Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe / RPCSS.DLL malware


  • This topic is locked This topic is locked
28 replies to this topic

#1 EasyEdward

EasyEdward

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 April 2014 - 05:59 PM

Upon returning home from some travels where I was using public internet connections, I noticed that my internet was running very slow, if at all.  I soon discovered that one instance of svchost.exe was using all 1.2 mbps of my bandwidth. I ran a full system scan using Norton Internet Security which is always on and found nothing.

 

With the help of a computer savvy friend, we discovered that this svchost.exe was downloading hundreds of temporary internet files at a time. It appeared there were around 500 TCPIP connections open. We located these in C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 and watched as the number grew. A number of these were videos that appeared, based on their name, to be ads loading over and over again.  It appeared to us that this particular malware was accessing web page after web page behind the scenes and these were all of the cached files.

 

Suspending this instance of svchost.exe was the only way to use the internet as even starting in safe mode with networking, the downloading resumed. Even though this svchost.exe was suspended, it would come back to life, spawning a new process under a different PID and restart the downloading at distinct times at least 3 times a day.

 

Over the next few days my friend and I tried various malware detection programs and also tried a System Restore to a date prior to the likely infection. All to no avail.

 

We ran the following (but not in the order listed):

1) Farbar Recovery Scan Tool

2) McAfee Rootkit Remover

3) adwCleaner

4) TDSSKiller

5) Malwarebytes Anti-Malware

6) Sophos

7) Norton Internet Security

8) RogueKiller

9) aswMBR

10) Windows Defender Offline (boot disk created on different computer)

11) Norton Power Eraser

 

One of them reported a couple of PUPs.  We removed them.  The only other detections were some tracking cookies.

 

Norton Power Eraser discovered a problem with RPCSS.DLL. As it appeared that this was a required file we did not fix it.

 

At that point we decided to ask for your help.

 

Attached are the dds logs you request that be run.

 

Please note that the requested files were done with svchost.exe suspended. If I need to redo please let me know.

 

Thanks in advance for any help you can provide.

 

EasyEdward

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:01 AM

Posted 19 April 2014 - 06:09 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 April 2014 - 06:16 PM

Hi Georgi.

 

Thank you for your quick response.

 

One quick question - if I do not suspend the svchost.exe the download will creep along at a few bits per second just like logging into this site would take about five minutes.

 

May I make sure it is suspended so that it moves faster? 



#4 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 April 2014 - 06:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Druback (administrator) on DRUBACK-HPLAP on 19-04-2014 16:22:04
Running from C:\Users\Druback\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\system32\lxeacoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-01-14] (Synaptics Incorporated)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [25754968 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-14] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Policies\system: [DisableChangePassword] 0

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {005804A3-CF16-4EBA-9E39-D4E7622C389F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8F28789D-1C0E-412F-95D7-4FFDD7F484F0&apn_sauid=F163D3D4-D458-4C26-8A4B-0D2FACD2582C&
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Druback\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43520 2011-02-22] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2014-04-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2014-04-18] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-19 16:20 - 2014-04-19 16:22 - 00021608 _____ () C:\Users\Druback\Desktop\FRST.txt
2014-04-19 16:18 - 2014-04-19 16:19 - 02055680 _____ (Farbar) C:\Users\Druback\Desktop\FRST64.exe
2014-04-19 16:17 - 2014-04-19 16:18 - 01043968 _____ (Farbar) C:\Users\Druback\Desktop\FRST.exe
2014-04-19 08:18 - 2014-04-19 08:18 - 00024024 _____ () C:\Users\Druback\Documents\DDS.txt
2014-04-19 08:18 - 2014-04-19 08:18 - 00017661 _____ () C:\Users\Druback\Documents\Attach.txt
2014-04-19 08:16 - 2014-04-19 08:16 - 00017661 _____ () C:\Users\Druback\Desktop\attach.txt
2014-04-19 08:16 - 2014-04-19 08:15 - 00024024 _____ () C:\Users\Druback\Desktop\dds.txt
2014-04-18 19:10 - 2014-04-18 20:18 - 00000000 ____D () C:\Users\Druback\AppData\Local\NPE
2014-04-18 15:07 - 2014-04-18 15:07 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-17 07:04 - 2014-04-17 07:04 - 00000165 ____H () C:\Users\Druback\Documents\~$WGT Data.xlsx
2014-04-15 15:05 - 2014-04-15 15:05 - 00987448 _____ () C:\Users\Druback\Downloads\SecurityCheck.exe
2014-04-13 15:10 - 2014-04-19 15:49 - 00000075 _____ () C:\Windows\system32\iwhz.yiw
2014-04-13 15:00 - 2014-04-13 15:00 - 00000000 _____ () C:\Windows\system32\fmbv.xpe
2014-04-13 14:07 - 2014-04-13 14:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 13:59 - 2014-04-13 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 17:35 - 2014-04-12 17:35 - 00002282 _____ () C:\Users\Druback\Desktop\RKreport[0]_S_04122014_173543.txt
2014-04-12 17:32 - 2014-04-13 14:56 - 00000000 ____D () C:\Users\Druback\Desktop\RK_Quarantine
2014-04-12 12:54 - 2014-04-12 12:54 - 00000000 ____D () C:\Users\Druback\AppData\Local\{A76F258E-2ED4-43CD-8F1A-2259342D9181}
2014-04-12 10:17 - 2014-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-04-11 19:57 - 2014-04-11 19:57 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\Oracle
2014-04-11 19:56 - 2014-04-11 19:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 19:38 - 2014-04-13 14:57 - 00000000 ____D () C:\AdwCleaner
2014-04-11 19:09 - 2014-04-19 16:20 - 00000000 ____D () C:\FRST
2014-04-11 17:20 - 2014-04-11 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 17:11 - 2014-04-19 08:14 - 00000000 ____D () C:\gary
2014-04-09 00:56 - 2014-04-09 00:56 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-08 21:56 - 2014-04-08 21:56 - 00000064 _____ () C:\Windows\system32\jwcoo.nmj
2014-04-08 21:40 - 2014-04-08 21:40 - 00236655 ____S () C:\Windows\system32\xojsox.ldj
2014-04-05 20:19 - 2014-04-05 20:19 - 00000000 ____D () C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398}
2014-04-02 17:58 - 2014-04-02 17:58 - 00090624 _____ () C:\Users\Druback\Documents\Putter Pal Percentages2.xls
2014-03-31 09:52 - 2014-04-19 12:10 - 00002982 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Druback
2014-03-31 09:52 - 2014-04-19 12:10 - 00002978 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Druback
2014-03-31 09:52 - 2014-04-19 12:10 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job
2014-03-31 09:52 - 2014-04-19 12:10 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job
2014-03-31 09:52 - 2014-04-19 06:36 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job
2014-03-31 09:52 - 2014-03-31 09:52 - 00003630 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Druback
2014-03-31 09:52 - 2014-03-31 09:52 - 00002686 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Druback
2014-03-29 16:51 - 2014-03-29 16:51 - 00000000 ____D () C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9}
2014-03-25 15:46 - 2014-03-25 15:46 - 02793448 _____ () C:\ProgramData\SPLF8B.tmp

==================== One Month Modified Files and Folders =======

2014-04-19 16:22 - 2014-04-19 16:20 - 00021608 _____ () C:\Users\Druback\Desktop\FRST.txt
2014-04-19 16:20 - 2014-04-11 19:09 - 00000000 ____D () C:\FRST
2014-04-19 16:19 - 2014-04-19 16:18 - 02055680 _____ (Farbar) C:\Users\Druback\Desktop\FRST64.exe
2014-04-19 16:18 - 2014-04-19 16:17 - 01043968 _____ (Farbar) C:\Users\Druback\Desktop\FRST.exe
2014-04-19 15:49 - 2014-04-13 15:10 - 00000075 _____ () C:\Windows\system32\iwhz.yiw
2014-04-19 15:46 - 2011-10-22 13:49 - 01844426 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 15:39 - 2012-01-14 14:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-19 15:39 - 2011-12-14 20:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-19 15:30 - 2012-06-17 09:34 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 13:27 - 2013-01-18 10:47 - 00384917 _____ () C:\Users\Druback\Documents\WGT Data.xlsx
2014-04-19 12:10 - 2014-03-31 09:52 - 00002982 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Druback
2014-04-19 12:10 - 2014-03-31 09:52 - 00002978 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Druback
2014-04-19 12:10 - 2014-03-31 09:52 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job
2014-04-19 12:10 - 2014-03-31 09:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job
2014-04-19 10:47 - 2012-12-31 23:08 - 00077826 _____ () C:\Users\Druback\Documents\KIS - Holdings.xlsx
2014-04-19 08:25 - 2011-12-08 15:41 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6D85D83-B22B-426B-905A-DAF4D7E2999A}
2014-04-19 08:18 - 2014-04-19 08:18 - 00024024 _____ () C:\Users\Druback\Documents\DDS.txt
2014-04-19 08:18 - 2014-04-19 08:18 - 00017661 _____ () C:\Users\Druback\Documents\Attach.txt
2014-04-19 08:16 - 2014-04-19 08:16 - 00017661 _____ () C:\Users\Druback\Desktop\attach.txt
2014-04-19 08:15 - 2014-04-19 08:16 - 00024024 _____ () C:\Users\Druback\Desktop\dds.txt
2014-04-19 08:14 - 2014-04-11 17:11 - 00000000 ____D () C:\gary
2014-04-19 07:30 - 2012-06-17 09:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 06:44 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 06:44 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 06:42 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 06:36 - 2014-03-31 09:52 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job
2014-04-19 06:36 - 2011-12-08 16:22 - 00087946 _____ () C:\ProgramData\lxeascan.log
2014-04-19 06:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 06:35 - 2009-07-13 21:51 - 00089701 _____ () C:\Windows\setupact.log
2014-04-18 20:18 - 2014-04-18 19:10 - 00000000 ____D () C:\Users\Druback\AppData\Local\NPE
2014-04-18 20:10 - 2012-07-16 19:01 - 00007647 _____ () C:\Users\Druback\AppData\Local\Resmon.ResmonCfg
2014-04-18 19:54 - 2012-07-28 15:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 19:10 - 2011-10-22 13:58 - 00000000 ____D () C:\ProgramData\Norton
2014-04-18 15:07 - 2014-04-18 15:07 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-17 15:46 - 2011-12-17 18:33 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDruback
2014-04-17 15:46 - 2011-12-17 18:33 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDruback.job
2014-04-17 13:23 - 2012-12-20 13:58 - 00003354 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 13:23 - 2012-12-20 13:58 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 08:18 - 2013-03-14 22:21 - 00003376 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 08:18 - 2013-03-14 22:21 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 07:04 - 2014-04-17 07:04 - 00000165 ____H () C:\Users\Druback\Documents\~$WGT Data.xlsx
2014-04-15 15:05 - 2014-04-15 15:05 - 00987448 _____ () C:\Users\Druback\Downloads\SecurityCheck.exe
2014-04-13 17:28 - 2011-12-08 16:24 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-04-13 16:38 - 2011-12-25 14:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 16:35 - 2013-08-15 06:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 16:32 - 2011-12-22 14:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-13 15:01 - 2011-12-08 15:40 - 00086160 _____ () C:\Users\Druback\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-13 15:00 - 2014-04-13 15:00 - 00000000 _____ () C:\Windows\system32\fmbv.xpe
2014-04-13 15:00 - 2011-12-08 15:32 - 00000000 ____D () C:\Users\Druback
2014-04-13 14:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-13 14:57 - 2014-04-11 19:38 - 00000000 ____D () C:\AdwCleaner
2014-04-13 14:57 - 2012-12-20 13:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-13 14:57 - 2012-10-27 11:49 - 00000000 ____D () C:\ProgramData\Real
2014-04-13 14:57 - 2012-08-09 17:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-13 14:57 - 2011-10-22 13:50 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-13 14:57 - 2011-06-21 12:45 - 00000000 ____D () C:\Program Files\Java
2014-04-13 14:57 - 2011-06-21 12:37 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-04-13 14:56 - 2014-04-13 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 14:56 - 2014-04-12 17:32 - 00000000 ____D () C:\Users\Druback\Desktop\RK_Quarantine
2014-04-13 14:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-04-13 14:53 - 2013-12-27 14:08 - 00000000 ____D () C:\Users\Druback\AppData\Local\Mozilla
2014-04-13 14:52 - 2011-12-25 14:43 - 00000000 __RHD () C:\MSOCache
2014-04-13 13:59 - 2014-04-13 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-13 13:59 - 2013-07-09 17:05 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\TeamViewer
2014-04-12 17:35 - 2014-04-12 17:35 - 00002282 _____ () C:\Users\Druback\Desktop\RKreport[0]_S_04122014_173543.txt
2014-04-12 12:54 - 2014-04-12 12:54 - 00000000 ____D () C:\Users\Druback\AppData\Local\{A76F258E-2ED4-43CD-8F1A-2259342D9181}
2014-04-12 10:17 - 2014-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-04-11 19:57 - 2014-04-11 19:57 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\Oracle
2014-04-11 19:56 - 2014-04-11 19:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 17:20 - 2014-04-11 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 20:41 - 2011-12-08 20:22 - 00024612 _____ () C:\ProgramData\lxea.log
2014-04-09 00:56 - 2014-04-09 00:56 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-08 21:56 - 2014-04-08 21:56 - 00000064 _____ () C:\Windows\system32\jwcoo.nmj
2014-04-08 21:40 - 2014-04-08 21:40 - 00236655 ____S () C:\Windows\system32\xojsox.ldj
2014-04-06 18:33 - 2013-11-03 11:08 - 01270282 _____ () C:\Users\Druback\Documents\LegendCalc.xlsx
2014-04-05 20:19 - 2014-04-05 20:19 - 00000000 ____D () C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398}
2014-04-02 17:58 - 2014-04-02 17:58 - 00090624 _____ () C:\Users\Druback\Documents\Putter Pal Percentages2.xls
2014-03-31 09:52 - 2014-03-31 09:52 - 00003630 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Druback
2014-03-31 09:52 - 2014-03-31 09:52 - 00002686 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Druback
2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 16:51 - 2014-03-29 16:51 - 00000000 ____D () C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9}
2014-03-29 12:25 - 2014-02-13 15:03 - 00722432 _____ () C:\Users\Druback\Documents\TPC Membership List.xls
2014-03-27 07:25 - 2012-06-17 09:34 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 07:25 - 2012-06-17 09:34 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 15:46 - 2014-03-25 15:46 - 02793448 _____ () C:\ProgramData\SPLF8B.tmp
2014-03-25 12:00 - 2014-01-05 10:04 - 00001481 _____ () C:\Users\Druback\Desktop\WGTPar3_9th.ahk
2014-03-23 16:46 - 2014-01-02 09:08 - 00036647 _____ () C:\Users\Druback\Documents\Putter Pal Percentages.xlsx

Some content of TEMP:
====================
C:\Users\Druback\AppData\Local\Temp\ose00000.exe
C:\Users\Druback\AppData\Local\Temp\_is5637.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 01:27

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Druback at 2014-04-19 16:22:31
Running from C:\Users\Druback\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bikos Putting Aid (HKCU\...\2b8bee6e085dd156) (Version: 1.0.0.10 - Bikos Putting Aid)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreePriceAlerts 2.3.5 (HKLM\...\{DC3381CB-10D4-431D-B9B3-7DB84B00645F}) (Version: 2.3.5 - myVBO LLC)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.43.307 - Motorola Solutions, Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.03.0 - Ralink)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.5 - InContext Solutions, Inc)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.01 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World War II Wargame (HKCU\...\8ac0da0c141a760f) (Version: 0.0.2.76 - MilitaryHistoryOnline.com)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

13-04-2014 21:48:28 Restore Operation
13-04-2014 23:30:20 Windows Update
14-04-2014 14:56:43 Windows Update
17-04-2014 02:05:10 Windows Update
19-04-2014 15:45:03 Windows Backup

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F800506-2E3A-41B0-97F4-6C1F965D22EB} - System32\Tasks\RNUpgradeHelperLogonPrompt_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {137B7BCB-44A3-4742-9D8E-4E4F8BAC82DB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {1BA713FC-DAEA-4176-A184-4C80E9970B5D} - System32\Tasks\HPCeeScheduleForDruback => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {22E5F9E5-3485-4B7F-B9C0-4B3C466DB9EC} - System32\Tasks\{012C4CB6-ADA2-4006-AB1C-CBCF74662255} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {291C1A64-7DE5-4A73-B74A-7276B2726EF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {2F4550BE-316F-43FE-B735-3B7A517B323B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {37C224CA-2883-4CA4-BAA9-550AD50454CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {38D70FB1-7B87-440C-8BF3-892D05BA1826} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2012-08-30] (Maxthon International ltd.)
Task: {3A32DFAD-C527-42B6-9B75-9881B09E145A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {3B87C00D-6B24-4340-B2D4-0FD561ABB2DB} - System32\Tasks\ReclaimerUpdateFiles_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {4ABD3ED5-8EA7-40D5-835E-7B1277600428} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {57EC948F-B5C7-4170-90B2-E08F517DB8C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {5A6A4218-41CD-46D3-A803-5C5CA2178981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5E47B0ED-90C0-4DBD-99FF-4B330FDC0320} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-08] (Microsoft)
Task: {6004B298-47FC-4990-9ADD-C61806EEB9E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {68538375-1BDC-408F-A207-0B38C60D7D68} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {6CC131F1-E18D-4A42-BE2F-27EB265C24F8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {6EE5649E-791A-48D5-98FC-EB8D307FCACF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {75D5341B-AF89-4704-AD37-192D184F5CDA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {9FE6269F-A0EE-499B-8F38-B48F1E27972D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C897D2BB-6B5A-4F85-8656-7F704714E1A7} - System32\Tasks\{DAE2A1A1-ADBE-497D-BAFC-293E1683978A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {D63E99AD-70BD-44A4-A0A7-39CB2EE35B2C} - System32\Tasks\ReclaimerUpdateXML_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {D84365D4-0EA0-4B6B-964E-556464847979} - System32\Tasks\RNUpgradeHelperResumePrompt_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {E7F38E4C-977E-47C3-A1F6-43C6D261FEB2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {EF5B97D2-D35C-4AF3-8BC1-3F8376DCAFBD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {F1F1BFA6-EE30-4B66-9176-3388B52C5746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {FC4CAB0E-3BD1-4E92-88DC-BD7A71E0D6D2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDruback.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-12-08 16:22 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-08 16:21 - 2011-01-23 21:08 - 00770728 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2011-12-08 16:21 - 2011-01-23 21:08 - 00148280 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2011-10-22 13:47 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-12-08 16:22 - 2009-05-18 09:32 - 01416192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxeaptpc.dll
2011-12-08 16:22 - 2009-11-04 09:19 - 00198656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxeadrui.dll
2011-12-08 16:22 - 2009-11-09 04:36 - 00142336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxeaPRPR.DLL
2011-12-08 16:22 - 2009-11-04 09:17 - 00280576 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxeadr.dll
2011-12-08 16:21 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2011-12-08 16:21 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2011-12-08 16:21 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2011-12-08 16:21 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2011-12-08 16:21 - 2009-02-20 04:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2011-12-08 16:21 - 2009-02-20 04:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2011-12-08 16:21 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2011-12-08 16:21 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2011-12-08 16:21 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2011-12-08 16:21 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2011-12-08 16:21 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2011-12-08 16:21 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2011-12-08 16:21 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-02-14 14:16 - 2014-02-14 14:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2011-10-22 13:46 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 04:21:30 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c7c

Start Time: 01cf5c25d7f87c49

Termination Time: 0

Application Path: C:\Users\Druback\Desktop\FRST64.exe

Report Id: 4e58295d-c819-11e3-be77-101f741c6aff

Error: (04/19/2014 11:59:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/19/2014 06:36:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:32:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 04:45:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 07:35:07 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 06:32:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 01:23:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 01:21:36 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800706b5, The interface is unknown.
.

Error: (04/17/2014 01:21:36 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]

System errors:
=============
Error: (04/19/2014 03:47:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:35:42 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:23:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:11:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 02:47:35 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 11:35:28 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 10:59:26 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 08:47:20 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 08:23:23 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 06:47:32 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (04/19/2014 04:21:30 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.22c7c01cf5c25d7f87c490C:\Users\Druback\Desktop\FRST64.exe4e58295d-c819-11e3-be77-101f741c6aff

Error: (04/19/2014 11:59:00 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/19/2014 06:36:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:32:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 04:45:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 07:35:07 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 06:32:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 01:23:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 01:21:36 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x800706b5, The interface is unknown.

Error: (04/17/2014 01:21:36 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.

CodeIntegrity Errors:
===================================
  Date: 2014-04-12 13:37:53.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 13:37:53.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:25:49.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DB84.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:25:49.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DB84.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:20:19.511
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:20:19.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:18:07.660
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:18:07.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 09:42:16.605
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 09:42:16.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 4043.86 MB
Available physical RAM: 1905.77 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5504.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.8 GB) (Free:467.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.08 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

 

 

Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Druback at 2014-04-19 16:25:06
Running from C:\Users\Druback\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

C:\gary\rpcss.dll
[2014-04-18 19:29] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

====== End Of Search ======



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:01 AM

Posted 19 April 2014 - 06:35 PM

Hello,

 

Do not suspend anything because this can confuse the scanning process.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:01 AM

Posted 19 April 2014 - 06:41 PM

Hi,

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 April 2014 - 07:09 PM

Hello,

 

Do not suspend anything because this can confuse the scanning process.

 

 

Regards,

Georgi

 

OK here are the rescans once the process restarted / spawned a new one. Note it took 5 mins and three tries to get back into the Forum as svchost.exe is taking up entire bandwidth.

 

Thanks for your prompt reply - I will follow-up with the next scan in a few.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Druback (administrator) on DRUBACK-HPLAP on 19-04-2014 16:58:43
Running from C:\Users\Druback\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\system32\lxeacoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-01-14] (Synaptics Incorporated)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [25754968 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-14] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3958857591-70701716-2010187594-1001\...\Policies\system: [DisableChangePassword] 0

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {005804A3-CF16-4EBA-9E39-D4E7622C389F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8F28789D-1C0E-412F-95D7-4FFDD7F484F0&apn_sauid=F163D3D4-D458-4C26-8A4B-0D2FACD2582C&
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Druback\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43520 2011-02-22] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2014-04-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2014-04-18] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-19 16:58 - 2014-04-19 16:59 - 00021184 _____ () C:\Users\Druback\Desktop\FRST.txt
2014-04-19 16:18 - 2014-04-19 16:19 - 02055680 _____ (Farbar) C:\Users\Druback\Desktop\FRST64.exe
2014-04-19 16:17 - 2014-04-19 16:18 - 01043968 _____ (Farbar) C:\Users\Druback\Desktop\FRST.exe
2014-04-19 08:18 - 2014-04-19 08:18 - 00024024 _____ () C:\Users\Druback\Documents\DDS.txt
2014-04-19 08:18 - 2014-04-19 08:18 - 00017661 _____ () C:\Users\Druback\Documents\Attach.txt
2014-04-19 08:16 - 2014-04-19 08:16 - 00017661 _____ () C:\Users\Druback\Desktop\attach.txt
2014-04-19 08:16 - 2014-04-19 08:15 - 00024024 _____ () C:\Users\Druback\Desktop\dds.txt
2014-04-18 19:10 - 2014-04-18 20:18 - 00000000 ____D () C:\Users\Druback\AppData\Local\NPE
2014-04-18 15:07 - 2014-04-18 15:07 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-17 07:04 - 2014-04-17 07:04 - 00000165 ____H () C:\Users\Druback\Documents\~$WGT Data.xlsx
2014-04-15 15:05 - 2014-04-15 15:05 - 00987448 _____ () C:\Users\Druback\Downloads\SecurityCheck.exe
2014-04-13 15:10 - 2014-04-19 16:49 - 00000072 _____ () C:\Windows\system32\iwhz.yiw
2014-04-13 15:00 - 2014-04-13 15:00 - 00000000 _____ () C:\Windows\system32\fmbv.xpe
2014-04-13 14:07 - 2014-04-13 14:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 13:59 - 2014-04-13 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 17:35 - 2014-04-12 17:35 - 00002282 _____ () C:\Users\Druback\Desktop\RKreport[0]_S_04122014_173543.txt
2014-04-12 17:32 - 2014-04-13 14:56 - 00000000 ____D () C:\Users\Druback\Desktop\RK_Quarantine
2014-04-12 12:54 - 2014-04-12 12:54 - 00000000 ____D () C:\Users\Druback\AppData\Local\{A76F258E-2ED4-43CD-8F1A-2259342D9181}
2014-04-12 10:17 - 2014-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-04-11 19:57 - 2014-04-11 19:57 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\Oracle
2014-04-11 19:56 - 2014-04-11 19:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 19:38 - 2014-04-13 14:57 - 00000000 ____D () C:\AdwCleaner
2014-04-11 19:09 - 2014-04-19 16:58 - 00000000 ____D () C:\FRST
2014-04-11 17:20 - 2014-04-11 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 17:11 - 2014-04-19 08:14 - 00000000 ____D () C:\gary
2014-04-09 00:56 - 2014-04-09 00:56 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-08 21:56 - 2014-04-08 21:56 - 00000064 _____ () C:\Windows\system32\jwcoo.nmj
2014-04-08 21:40 - 2014-04-08 21:40 - 00236655 ____S () C:\Windows\system32\xojsox.ldj
2014-04-05 20:19 - 2014-04-05 20:19 - 00000000 ____D () C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398}
2014-04-02 17:58 - 2014-04-02 17:58 - 00090624 _____ () C:\Users\Druback\Documents\Putter Pal Percentages2.xls
2014-03-31 09:52 - 2014-04-19 16:52 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job
2014-03-31 09:52 - 2014-04-19 16:52 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job
2014-03-31 09:52 - 2014-04-19 12:10 - 00002982 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Druback
2014-03-31 09:52 - 2014-04-19 12:10 - 00002978 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Druback
2014-03-31 09:52 - 2014-04-19 12:10 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job
2014-03-31 09:52 - 2014-03-31 09:52 - 00003630 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Druback
2014-03-31 09:52 - 2014-03-31 09:52 - 00002686 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Druback
2014-03-29 16:51 - 2014-03-29 16:51 - 00000000 ____D () C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9}
2014-03-25 15:46 - 2014-03-25 15:46 - 02793448 _____ () C:\ProgramData\SPLF8B.tmp

==================== One Month Modified Files and Folders =======

2014-04-19 16:59 - 2014-04-19 16:58 - 00021184 _____ () C:\Users\Druback\Desktop\FRST.txt
2014-04-19 16:59 - 2011-10-22 13:49 - 01851518 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 16:58 - 2014-04-11 19:09 - 00000000 ____D () C:\FRST
2014-04-19 16:58 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 16:56 - 2012-07-16 19:01 - 00007647 _____ () C:\Users\Druback\AppData\Local\Resmon.ResmonCfg
2014-04-19 16:53 - 2011-12-08 16:22 - 00088056 _____ () C:\ProgramData\lxeascan.log
2014-04-19 16:52 - 2014-03-31 09:52 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job
2014-04-19 16:52 - 2014-03-31 09:52 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job
2014-04-19 16:52 - 2013-03-14 22:21 - 00003376 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-19 16:52 - 2013-03-14 22:21 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-19 16:52 - 2012-06-17 09:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 16:52 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 16:52 - 2009-07-13 21:51 - 00089757 _____ () C:\Windows\setupact.log
2014-04-19 16:49 - 2014-04-13 15:10 - 00000072 _____ () C:\Windows\system32\iwhz.yiw
2014-04-19 16:30 - 2012-06-17 09:34 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 16:19 - 2014-04-19 16:18 - 02055680 _____ (Farbar) C:\Users\Druback\Desktop\FRST64.exe
2014-04-19 16:18 - 2014-04-19 16:17 - 01043968 _____ (Farbar) C:\Users\Druback\Desktop\FRST.exe
2014-04-19 15:39 - 2012-01-14 14:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-19 15:39 - 2011-12-14 20:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-19 13:27 - 2013-01-18 10:47 - 00384917 _____ () C:\Users\Druback\Documents\WGT Data.xlsx
2014-04-19 12:10 - 2014-03-31 09:52 - 00002982 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Druback
2014-04-19 12:10 - 2014-03-31 09:52 - 00002978 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Druback
2014-04-19 12:10 - 2014-03-31 09:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job
2014-04-19 10:47 - 2012-12-31 23:08 - 00077826 _____ () C:\Users\Druback\Documents\KIS - Holdings.xlsx
2014-04-19 08:25 - 2011-12-08 15:41 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6D85D83-B22B-426B-905A-DAF4D7E2999A}
2014-04-19 08:18 - 2014-04-19 08:18 - 00024024 _____ () C:\Users\Druback\Documents\DDS.txt
2014-04-19 08:18 - 2014-04-19 08:18 - 00017661 _____ () C:\Users\Druback\Documents\Attach.txt
2014-04-19 08:16 - 2014-04-19 08:16 - 00017661 _____ () C:\Users\Druback\Desktop\attach.txt
2014-04-19 08:15 - 2014-04-19 08:16 - 00024024 _____ () C:\Users\Druback\Desktop\dds.txt
2014-04-19 08:14 - 2014-04-11 17:11 - 00000000 ____D () C:\gary
2014-04-19 06:44 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 06:44 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 20:18 - 2014-04-18 19:10 - 00000000 ____D () C:\Users\Druback\AppData\Local\NPE
2014-04-18 19:54 - 2012-07-28 15:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 19:10 - 2011-10-22 13:58 - 00000000 ____D () C:\ProgramData\Norton
2014-04-18 15:07 - 2014-04-18 15:07 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-17 15:46 - 2011-12-17 18:33 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDruback
2014-04-17 15:46 - 2011-12-17 18:33 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDruback.job
2014-04-17 13:23 - 2012-12-20 13:58 - 00003354 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 13:23 - 2012-12-20 13:58 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001
2014-04-17 07:04 - 2014-04-17 07:04 - 00000165 ____H () C:\Users\Druback\Documents\~$WGT Data.xlsx
2014-04-15 15:05 - 2014-04-15 15:05 - 00987448 _____ () C:\Users\Druback\Downloads\SecurityCheck.exe
2014-04-13 17:28 - 2011-12-08 16:24 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-04-13 16:38 - 2011-12-25 14:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 16:35 - 2013-08-15 06:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 16:32 - 2011-12-22 14:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-13 15:01 - 2011-12-08 15:40 - 00086160 _____ () C:\Users\Druback\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-13 15:00 - 2014-04-13 15:00 - 00000000 _____ () C:\Windows\system32\fmbv.xpe
2014-04-13 15:00 - 2011-12-08 15:32 - 00000000 ____D () C:\Users\Druback
2014-04-13 14:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-13 14:57 - 2014-04-11 19:38 - 00000000 ____D () C:\AdwCleaner
2014-04-13 14:57 - 2012-12-20 13:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-13 14:57 - 2012-10-27 11:49 - 00000000 ____D () C:\ProgramData\Real
2014-04-13 14:57 - 2012-08-09 17:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-13 14:57 - 2011-10-22 13:50 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-13 14:57 - 2011-06-21 12:45 - 00000000 ____D () C:\Program Files\Java
2014-04-13 14:57 - 2011-06-21 12:37 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-04-13 14:56 - 2014-04-13 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 14:56 - 2014-04-12 17:32 - 00000000 ____D () C:\Users\Druback\Desktop\RK_Quarantine
2014-04-13 14:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-04-13 14:53 - 2013-12-27 14:08 - 00000000 ____D () C:\Users\Druback\AppData\Local\Mozilla
2014-04-13 14:52 - 2011-12-25 14:43 - 00000000 __RHD () C:\MSOCache
2014-04-13 13:59 - 2014-04-13 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-13 13:59 - 2013-07-09 17:05 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\TeamViewer
2014-04-12 17:35 - 2014-04-12 17:35 - 00002282 _____ () C:\Users\Druback\Desktop\RKreport[0]_S_04122014_173543.txt
2014-04-12 12:54 - 2014-04-12 12:54 - 00000000 ____D () C:\Users\Druback\AppData\Local\{A76F258E-2ED4-43CD-8F1A-2259342D9181}
2014-04-12 10:17 - 2014-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-04-11 19:57 - 2014-04-11 19:57 - 00000000 ____D () C:\Users\Druback\AppData\Roaming\Oracle
2014-04-11 19:56 - 2014-04-11 19:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 17:20 - 2014-04-11 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 20:41 - 2011-12-08 20:22 - 00024612 _____ () C:\ProgramData\lxea.log
2014-04-09 00:56 - 2014-04-09 00:56 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-08 21:56 - 2014-04-08 21:56 - 00000064 _____ () C:\Windows\system32\jwcoo.nmj
2014-04-08 21:40 - 2014-04-08 21:40 - 00236655 ____S () C:\Windows\system32\xojsox.ldj
2014-04-06 18:33 - 2013-11-03 11:08 - 01270282 _____ () C:\Users\Druback\Documents\LegendCalc.xlsx
2014-04-05 20:19 - 2014-04-05 20:19 - 00000000 ____D () C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398}
2014-04-02 17:58 - 2014-04-02 17:58 - 00090624 _____ () C:\Users\Druback\Documents\Putter Pal Percentages2.xls
2014-03-31 09:52 - 2014-03-31 09:52 - 00003630 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Druback
2014-03-31 09:52 - 2014-03-31 09:52 - 00002686 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Druback
2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 16:51 - 2014-03-29 16:51 - 00000000 ____D () C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9}
2014-03-29 12:25 - 2014-02-13 15:03 - 00722432 _____ () C:\Users\Druback\Documents\TPC Membership List.xls
2014-03-27 07:25 - 2012-06-17 09:34 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 07:25 - 2012-06-17 09:34 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 15:46 - 2014-03-25 15:46 - 02793448 _____ () C:\ProgramData\SPLF8B.tmp
2014-03-25 12:00 - 2014-01-05 10:04 - 00001481 _____ () C:\Users\Druback\Desktop\WGTPar3_9th.ahk
2014-03-23 16:46 - 2014-01-02 09:08 - 00036647 _____ () C:\Users\Druback\Documents\Putter Pal Percentages.xlsx

Some content of TEMP:
====================
C:\Users\Druback\AppData\Local\Temp\ose00000.exe
C:\Users\Druback\AppData\Local\Temp\_is5637.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 01:27

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Druback at 2014-04-19 17:00:13
Running from C:\Users\Druback\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bikos Putting Aid (HKCU\...\2b8bee6e085dd156) (Version: 1.0.0.10 - Bikos Putting Aid)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreePriceAlerts 2.3.5 (HKLM\...\{DC3381CB-10D4-431D-B9B3-7DB84B00645F}) (Version: 2.3.5 - myVBO LLC)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.43.307 - Motorola Solutions, Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.03.0 - Ralink)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.5 - InContext Solutions, Inc)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.01 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World War II Wargame (HKCU\...\8ac0da0c141a760f) (Version: 0.0.2.76 - MilitaryHistoryOnline.com)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

13-04-2014 21:48:28 Restore Operation
13-04-2014 23:30:20 Windows Update
14-04-2014 14:56:43 Windows Update
17-04-2014 02:05:10 Windows Update
19-04-2014 15:45:03 Windows Backup

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F800506-2E3A-41B0-97F4-6C1F965D22EB} - System32\Tasks\RNUpgradeHelperLogonPrompt_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {137B7BCB-44A3-4742-9D8E-4E4F8BAC82DB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {1BA713FC-DAEA-4176-A184-4C80E9970B5D} - System32\Tasks\HPCeeScheduleForDruback => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {22E5F9E5-3485-4B7F-B9C0-4B3C466DB9EC} - System32\Tasks\{012C4CB6-ADA2-4006-AB1C-CBCF74662255} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {291C1A64-7DE5-4A73-B74A-7276B2726EF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {2F4550BE-316F-43FE-B735-3B7A517B323B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {37C224CA-2883-4CA4-BAA9-550AD50454CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {38D70FB1-7B87-440C-8BF3-892D05BA1826} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2012-08-30] (Maxthon International ltd.)
Task: {3A32DFAD-C527-42B6-9B75-9881B09E145A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {3B87C00D-6B24-4340-B2D4-0FD561ABB2DB} - System32\Tasks\ReclaimerUpdateFiles_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {4ABD3ED5-8EA7-40D5-835E-7B1277600428} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {57EC948F-B5C7-4170-90B2-E08F517DB8C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {5A6A4218-41CD-46D3-A803-5C5CA2178981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5E47B0ED-90C0-4DBD-99FF-4B330FDC0320} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-08] (Microsoft)
Task: {6004B298-47FC-4990-9ADD-C61806EEB9E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {68538375-1BDC-408F-A207-0B38C60D7D68} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {6EE5649E-791A-48D5-98FC-EB8D307FCACF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {727FA180-F2D0-4E11-92B1-AA1B58D41EB1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {75D5341B-AF89-4704-AD37-192D184F5CDA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {9FE6269F-A0EE-499B-8F38-B48F1E27972D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A41EE8ED-F139-4B41-A9E2-5B2E15870CBC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {C897D2BB-6B5A-4F85-8656-7F704714E1A7} - System32\Tasks\{DAE2A1A1-ADBE-497D-BAFC-293E1683978A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {D63E99AD-70BD-44A4-A0A7-39CB2EE35B2C} - System32\Tasks\ReclaimerUpdateXML_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {D84365D4-0EA0-4B6B-964E-556464847979} - System32\Tasks\RNUpgradeHelperResumePrompt_Druback => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-31] (RealNetworks, Inc.)
Task: {E7F38E4C-977E-47C3-A1F6-43C6D261FEB2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3958857591-70701716-2010187594-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {EF5B97D2-D35C-4AF3-8BC1-3F8376DCAFBD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {F1F1BFA6-EE30-4B66-9176-3388B52C5746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDruback.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Druback.job => C:\Users\Druback\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-12-08 16:22 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-08 16:21 - 2011-01-23 21:08 - 00770728 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2011-12-08 16:21 - 2011-01-23 21:08 - 00148280 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2011-10-22 13:47 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-12-08 16:21 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2011-12-08 16:21 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2011-12-08 16:21 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2011-12-08 16:21 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2011-12-08 16:21 - 2009-02-20 04:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2011-12-08 16:21 - 2009-02-20 04:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2011-12-08 16:21 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2011-12-08 16:21 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2011-12-08 16:21 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2011-12-08 16:21 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2011-12-08 16:21 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2011-12-08 16:21 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2011-12-08 16:21 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2011-12-08 16:21 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2014-02-14 14:16 - 2014-02-14 14:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2011-10-22 13:46 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 04:55:39 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 974

Start Time: 01cf5c2ac72fcec5

Termination Time: 22

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/19/2014 04:55:39 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15f0

Start Time: 01cf5c2aa58bdd0e

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/19/2014 04:53:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 04:21:30 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c7c

Start Time: 01cf5c25d7f87c49

Termination Time: 0

Application Path: C:\Users\Druback\Desktop\FRST64.exe

Report Id: 4e58295d-c819-11e3-be77-101f741c6aff

Error: (04/19/2014 11:59:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/19/2014 06:36:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:32:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 04:45:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 07:35:07 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 06:32:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/19/2014 04:59:36 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 04:53:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2014 04:52:44 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/19/2014 04:52:38 PM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/19/2014 04:52:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (04/19/2014 04:23:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:47:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:35:42 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:23:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Error: (04/19/2014 03:11:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRUBACK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7B768B2-C404-42E8-8856-747A02E2CED0}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (04/19/2014 04:55:39 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.1652197401cf5c2ac72fcec522C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (04/19/2014 04:55:39 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.1652115f001cf5c2aa58bdd0e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (04/19/2014 04:53:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 04:21:30 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.22c7c01cf5c25d7f87c490C:\Users\Druback\Desktop\FRST64.exe4e58295d-c819-11e3-be77-101f741c6aff

Error: (04/19/2014 11:59:00 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/19/2014 06:36:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:32:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 04:45:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 07:35:07 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 06:32:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-04-12 13:37:53.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 13:37:53.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:25:49.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DB84.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:25:49.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DB84.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:20:19.511
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:20:19.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:18:07.660
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 10:18:07.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CDDC.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 09:42:16.605
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-12 09:42:16.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4043.86 MB
Available physical RAM: 1776.95 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5664.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.8 GB) (Free:467.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.08 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Druback at 2014-04-19 17:03:28
Running from C:\Users\Druback\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

C:\gary\rpcss.dll
[2014-04-18 19:29] - [2010-11-20 20:24] - 0516096 ____A (Microsoft Corporation) 3DD992EC69CB9B1E266521050DE0E7C7

====== End Of Search ======



#8 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 April 2014 - 07:26 PM

Hi,

 

Please download the following file => attachicon.giffixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 

Here it is:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014
Ran by Druback at 2014-04-19 17:11:25 Run:1
Running from C:\Users\Druback\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {005804A3-CF16-4EBA-9E39-D4E7622C389F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8F28789D-1C0E-412F-95D7-4FFDD7F484F0&apn_sauid=F163D3D4-D458-4C26-8A4B-0D2FACD2582C&
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: FreePriceAlerts - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll No File
2014-04-13 15:10 - 2014-04-19 15:49 - 00000075 _____ () C:\Windows\system32\iwhz.yiw
2014-04-13 15:00 - 2014-04-13 15:00 - 00000000 _____ () C:\Windows\system32\fmbv.xpe
2014-04-08 21:56 - 2014-04-08 21:56 - 00000064 _____ () C:\Windows\system32\jwcoo.nmj
2014-04-08 21:40 - 2014-04-08 21:40 - 00236655 ____S () C:\Windows\system32\xojsox.ldj
2014-03-25 15:46 - 2014-03-25 15:46 - 02793448 _____ () C:\ProgramData\SPLF8B.tmp
2014-04-05 20:19 - 2014-04-05 20:19 - 00000000 ____D () C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398}
2014-03-29 16:51 - 2014-03-29 16:51 - 00000000 ____D () C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9}
C:\gary\rpcss.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Druback\AppData\Local\Temp
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKCR\CLSID\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{005804A3-CF16-4EBA-9E39-D4E7622C389F} => Key deleted successfully.
HKCR\CLSID\{005804A3-CF16-4EBA-9E39-D4E7622C389F} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKCR\CLSID\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} => Key deleted successfully.
HKCR\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} => Key deleted successfully.
C:\Windows\system32\iwhz.yiw => Moved successfully.
Could not move "C:\Windows\system32\fmbv.xpe" => Scheduled to move on reboot.
C:\Windows\system32\jwcoo.nmj => Moved successfully.
Could not move "C:\Windows\system32\xojsox.ldj" => Scheduled to move on reboot.
C:\ProgramData\SPLF8B.tmp => Moved successfully.
C:\Users\Druback\AppData\Local\{2D45DC80-DFA6-4FAE-B609-65B34F527398} => Moved successfully.
C:\Users\Druback\AppData\Local\{3ABAF7B8-2611-4D0B-9213-7660A2E2EAB9} => Moved successfully.
C:\gary\rpcss.dll => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Druback\AppData\Local\Temp" directory move:

C:\Users\Druback\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\au-descriptor-1.7.0_55-b14.xml => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\CVRC3F.tmp.cvr => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\detect.log => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Druback\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Druback\AppData\Local\Temp\HPSAActionItems.xml => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\_is5637.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF1FA945E3AF29789F.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF25EDBBF74B13DCB7.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF2867C36949D431CC.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF39875722F9C22DCD.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF47315DEBD905DEB4.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF4B8B410C6FAAF3CE.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF4F75B867B992EB64.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF51A27833E66CCCE9.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF536FFD54E2AA1715.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF5CE3AE3C292A7429.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF6C4BE97896B4BD88.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF82FE4CF9A9BAACB5.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF87BC7AB05F89FABF.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF9153EF5DFA688CFA.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF919CDB58DA99BAF1.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF94719DA741F7C7B5.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DF9497A3BA9FEAC616.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DFAE4A729924205C4E.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DFB610E86E2FD3D6F9.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DFB926BABE9769A898.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\~DFD7D0BF71A945BAB2.TMP => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\{0F8A9279-DC1B-4B2B-9C32-66C615F9BD3E}\ISSetup.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\{0F8A9279-DC1B-4B2B-9C32-66C615F9BD3E}\_Setup.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Temporary Internet Files\Content.IE5\LOZE6W6F\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Temporary Internet Files\Content.IE5\CQWW60JL\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4D73OJE5\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0M0ND3U6\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Desktop.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_en.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Service.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_StaticRes.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_w32.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_x64.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\x64\tvmonitor.cat => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\x64\TVMonitor.inf => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\x64\TVMonitor.sy_ => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\TCDB075.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\AVDisplayName.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\AVstate.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\check.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\checkup.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\ff2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\ff3.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash3.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash4.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash5.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flash6.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flashcheck.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\flashx64.bat => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\hostcopy.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\IEversion.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\IEVersion2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\install.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\MSEx64.bat => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup10.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup11.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup12.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup13.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup14.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup15.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup16.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup17.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup18.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup19.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup20.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup21.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup22.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup23.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup24.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup25.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup26.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup27.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup28.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup29.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup3.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup30.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup31.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup32.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup4.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup5.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup6.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup7.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup8.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup9.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\OS1check.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\OS1check2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup3.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimproccheck.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimspycheck.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimspycheck2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process10.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process11.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process12.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process13.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process14.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process15.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process16.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process17.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process18.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process19.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process20.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process21.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process22.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process23.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process24.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process25.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process26.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process27.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process28.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process29.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process30.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process31.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process32.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process33.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process34.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process35.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process36.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process37.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process38.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process39.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process4.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process40.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process5.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process6.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process7.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process8.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\process9.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\rc2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\rc3.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\rc4.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\rc5.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\SecurityCheck.bat => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\tb2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\UAC.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\UAC2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Vista7FirewallCheck1.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Vista7FirewallCheck2.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\wscsvc1.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\x64SPcheck.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\Copyright Information.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\Update History.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\MATS-Temp\Results\Windows Update_result.cab => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZGQMKXLY\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SMMC4HRA\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\PU7B9K19\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K3Z20FBX\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\I405AROT\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\HQAP6FQS\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FFD9HU5V\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4U8RPXQK\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\Low\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\CbsProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\CompatProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\DismCore.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\DismCorePS.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\DismHost.exe => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\DismProv.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\DmiProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\FolderProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\IntlProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\LogProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\MsiProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\OSProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\SmiProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\TransmogProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\UnattendProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\wdscore.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\WimProvider.dll => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\CbsProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\CompatProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\DismCore.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\DismProv.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\DmiProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\FolderProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\IntlProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\LogProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\MsiProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\OSProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\SmiProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\TransmogProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\UnattendProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\C89860B5-CE31-41FE-8930-32DBEB2E692B\en-US\WimProvider.dll.mui => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\aspy_emu.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\avxdisk.xmd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\boot.xmd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\cevakrnl.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\cevakrnl.rv0 => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\cevakrnl.xmd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\ceva_dll.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\ceva_emu.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\ceva_vfs.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\ceva_vfs.ivd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\lib.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\lib.ivd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\lib.rvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\orice.rvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\update.txt => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\variant.c00 => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\variant.c01 => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\variant.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\xlmrd.cvd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\plugins\xlmrd.ivd => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\Logs\BootkitRemoval_x64\BootkitRemoval_x64264.log => Moved successfully.
C:\Users\Druback\AppData\Local\Temp\BDRemovalTool\Logs\BDRemovalTool\BDRemovalTool1844.log => Moved successfully.
Could not move "C:\Users\Druback\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-19 17:20:50)<=

C:\Windows\system32\fmbv.xpe => Is moved successfully.
C:\Windows\system32\xojsox.ldj => Is moved successfully.
C:\Users\Druback\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Druback\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:01 AM

Posted 20 April 2014 - 03:58 AM

Although we managed to clean the infection I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 02:11 PM

Here you go:

 

1 at a time. (My computer buddy wanted to see the procedure - that is why TeamViewer was on).

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/20/2014 12:00:06 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2000) [WD-HEUR]
 * C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe (PID: 10124) [T-HEUR]
 * C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe (PID: 17252) [T-HEUR]
 * C:\Users\Druback\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe (PID: 14684) [T-HEUR]
 * c:\users\druback\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe (PID: 20944) [T-HEUR]

5 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/20/2014 12:00:46 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)

 

= = = = =



#11 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 02:34 PM

Step #2

 

http://pastebin.com/yCDLPu4F



#12 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 02:56 PM

Step #3

 

http://pastebin.com/mAiHxF4X



#13 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 03:31 PM

Step 4 is running but it appears it will take a few hours

 

More to follow when it is done



#14 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 03:59 PM

Step #4

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2014
Scan Time: 1:50:19 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Druback

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258355
Time Elapsed: 41 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [69970df3b7497888efdfeb61bf4306fa],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [d030a7595aa6f10fd2fd400cf111669a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [827e41bf9070d62a812f4838936ffd03],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3958857591-70701716-2010187594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0bf5f90711ef18e896e8cedcc53e0ef2],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#15 EasyEdward

EasyEdward
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 April 2014 - 04:30 PM

Step #5

 

Georgi:

 

Please note that the identified "Trojan" PCTCalc.exe is a program that a friend and I made. It may be so identified because it goes out and captures data from an online game when we want to update our stats in the game.

 

Ed

 

HitmanPro 3.7.9.216
www.hitmanpro.com
   Computer name . . . . : DRUBACK-HPLAP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Druback-HPLap\Druback
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-04-20 14:09:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 11s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 60
   Objects scanned . . . : 2,260,642
   Files scanned . . . . : 36,794
   Remnants scanned  . . : 1,014,214 files / 1,209,634 keys
Malware _____________________________________________________________________
   C:\wgt\pct\PCTCalc.exe
      Size . . . . . . . : 2,283,008 bytes
      Age  . . . . . . . : 14.8 days (2014-04-05 18:40:30)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : A1C40D2750E74010B618AE1FD708E856E7B76AA26B4414C4636748CD3978FAC5
      Product
      Publisher
      Description
      Version  . . . . . : 1.5.0.0
      Copyright
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 104.0
      References
         C:\Users\Druback\Desktop\PCTCalc.lnk

Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Umbrella_RASAPI32\ (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Umbrella_RASMANCS\ (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}\ (VidSaver)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
Cookies _____________________________________________________________________
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\DM15HTEA.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\EF0QPXAT.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\EY2WMEET.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\FFRGQBAE.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\GHNIDJKJ.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\SH6X0PA4.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\VQ9ZNDF7.txt
   C:\Users\Druback\AppData\Roaming\Microsoft\Windows\Cookies\Y8O5NYL8.txt
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.p161.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.undertone.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:adtechus.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:advertising.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:at.atwola.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:atdmt.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:baby.healthguru.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:burstnet.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:casalemedia.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:collective-media.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:conditions.healthguru.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:doubleclick.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:fastclick.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:healthguru.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:interclick.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:media6degrees.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:mediaplex.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:mental.healthguru.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:network.realmedia.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:pointroll.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:questionmarket.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:realmedia.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:revsci.net
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:ru4.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:serving-sys.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:sex.healthguru.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:smartadserver.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:track.emerse.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:track.supersonicads.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:tribalfusion.com
   C:\Users\Druback\AppData\Roaming\Mozilla\Firefox\Profiles\y8omh7g5.default\cookies.sqlite:www.burstnet.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users