000167 _____ () C:\WINDOWS\win.ini
2014-02-12 17:50 - 2013-07-15 10:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 17:47 - 2013-04-23 22:31 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-10 20:11 - 2014-02-10 20:03 - 25035644 _____ () C:\Users\[Name]\Downloads\vlc-2.1.3-win64.exe
2014-02-10 19:58 - 2014-02-10 19:57 - 22196888 _____ (CBS Interactive) C:\Users\[Name]\Downloads\DownloadApp_1_6_2_150_Setup.exe
2014-02-10 03:44 - 2014-02-10 03:44 - 00038744 _____ () C:\WINDOWS\SysWOW64\DiscHandler.exe
2014-02-06 07:16 - 2014-02-12 17:47 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 17:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 17:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 17:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 17:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 17:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 17:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 17:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 05:49 - 2014-02-12 17:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 17:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 17:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 17:47 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 17:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 17:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 17:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 17:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 17:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 17:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 17:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 17:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 17:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 17:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 17:47 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 04:47 - 2014-02-12 17:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 17:47 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 17:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 17:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 17:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 17:47 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 17:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 17:47 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 17:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 17:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 17:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 17:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 17:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 17:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-03 20:43 - 2014-02-03 20:42 - 00000000 ____D () C:\Program Files (x86)\GOG Games
2014-02-03 20:41 - 2014-02-03 20:37 - 19097592 ____R ( ) C:\Users\[Name]\Downloads\patch_hotline_miami_2.0.1.5.exe
2014-02-03 20:41 - 2014-02-03 20:37 - 181814760 ____R (GOG.com ) C:\Users\[Name]\Downloads\setup_hotline_miami_2.0.0.4.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-02-02 19:49 - 2013-09-29 23:15 - 00381790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-02 19:23 - 2013-05-16 00:28 - 00000000 ____D () C:\Users\[Name]\AppData\Local\DVD Profiler
2014-02-02 19:23 - 2013-05-12 22:20 - 00000000 ____D () C:\Users\[Name]\Documents\DVD Profiler
2014-01-31 18:54 - 2013-05-13 04:44 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Packages
2014-01-28 21:00 - 2014-01-28 21:00 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\HewlettPackard

Some content of TEMP:
====================
C:\Users\[Name]\AppData\Local\Temp\-832095829.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-27 11:28

==================== End Of Log ============================

 

Here are the contents of Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by [Name] at 2014-02-27 11:55:40
Running from C:\Users\[Name]\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.01 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\{04840A3B-858C-46A5-8BBD-FFDB4C111FEB}) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.340.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{52E45FA3-B1CE-4852-8E93-774BB3F4D468}) (Version: 1.25.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Core Graphics Software (Version: 5.1.55.8876 - SMSC) Hidden
Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
CPUID CPU-Z 1.67 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CueCard (remove only) (HKLM-x32\...\CueCard) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Download App (HKCU\...\Download App) (Version: 1.6.2 - CBS Interactive)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.7 - Dropbox, Inc.)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version:  - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
eyeQ (HKLM-x32\...\{B33CD700-6738-11D4-87FE-0080C6F974A2}) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\Hoyle Puzzle and Board Games 20121.0) (Version: 1.0 - Foxy Games)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 1.2.17 - HP)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{77CC64F2-74CE-47D7-A4B0-5AEBA688FC69}) (Version: 3.0.5 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.0000.0480 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{702b0b5f-bcbb-44fc-b613-e96f2a3006ed}) (Version: 16.1.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.0000.0213 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Browser (HKLM-x32\...\{249A8819-3335-4650-9B59-3724997ECA86}) (Version: 2.6.2.0 - Media Browser)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
meta<browser/> 2.3.11 (HKLM-x32\...\{0D54797B-E54B-42D7-86B2-B8474DA19E98}) (Version: 2.3.11 - meta<browser/>)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{E7E058CF-4638-49D4-936D-AC6DAE3B002E}) (Version: 1.1.1 - Hewlett-Packard)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.1.0.7 - GOG.com)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{90CB06AF-364A-4906-AF91-51E540EE8792}) (Version: 0.9.728 - Plex, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden
Roxio Central (x32 Version: 7.0.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator NXT Pro (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
Roxio Creator NXT Pro (x32 Version: 1.4.184 - Roxio) Hidden
Roxio Secure Burn (x32 Version: 2.0 - Roxio) Hidden
Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden
Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 5.1.55.8876 - SMSC)
SMSC LAN9500 Device Driver (HKLM\...\{A74B7E5F-C221-4303-AC85-39A5AFBDABDD}) (Version: 12.12.06.0 - SMSC)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.31 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
True Image 2013 (HKLM-x32\...\{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Plus Pack (HKLM-x32\...\{516200E0-2043-4603-B9E7-CD87B71B6DF4}) (Version: 16.0.5551 - Acronis)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vectir 3.2.1.0 (HKLM-x32\...\Vectir_is1) (Version:  - Incendo Technology)
ViewSpan (HKLM\...\{33F3FCBA-4CC5-4A5B-A6DB-53478463D991}) (Version: 2.8.3.0 - SMSC)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

11-02-2014 01:18:12 Scheduled Checkpoint
12-02-2014 23:32:15 Windows Modules Installer
21-02-2014 01:07:30 Scheduled Checkpoint
24-02-2014 06:42:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2014-01-17

==================== Hosts content: ==========================

2013-05-16 18:32 - 2011-01-27 14:00 - 00001211 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B88FCFD-F721-46EA-A58A-893756257F7A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {1C67AE10-F43D-4258-8F2E-ED7C5E8C61F8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1170371211-3377574443-1108615615-1003
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {274B5CDA-47F3-4D15-9B43-123E29B5CF1F} - System32\Tasks\HPCeeScheduleFor[Name] => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {29291AD9-7647-4A27-A7DE-B033D04A3D2B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3B7CE8BF-6C62-43F1-8686-2D73ABBA29A2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {416AC166-4B2A-4050-AD75-989B6C5F292D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-12] (Microsoft Corporation)
Task: {45909CD4-6FAD-488F-8E52-58ACECC2E471} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {61881D86-A47D-42B7-9720-3DA1741E66E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {6A32FB0E-640F-47BE-8002-5D879669CD4F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9EB733B0-BA6A-4A74-9071-64A7C4C07D02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A39FC2EC-2210-41D1-86D0-6BDE2AE0DF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A5A2FF90-7E6C-417F-A27E-49093648676A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2013-05-24] ()
Task: {C4DEFFFC-5065-4942-86A1-6848AED4A49A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D018EE03-BE9F-4DF0-93F6-C341E435F136} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-[Name]-PC => C:\Windows\ehome\McxTask.exe [2013-09-29] (Microsoft Corporation)
Task: {D0E959F8-811D-4A48-9F28-52C02CED3DE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D6ADE6DB-C2C4-4243-9655-2A0077813A36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EFEDC91A-6BD4-43B5-8962-3A184308D970} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFor[Name].job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-06-20 14:48 - 2012-06-20 14:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-05 18:47 - 2012-07-05 18:47 - 00185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2012-07-24 13:43 - 2012-07-24 13:43 - 00146984 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-07-24 13:43 - 2012-07-24 13:43 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-05-24 19:40 - 2013-10-28 18:50 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-09-06 04:47 - 2012-09-06 04:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-06-07 04:16 - 2013-06-07 04:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-18 01:58 - 2012-09-18 01:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-07-05 18:47 - 2012-07-05 18:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
2013-06-07 04:16 - 2013-06-07 04:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2013-05-15 00:05 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-13 15:11 - 2007-01-24 00:54 - 00061440 _____ () C:\Program Files (x86)\Vectir\Plugins\Application\AxInterop.WMPLib.dll
2013-05-13 15:11 - 2013-05-22 08:53 - 00107520 _____ () C:\Program Files (x86)\Vectir\Plugins\Application\ID3Util.dll
2013-05-13 15:11 - 2009-02-11 02:56 - 00047104 _____ () C:\Program Files (x86)\Vectir\Plugins\System\VistaVolume.dll
2013-05-13 15:11 - 2009-02-11 02:51 - 00034304 _____ () C:\Program Files (x86)\Vectir\Plugins\System\IVistaVolume.dll
2013-05-13 15:11 - 2013-11-21 16:24 - 00177152 _____ () C:\Program Files (x86)\Vectir\Plugins\Hardware\NetworkLib.dll
2013-05-13 15:11 - 2010-11-01 05:25 - 00034304 _____ () C:\Program Files (x86)\Vectir\Plugins\Hardware\BSTest.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\[Name]\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-22 23:32 - 2012-08-22 23:32 - 01525120 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2012-08-22 23:42 - 2012-08-22 23:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-11-21 10:56 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-23 00:12 - 2012-08-23 00:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files (x86)\Vectir:{7A004600-3600-4100-3800-520058003400}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\[Name]\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2014 11:43:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:39:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:39:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:39:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:39:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2014 11:27:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: MMLoadDrvPXDiscrete.exe, version: 2.0.0.0, time stamp: 0x5058197a
Faulting module name: atiumdag.dll_unloaded, version: 9.14.10.924, time stamp: 0x5058161e
Exception code: 0xc0000005
Fault offset: 0x00052c60
Faulting process id: 0xf84
Faulting application start time: 0xMMLoadDrvPXDiscrete.exe0
Faulting application path: MMLoadDrvPXDiscrete.exe1
Faulting module path: MMLoadDrvPXDiscrete.exe2
Report Id: MMLoadDrvPXDiscrete.exe3
Faulting package full name: MMLoadDrvPXDiscrete.exe4
Faulting package-relative application ID: MMLoadDrvPXDiscrete.exe5

Error: (02/27/2014 11:26:02 AM) (Source: Windows Search Service) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.


System errors:
=============
Error: (02/27/2014 11:32:07 AM) (Source: Service Control Manager) (User: )
Description: The Acronis Sync Agent Service service hung on starting.

Error: (02/27/2014 11:30:02 AM) (Source: Service Control Manager) (User: )
Description: The Roxio Burn Launcher service hung on starting.

Error: (02/27/2014 11:25:48 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer FAMILY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3FE5B8F-58ED-41B0-BAF3-7569E9010A5D}.
The master browser is stopping or an election is being forced.

Error: (02/27/2014 11:24:18 AM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

Error: (02/27/2014 11:23:46 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2014 11:23:37 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2014 11:23:32 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2014 11:23:27 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2014 11:23:12 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2014 11:23:07 AM) (Source: DCOM) (User: [Name]-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (02/27/2014 11:43:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdFS.dll

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdCaps.dll

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdDefrag.dll

Error: (02/27/2014 11:43:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKEngine.dll

Error: (02/27/2014 11:39:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdFS.dll

Error: (02/27/2014 11:39:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdCaps.dll

Error: (02/27/2014 11:39:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKCmdDefrag.dll

Error: (02/27/2014 11:39:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\Adobe\adobe onlocation cs5.1\Setup\resources\libraries\ARKEngine.dll

Error: (02/27/2014 11:27:48 AM) (Source: Application Error)(User: )
Description: MMLoadDrvPXDiscrete.exe2.0.0.05058197aatiumdag.dll_unloaded9.14.10.9245058161ec000000500052c60f8401cf33d8d79026b4C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exeatiumdag.dll17cd76b8-9fcc-11e3-bef9-84a6c885c293

Error: (02/27/2014 11:26:02 AM) (Source: Windows Search Service)(User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0


CodeIntegrity Errors:
===================================
  Date: 2014-02-27 11:46:12.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:12.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.481
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 11:46:06.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8088.27 MB
Available physical RAM: 5825.43 MB
Total Pagefile: 9368.27 MB
Available Pagefile: 6979.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:901.31 GB) (Free:639.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:29.08 GB) (Free:3.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: AB60B972)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 AM

Posted 27 February 2014 - 04:01 PM



Hello Malickfan86

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 27 February 2014 - 04:30 PM

Hi Gringo,

 

Though the pop-ups haven't occurred in a few hours, the numbered executables are still present in the C:\Users\[Name]\AppData\Local\Temp folder so I have reason to believe that it's just a matter of time.

 

I also just received an error that Dropbox doesn't have the permissions to start so I will have to reinstall it. I don't know if this is related or not. It's easy enough to do on my own, I just wanted you to know.

 

Edit: Dropbox opened manually, it just didn't at start-up. I'll restart and if it fails again I'll reinstall as they specify online.

 

Here are the contents of AdwCleaner[S0].txt:

 

# AdwCleaner v3.020 - Report created 27/02/2014 at 16:10:09
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : [Name] - [Name]-PC
# Running from : C:\Users\[Name]\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\[Name]\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\[Name]\AppData\Roaming\Systweak
Folder Deleted : C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\FoxTab
[x] Not Deleted : C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\StumbleUpon
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[x] Not Deleted : C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\prefs.js ]

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R0].txt - [3423 octets] - [27/02/2014 16:07:54]
AdwCleaner[S0].txt - [3015 octets] - [27/02/2014 16:10:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3075 octets] ##########

 

Here are the contents of JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by [Name] on 2014-02-27 at 16:19:08.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{59799CB9-8EFC-4091-B4F4-5180DEEB883F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{59799CB9-8EFC-4091-B4F4-5180DEEB883F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
Successfully deleted: [Empty Folder] C:\Users\[Name]\appdata\local\{681D4B1A-63F0-4858-B4C2-28FA71BB4764}



~~~ FireFox

Successfully deleted: [File] C:\Users\[Name]\AppData\Roaming\mozilla\firefox\profiles\a424ksis.default\searchplugins\askcom.xml
Emptied folder: C:\Users\[Name]\AppData\Roaming\mozilla\firefox\profiles\a424ksis.default\minidumps [29 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-02-27 at 16:26:41.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by Malickfan86, 27 February 2014 - 05:07 PM.


#6 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 27 February 2014 - 04:34 PM

Sorry, I meant to also say that though the pop-ups haven't occurred in a few hours, the numbered executables are still present in the C:\Users\[Name]\AppData\Local\Temp folder so I have reason to believe that it's just a matter of time.

 

Edited my post above.


Edited by Malickfan86, 27 February 2014 - 04:45 PM.


#7 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 28 February 2014 - 12:47 AM

Dropbox now needs administrative rights just to open and therefore I can't start it with my computer. I don't know if this is related to the malware. Probably not. I've contacted their technical support and if they can't fix it I'll just switch to OneDrive. It's probably quite a bit more streamlined and offers more storage.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 AM

Posted 28 February 2014 - 07:34 AM


Hello Malickfan86

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 28 February 2014 - 11:05 AM

Hi Gringo,

I am on Windows 8.1 so unfortunately I'm unable to run Combofix. Please let me know what else I can do.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 AM

Posted 28 February 2014 - 11:33 AM

Rerun frst and let me know how things are doing


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 28 February 2014 - 03:39 PM

I haven't seen the torrent pop-ups for around 36 hours. I still think the malware is just dormant, though, since nothing has really changed. There are still a lot of suspicious files in the Temp folder.

 

I consulted http://www.bleepingcomputer.com/forums/t/503355/100-cpu-usage-i-think-theres-a-bitcoin-miner/, in particular posts 4 and 11, and they seem relevant. Correct me if I'm wrong, but this seems like a Java vulnerability. That suspicious file from my first post could not be deleted because it's part of a running process. I think if we can get rid of the sysXboot jar file and disengage it from the Java executable, then this will be fixed.

 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by [Name] (administrator) on [Name]-PC on 28-02-2014 15:36:35
Running from C:\Users\[Name]\Desktop
Windows 8.1 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Incendo Technology) C:\Program Files (x86)\Vectir\Vectir.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dropbox, Inc.) C:\Users\[Name]\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7763256 2013-03-06] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2233080 2013-01-11] ()
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-10-23] (Microsoft Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Vectir] - C:\Program Files (x86)\Vectir\Vectir.exe [1792512 2013-11-21] (Incendo Technology)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [sysXboot] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\[Name]\AppData\Local\Temp\sysXboot6931420083826696576.jar" <===== ATTENTION
Startup: C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\[Name]\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 10 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://news.bbc.co.uk/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\[Name]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKCU: hp.com/HPDetect - C:\Users\[Name]\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\hulu.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\itunes.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\linkedin.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\LiveSearch.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\netflixcom.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\youtube.xml
FF Extension: Canadian English Dictionary - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\en-CA@dictionaries.addons.mozilla.org [2013-11-21]
FF Extension: Fast Dial - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\fastdial@telega.phpnet.us [2014-01-18]
FF Extension: Pocket - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\isreaditlater@ideashower.com [2013-07-01]
FF Extension: Forecastfox - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-05-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-06]
FF Extension: AddThis - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-15]
FF Extension: HP Detect - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-09]
FF Extension: Add to Amazon Wish List Button - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\amznUWL2@amazon.com.xpi [2014-01-16]
FF Extension: Autofill Forms - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\autofillForms@blueimp.net.xpi [2013-05-15]
FF Extension: InvisibleHand - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-05-15]
FF Extension: feedly - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\feedly@devhd.xpi [2014-01-19]
FF Extension: FireGestures - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\firegestures@xuldev.org.xpi [2013-05-15]
FF Extension: FoxyScrobbler - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-02-07]
FF Extension: Locationbar&#178; - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\locationbar2@design-noir.de.xpi [2013-05-15]
FF Extension: Personas Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\personas@christopher.beard.xpi [2013-05-15]
FF Extension: FlashGot - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-15]
FF Extension: StumbleUpon - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-05-15]
FF Extension: Adblock Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]
FF Extension: Tab Mix Plus - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-15]
FF Extension: Greasemonkey - C:\Users\[Name]\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-16]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-10-23] (Microsoft Corp.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
S4 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8480256 2013-01-10] (SMSC)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-01-14] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-01-14] (SMSC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-19] (Acronis International GmbH)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-02-27] ()
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 15:05 - 2014-02-28 15:06 - 05185084 _____ (Swearware) C:\Users\[Name]\Desktop\[Name].exe
2014-02-27 21:23 - 2014-02-27 21:23 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-27 20:52 - 2014-02-27 20:52 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Systweak
2014-02-27 20:23 - 2014-02-27 21:27 - 00000000 ___RD () C:\Users\[Name]\Documents\Dropbox
2014-02-27 20:22 - 2014-02-27 20:26 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\DropboxMaster
2014-02-27 20:22 - 2014-02-27 20:22 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-27 20:19 - 2014-02-28 15:29 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Dropbox
2014-02-27 19:28 - 2014-02-27 19:28 - 36783432 _____ (Dropbox, Inc.) C:\Users\[Name]\Downloads\Dropbox 2.6.13.exe
2014-02-27 16:26 - 2014-02-27 16:30 - 00001452 _____ () C:\Users\[Name]\Desktop\JRT.txt
2014-02-27 16:19 - 2014-02-27 16:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-27 16:15 - 2014-02-27 16:29 - 00003194 _____ () C:\Users\[Name]\Desktop\AdwCleaner[S0].txt
2014-02-27 16:07 - 2014-02-27 16:10 - 00000000 ____D () C:\AdwCleaner
2014-02-27 16:06 - 2014-02-27 16:07 - 01037734 _____ (Thisisu) C:\Users\[Name]\Desktop\JRT.exe
2014-02-27 16:06 - 2014-02-27 16:06 - 01244192 _____ () C:\Users\[Name]\Desktop\AdwCleaner.exe
2014-02-27 11:55 - 2014-02-27 11:58 - 00057438 _____ () C:\Users\[Name]\Desktop\Addition.txt
2014-02-27 11:54 - 2014-02-28 15:36 - 00033555 _____ () C:\Users\[Name]\Desktop\FRST.txt
2014-02-27 11:50 - 2014-02-28 15:35 - 00000000 ____D () C:\FRST
2014-02-27 11:49 - 2014-02-27 11:50 - 02155520 _____ (Farbar) C:\Users\[Name]\Desktop\FRST64.exe
2014-02-27 01:45 - 2014-02-27 21:23 - 00008926 _____ () C:\WINDOWS\PFRO.log
2014-02-26 19:02 - 2014-02-26 19:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\[Name]\Downloads\mbar-1.07.0.1009.exe
2014-02-26 19:02 - 2014-02-26 19:02 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-25 01:49 - 2014-02-28 15:25 - 00920602 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-24 03:09 - 2014-02-24 03:10 - 59904000 _____ () C:\Users\[Name]\Downloads\calibre-64bit-1.25.0.msi
2014-02-24 02:19 - 2014-02-24 02:19 - 00003584 _____ () C:\Users\Mcx1-[Name]-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 01:55 - 2014-02-24 01:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2014-02-24 00:58 - 2014-02-24 00:58 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\VirtualStore
2014-02-24 00:44 - 2014-02-24 00:44 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Hewlett-Packard
2014-02-24 00:41 - 2014-02-24 00:41 - 00000020 ___SH () C:\Users\Mcx1-[Name]-PC\ntuser.ini
2014-02-24 00:40 - 2014-02-24 00:41 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC
2014-02-24 00:40 - 2013-10-19 16:14 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\Documents\hp.system.package.metadata
2014-02-24 00:40 - 2013-10-19 16:13 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Macromedia
2014-02-24 00:40 - 2013-10-19 16:13 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Microsoft Help
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-24 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-24 00:18 - 2014-02-24 03:14 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Media Player Classic
2014-02-24 00:18 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\MPC-HC
2014-02-24 00:17 - 2014-02-24 00:17 - 11380512 _____ (MPC-HC Team ) C:\Users\[Name]\Downloads\MPC-HC.1.7.3.x64.exe
2014-02-12 18:44 - 2014-02-12 18:44 - 00017806 _____ () C:\Users\[Name]\Downloads\W8_Flag_OAKside.zip
2014-02-12 18:21 - 2014-01-07 20:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-12 18:21 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-12 18:21 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-12 18:21 - 2014-01-04 10:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-12 18:21 - 2014-01-04 10:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-12 18:21 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-12 18:21 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-12 18:21 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-12 18:21 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-12 18:21 - 2014-01-02 18:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-12 18:21 - 2014-01-02 18:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-12 18:21 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-12 18:21 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-12 18:21 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-12 18:21 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-12 18:21 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-12 18:21 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-12 18:21 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-12 18:21 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-12 18:21 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-12 18:21 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-12 18:21 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-12 18:21 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-12 18:21 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-12 18:21 - 2013-12-27 05:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-12 18:21 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-12 18:21 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-12 18:21 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-12 18:21 - 2013-12-27 03:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-12 18:21 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-12 18:21 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-12 18:21 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-12 18:21 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-12 18:21 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-12 18:21 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-12 18:21 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-12 18:21 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-12 18:21 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-12 18:21 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-12 18:21 - 2013-12-09 03:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-12 18:21 - 2013-12-08 23:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-12 18:21 - 2013-12-08 22:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-12 17:47 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 17:47 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 17:47 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 17:47 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 17:47 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 17:47 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 17:47 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 17:47 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 17:47 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 17:47 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 17:47 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 17:47 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 17:47 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 17:47 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 17:47 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 17:47 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 17:47 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 17:47 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 17:47 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 17:47 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 17:47 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 17:47 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 17:47 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 17:47 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 17:47 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 17:47 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 17:47 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 17:47 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 17:47 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 17:47 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 17:47 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 17:47 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 17:47 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 17:47 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 17:47 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 17:47 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 17:47 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 17:47 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 17:47 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 17:47 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 17:47 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 17:47 - 2014-01-04 09:03 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 17:47 - 2014-01-04 08:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 17:47 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 17:47 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 17:47 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 17:47 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 17:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 17:47 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 17:46 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 17:46 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 17:46 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 17:46 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 17:46 - 2014-01-02 18:54 - 00063488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-02-12 17:46 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 17:46 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 17:46 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 17:46 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 17:46 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 17:46 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 17:46 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 17:46 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 17:46 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 17:46 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-10 20:03 - 2014-02-10 20:11 - 25035644 _____ () C:\Users\[Name]\Downloads\vlc-2.1.3-win64.exe
2014-02-10 19:57 - 2014-02-10 19:58 - 22196888 _____ (CBS Interactive) C:\Users\[Name]\Downloads\DownloadApp_1_6_2_150_Setup.exe
2014-02-10 03:44 - 2014-02-10 03:44 - 00038744 _____ () C:\WINDOWS\SysWOW64\DiscHandler.exe
2014-02-03 20:42 - 2014-02-03 20:43 - 00000000 ____D () C:\Program Files (x86)\GOG Games
2014-02-03 20:37 - 2014-02-03 20:41 - 19097592 ____R ( ) C:\Users\[Name]\Downloads\patch_hotline_miami_2.0.1.5.exe
2014-02-03 20:37 - 2014-02-03 20:41 - 181814760 ____R (GOG.com ) C:\Users\[Name]\Downloads\setup_hotline_miami_2.0.0.4.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

==================== One Month Modified Files and Folders =======

2014-02-28 15:36 - 2014-02-27 11:54 - 00033555 _____ () C:\Users\[Name]\Desktop\FRST.txt
2014-02-28 15:36 - 2014-02-27 11:50 - 00000000 ____D () C:\FRST
2014-02-28 15:29 - 2014-02-27 20:19 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Dropbox
2014-02-28 15:27 - 2013-05-18 04:46 - 00000132 _____ () C:\Users\[Name]\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-28 15:25 - 2014-02-25 01:49 - 00920602 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 15:15 - 2013-05-13 04:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1170371211-3377574443-1108615615-1003
2014-02-28 15:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-28 15:06 - 2014-02-28 15:05 - 05185084 _____ (Swearware) C:\Users\[Name]\Desktop\[Name].exe
2014-02-28 15:05 - 2013-07-01 00:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-27 21:27 - 2014-02-27 20:23 - 00000000 ___RD () C:\Users\[Name]\Documents\Dropbox
2014-02-27 21:26 - 2013-10-20 06:38 - 00000000 __RDO () C:\Users\[Name]\SkyDrive
2014-02-27 21:24 - 2014-01-09 00:03 - 00002888 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-02-27 21:24 - 2013-07-01 00:40 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 21:24 - 2013-05-24 18:11 - 00000278 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-02-27 21:23 - 2014-02-27 21:23 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-27 21:23 - 2014-02-27 01:45 - 00008926 _____ () C:\WINDOWS\PFRO.log
2014-02-27 21:23 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-27 21:23 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-27 21:23 - 2012-11-21 10:55 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-02-27 20:52 - 2014-02-27 20:52 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Systweak
2014-02-27 20:48 - 2013-05-15 23:28 - 00000000 ____D () C:\ProgramData\MediaBrowser
2014-02-27 20:30 - 2012-05-13 22:21 - 00175616 ___SH () C:\Users\[Name]\Documents\Thumbs.db
2014-02-27 20:26 - 2014-02-27 20:22 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\DropboxMaster
2014-02-27 20:22 - 2014-02-27 20:22 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-27 20:22 - 2013-05-13 04:45 - 00000000 ___RD () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 19:28 - 2014-02-27 19:28 - 36783432 _____ (Dropbox, Inc.) C:\Users\[Name]\Downloads\Dropbox 2.6.13.exe
2014-02-27 16:30 - 2014-02-27 16:26 - 00001452 _____ () C:\Users\[Name]\Desktop\JRT.txt
2014-02-27 16:29 - 2014-02-27 16:15 - 00003194 _____ () C:\Users\[Name]\Desktop\AdwCleaner[S0].txt
2014-02-27 16:19 - 2014-02-27 16:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-27 16:10 - 2014-02-27 16:07 - 00000000 ____D () C:\AdwCleaner
2014-02-27 16:07 - 2014-02-27 16:06 - 01037734 _____ (Thisisu) C:\Users\[Name]\Desktop\JRT.exe
2014-02-27 16:06 - 2014-02-27 16:06 - 01244192 _____ () C:\Users\[Name]\Desktop\AdwCleaner.exe
2014-02-27 12:42 - 2013-05-16 00:15 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Skype
2014-02-27 12:41 - 2013-05-16 00:15 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 12:40 - 2013-05-13 12:02 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\uTorrent
2014-02-27 12:39 - 2013-07-09 10:28 - 00000873 _____ () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-02-27 12:39 - 2013-05-18 04:37 - 00000893 _____ () C:\Users\[Name]\Desktop\µTorrent.lnk
2014-02-27 12:35 - 2013-11-23 13:34 - 01678496 _____ (Skype Technologies S.A.) C:\Users\[Name]\Downloads\SkypeSetup.exe
2014-02-27 12:35 - 2013-05-13 12:15 - 01852496 _____ (BitTorrent Inc.) C:\Users\[Name]\Downloads\uTorrent.exe
2014-02-27 11:58 - 2014-02-27 11:55 - 00057438 _____ () C:\Users\[Name]\Desktop\Addition.txt
2014-02-27 11:50 - 2014-02-27 11:49 - 02155520 _____ (Farbar) C:\Users\[Name]\Desktop\FRST64.exe
2014-02-26 23:42 - 2013-09-09 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 19:02 - 2014-02-26 19:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\[Name]\Downloads\mbar-1.07.0.1009.exe
2014-02-26 19:02 - 2014-02-26 19:02 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-26 18:52 - 2013-05-13 00:54 - 05185084 _____ (Swearware) C:\Users\[Name]\Downloads\ComboFix.exe
2014-02-25 23:59 - 2013-11-12 15:00 - 00003148 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor[Name]
2014-02-25 23:59 - 2013-11-12 15:00 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor[Name].job
2014-02-25 19:47 - 2013-05-24 21:23 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Hoyle Puzzle and Board Games
2014-02-25 19:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-25 17:26 - 2013-05-13 04:45 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Adobe
2014-02-24 20:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-24 17:33 - 2013-05-12 22:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-02-24 17:33 - 2013-05-12 22:21 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-24 03:14 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\Media Player Classic
2014-02-24 03:11 - 2013-05-15 23:24 - 00000000 ____D () C:\Program Files\Calibre2
2014-02-24 03:10 - 2014-02-24 03:09 - 59904000 _____ () C:\Users\[Name]\Downloads\calibre-64bit-1.25.0.msi
2014-02-24 03:03 - 2013-08-21 10:27 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\vlc
2014-02-24 02:19 - 2014-02-24 02:19 - 00003584 _____ () C:\Users\Mcx1-[Name]-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 01:56 - 2014-02-24 01:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2014-02-24 01:21 - 2013-05-16 19:51 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\DivX
2014-02-24 00:58 - 2014-02-24 00:58 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\VirtualStore
2014-02-24 00:44 - 2014-02-24 00:44 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC\AppData\Local\Hewlett-Packard
2014-02-24 00:41 - 2014-02-24 00:41 - 00000020 ___SH () C:\Users\Mcx1-[Name]-PC\ntuser.ini
2014-02-24 00:41 - 2014-02-24 00:40 - 00000000 ____D () C:\Users\Mcx1-[Name]-PC
2014-02-24 00:18 - 2014-02-24 00:18 - 00000000 ____D () C:\Users\[Name]\AppData\Roaming\MPC-HC
2014-02-24 00:18 - 2013-05-15 23:27 - 00000000 ____D () C:\Program Files\MPC-HC
2014-02-24 00:17 - 2014-02-24 00:17 - 11380512 _____ (MPC-HC Team ) C:\Users\[Name]\Downloads\MPC-HC.1.7.3.x64.exe
2014-02-24 00:10 - 2013-05-16 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-24 00:10 - 2013-05-16 11:56 - 00000000 ____D () C:\ProgramData\DivX
2014-02-24 00:09 - 2013-05-16 12:00 - 00000000 ____D () C:\Program Files\DivX
2014-02-23 22:51 - 2013-10-19 17:44 - 00000790 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 00:18 - 2013-05-15 23:15 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Last.fm
2014-02-19 20:00 - 2013-07-01 00:40 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 20:00 - 2013-07-01 00:40 - 00003642 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 17:48 - 2013-05-15 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 16:00 - 2013-11-12 16:59 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 16:00 - 2013-11-12 16:59 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 21:43 - 2013-05-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 22:49 - 2013-05-18 04:46 - 00585216 ___SH () C:\Users\[Name]\Desktop\Thumbs.db
2014-02-12 18:44 - 2014-02-12 18:44 - 00017806 _____ () C:\Users\[Name]\Downloads\W8_Flag_OAKside.zip
2014-02-12 18:38 - 2013-05-13 04:45 - 00000000 ___RD () C:\Users\[Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-12 18:36 - 2013-08-22 09:44 - 06066168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-12 18:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-12 17:53 - 2013-05-16 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 17:51 - 2012-07-26 00:26 - 00000167 _____ () C:\WINDOWS\win.ini
2014-02-12 17:50 - 2013-07-15 10:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 17:47 - 2013-04-23 22:31 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-10 20:11 - 2014-02-10 20:03 - 25035644 _____ () C:\Users\[Name]\Downloads\vlc-2.1.3-win64.exe
2014-02-10 19:58 - 2014-02-10 19:57 - 22196888 _____ (CBS Interactive) C:\Users\[Name]\Downloads\DownloadApp_1_6_2_150_Setup.exe
2014-02-10 03:44 - 2014-02-10 03:44 - 00038744 _____ () C:\WINDOWS\SysWOW64\DiscHandler.exe
2014-02-06 07:16 - 2014-02-12 17:47 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 17:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 17:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 17:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 17:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 17:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 17:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 17:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 05:49 - 2014-02-12 17:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 17:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 17:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 17:47 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 17:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 17:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 17:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 17:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 17:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 17:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 17:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 17:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 17:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 17:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 17:47 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 04:47 - 2014-02-12 17:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 17:47 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 17:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 17:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 17:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 17:47 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 17:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 17:47 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 17:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 17:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 17:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 17:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 17:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 17:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-03 20:43 - 2014-02-03 20:42 - 00000000 ____D () C:\Program Files (x86)\GOG Games
2014-02-03 20:41 - 2014-02-03 20:37 - 19097592 ____R ( ) C:\Users\[Name]\Downloads\patch_hotline_miami_2.0.1.5.exe
2014-02-03 20:41 - 2014-02-03 20:37 - 181814760 ____R (GOG.com ) C:\Users\[Name]\Downloads\setup_hotline_miami_2.0.0.4.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-02-03 16:47 - 2014-02-03 16:47 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-02-03 16:47 - 2014-02-03 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-02-02 19:49 - 2013-09-29 23:15 - 00381790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-02 19:23 - 2013-05-16 00:28 - 00000000 ____D () C:\Users\[Name]\AppData\Local\DVD Profiler
2014-02-02 19:23 - 2013-05-12 22:20 - 00000000 ____D () C:\Users\[Name]\Documents\DVD Profiler
2014-01-31 18:54 - 2013-05-13 04:44 - 00000000 ____D () C:\Users\[Name]\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\[Name]\AppData\Local\Temp\-832095829.exe
C:\Users\[Name]\AppData\Local\Temp\1486884272.exe
C:\Users\[Name]\AppData\Local\Temp\1501010977.exe
C:\Users\[Name]\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfr4qx.dll
C:\Users\[Name]\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 15:03

==================== End Of Log ============================



#12 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 28 February 2014 - 04:37 PM

I found out that the issue I was having with Dropbox had to do with the permissions in the very same Temp folder. Therefore there is a good chance that it is linked to the malware. I changed them again according to these instructions: https://productforums.google.com/d/msg/drive/zbazK_MeKRs/g5WlCDP_IcMJ. Hopefully that does not compromise my system in any way.


Edited by Malickfan86, 28 February 2014 - 08:18 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 AM

Posted 28 February 2014 - 07:56 PM


Hello Malickfan86



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 28 February 2014 - 08:03 PM

I ran it twice already. Are you sure you meant that message for me? Surely there's something else we can do in light of the information I just gave you (by this I mean what I stated at the top of post 11). I'll copy and paste it here:

 

I haven't seen the torrent pop-ups for around 36 hours. I still think the malware is just dormant, though, since nothing has really changed. There are still a lot of suspicious files in the Temp folder.

 

I consulted http://www.bleepingcomputer.com/forums/t/503355/100-cpu-usage-i-think-theres-a-bitcoin-miner/, in particular posts 4 and 11, and they seem relevant. Correct me if I'm wrong, but this seems like a Java vulnerability. That suspicious file from my first post could not be deleted because it's part of a running process. I think if we can get rid of the sysXboot jar file and disengage it from the Java executable, then this will be fixed.


Edited by Malickfan86, 28 February 2014 - 08:08 PM.


#15 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:36 PM

Posted 01 March 2014 - 02:53 AM

I followed the directions that I posted above (https://productforums.google.com/d/msg/drive/zbazK_MeKRs/g5WlCDP_IcMJ) to fix my Dropbox. The fix is supposed to be permanent. I restarted to test it out and the permissions reset. I think it's safe to say, then, that the malware is altering these permissions. Gringo, I don't know where you are, but let's solve this as quickly as we can.

 

Let's pick up with Broni's tips in the other thread. Maybe I should try Autoruns for Windows and Temp File Cleaner (TFC) next. What do you say?

 

My theory, again, is that we need to get rid of the sysXboot6931420083826696576.jar file.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users