Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran exe file attached to USPS VIrus email


  • This topic is locked This topic is locked
8 replies to this topic

#1 tredgs

tredgs

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 27 May 2014 - 02:00 AM

Received a bogus email from USPS and ran the exe file attached (yes, stupid!!!)

MSFT Security Essentials appeared to catch it and instructed a restart

Restarted and now desktop icons have no text (names)

Right clicks do not work at all

Nothing happens when clicking the start menu

Dialog boxes have no text.  Some have radio buttons and some of the buttons can't be selected

When opening a folder, only the icon shows with no text info next to it

I can run what appears to be normally in safe mode

Thank you so very much for taking the time

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Skip at 2:43:39 on 2014-05-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8183.7063 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://besthomepageever.com/
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll
mURLSearchHooks: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - 
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: SweetPacks Toolbar: {7E8A1050-CF67-4575-92DF-DCC60E7D952D} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
uRun: [HP Officejet 7500 E910 (NET)] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY2CR310H905P5:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\Skip\AppData\Local\Akamai\netsession_win.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [GoogleChromeAutoLaunch_CB98C61ACD7011EAC15746256F8A2A95] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe" RunWithWindows
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Skip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Skip\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: paychex.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.1.23:8080/VatDec.cab
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxps://www.mydlink.com/8D/activeX//camclictrl.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/event/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5BCBD6BA-D17C-4147-A9D1-67831E6F72FD} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll acaptuser32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CorelCreatorClient] C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
x64-Run: [Symantec System Recovery 2013] "C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-1-4 24880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-19 55024]
R0 SSRFsF;SSRFsF;C:\Windows\System32\drivers\SSRFsF.sys [2013-11-2 28152]
R0 Vtrack;Symantec Volume Change Tracking Driver;C:\Windows\System32\drivers\VTrack.sys [2013-11-2 350712]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-8-19 95152]
R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2009-7-10 22488]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-5-14 2496832]
S2 ESDSchedulerService;ESDSchedulerService;C:\ADP\ESD\ESDSchedulerService.exe [2013-1-9 20480]
S2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-10-4 1761584]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
S2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384]
S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016]
S2 monblanking;monblanking;C:\Windows\System32\drivers\monblanking.sys [2013-4-1 34960]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-6-19 1248256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-13 411936]
S2 Symantec System Recovery;Symantec System Recovery;C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [2013-4-24 6287176]
S2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-2-28 1042808]
S2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-2-28 271728]
S2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-4-9 22280]
S3 CorelCreatorMessages;CorelCreatorMessages;C:\Windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-30 1471352]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2013-3-26 1979384]
S3 GenericMount;Symantec Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2013-3-26 69208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-13 111616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-4 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SymTrackService;SymTrackService;C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe [2013-4-24 2976736]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-4 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-5 1255736]
.
=============== Created Last 30 ================
.
2014-05-27 04:37:17 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E70BE6DA-938C-446A-833E-E9EA10229F5A}\mpengine.dll
2014-05-27 04:07:42 -------- d-----w- C:\Users\Skip\AppData\Local\SearchProtect
2014-05-27 03:44:57 -------- d-----w- C:\Program Files\HitmanPro
2014-05-27 03:44:30 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-27 02:34:36 -------- d-----w- C:\Users\Skip\AppData\Roaming\DropboxMaster
2014-05-27 02:28:44 -------- d-----w- C:\NPE
2014-05-27 02:26:17 -------- d-----w- C:\Users\Skip\AppData\Local\CrashDumps
2014-05-27 02:25:00 -------- d-----w- C:\Users\Skip\AppData\Local\NPE
2014-05-27 02:25:00 -------- d-----w- C:\ProgramData\Norton
2014-05-22 06:12:10 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-21 06:12:38 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0F4025B-6F7F-4928-AE08-60C116601F6B}\gapaengine.dll
2014-05-16 16:27:07 -------- d-----w- C:\Program Files\iPod
2014-05-16 16:27:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 16:27:06 -------- d-----w- C:\Program Files\iTunes
2014-05-16 16:27:06 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-13 14:55:58 -------- d-sh--w- C:\Users\Skip\AppData\Local\EmieUserList
2014-05-13 14:55:58 -------- d-sh--w- C:\Users\Skip\AppData\Local\EmieSiteList
2014-05-13 06:35:50 -------- d-----w- C:\Users\Skip\AppData\Local\NVIDIA
2014-05-13 05:47:57 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-13 05:43:09 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-05-13 05:43:09 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-05-13 05:43:05 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-13 05:43:04 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-13 05:43:01 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-05-13 05:43:01 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-05-13 05:43:01 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-05-13 05:43:01 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-05-13 05:43:01 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-05-13 05:43:01 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-05-13 05:34:19 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-06 08:07:02 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 08:07:02 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-14 17:03:11 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 17:03:11 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-21 03:03:10 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-03-21 03:03:10 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-03-21 03:03:06 18302384 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-03-21 03:03:06 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-03-21 03:03:02 947808 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-03-21 03:03:02 832936 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-03-21 03:03:00 9690424 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-03-21 03:03:00 11589272 ----a-w- C:\Windows\System32\nvopencl.dll
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 20:43:00 112066720 ----a-w- C:\QW14PRM.exe
2014-03-04 20:41:55 111964312 ----a-w- C:\QW14HAB.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:58 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  2:45:00.71 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 PM

Posted 31 May 2014 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 tredgs

tredgs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 June 2014 - 09:52 PM

Logs follow.  Malwarebytes would not export or copy a text file to clipboard.  When I treid to export the "program stopped running" error message appeard and the program closed.  I copied the xml file from the program log and it appears first.  ADWCleaner and FRST and Addition logs follow.  Thanks again very much for your help:

 

2014/06/05 21:12:10 -0400 mbam-log-2014-06-05 (21-12-09).xml yes  2.00.2.1012 v2014.06.05.13 v2014.06.02.01 trial enabled enabled disabled  Windows 7 Service Pack 1 x64 Skip NTFS  threat completed 414714 1567 2 2 51 11 0 25 155 0  enabled enabled enabled enabled enabled disabled enabled enabled enabled  C:\Windows\SysWOW64\jmdp\stij.exePUP.Optional.InstallBrain.Adelete-on-reboot8988644e462dd5a61c1a60156ac807fd44bc C:\Windows\System32\dmwu.exeAdware.InstallBraindelete-on-reboot2128159d0d66fb80c076e688fdaa956e669a C:\Windows\SysWOW64\jmdp\lmrn.dllPUP.Optional.Sweetpacksdelete-on-reboot8c260073512ae551676cde471fe107f9 C:\Windows\SysWOW64\jmdp\lmrn.dllPUP.Optional.Sweetpacksdelete-on-reboot8c260073512ae551676cde471fe107f9 HKLM\SOFTWARE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}PUP.Optional.DefaultTab.Asuccessbaf85e15a8d3a195e7da73c9986a12ee HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}PUP.Optional.DefaultTab.Asuccessbaf85e15a8d3a195e7da73c9986a12ee HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}PUP.Optional.DefaultTab.Asuccesse9c95221a9d2e056a919b28a02003bc5 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}PUP.Optional.DefaultTab.Asuccesse9c95221a9d2e056a919b28a02003bc5 HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}PUP.Optional.Wajam.Asuccess4171175c3a41d660273e610fb05239c7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}PUP.Optional.Wajam.Asuccess4171175c3a41d660273e610fb05239c7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\CLASSES\Toolbar.CT3310511PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3310511PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5E6C03E0-D368-4690-8168-9848D4C0F587}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}PUP.Optional.SweetPacks.Asuccess823085ee6f0ced496cf43cfb2bd76e92 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserPUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowserPUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess05ade78cbebdbb7b727f0438ef132cd4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveXPUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveXPUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}PUP.Optional.DefaultTab.Asuccess139ff2814635e6509c27102c14ee44bc HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvcPUP.Optional.SearchProtect.Asuccess882aef844536bc7a7e422bac3bc828d8 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtectPUP.Optional.SearchProtect.Asuccess882aef844536bc7a7e422bac3bc828d8 HKLM\SOFTWARE\CLASSES\APPID\DefaultTabBHO.DLLPUP.Optional.DefaultTab.Asuccess1999fa79423967cf6b1ed0ea24de9b65 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DefaultTabBHO.DLLPUP.Optional.DefaultTab.Asuccess2c860d66b2c99c9af693dcde639fd52b HKLM\SOFTWARE\WOW6432NODE\SWEETIMPUP.Optional.SweetIM.Asuccess5a58264d6516c2746d1c2ca2d62d09f7 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterServiceAdware.InstallBrainsuccess159d0d66fb80c076e688fdaa956e669a HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTabPUP.Optional.DefaultTab.Asuccesscbe78fe44d2eaf8729648a30c042c43c HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGongPUP.Optional.PriceGong.Asuccess2d8582f1097278be3db8723f40c2ed13 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIMPUP.Optional.SweetIM.Asuccess9919d1a2fd7e95a14246e9e5857ef30d HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLTPUP.Optional.InstallBrain.Asuccesscce6472c9be09c9abef44391937045bb HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3310511PUP.Optional.Conduit.Asuccess248e4132b8c3e45266b3c5be2bd78a76 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNLTPUP.Optional.InstallBrain.Asuccess783a096a2457b086df5fd4af7e84bb45 HKU\S-1-5-21-658970193-1743035812-3977296091-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{7E8A1050-CF67-4575-92DF-DCC60E7D952D}PUP.Optional.SweetPacks.Asuccess

 

# AdwCleaner v3.212 - Report created 05/06/2014 at 22:26:06
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Skip - ASUS
# Running from : C:\Users\Skip\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : BCUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Skip\AppData\Local\Conduit
Folder Deleted : C:\Users\Skip\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Skip\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Skip\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Skip\AppData\LocalLow\SweetPacks
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Skip\AppData\LocalLow\SkwConfig.bin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BE2C570-B6ED-479E-A8F0-090CD6C2F00B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{520F950B-3DF7-4BD0-8EAD-3E37CF21ACC4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29327109647329539&ctid=CT3310511&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
 
*************************
 
AdwCleaner[R0].txt - [5058 octets] - [05/06/2014 22:22:17]
AdwCleaner[S0].txt - [5002 octets] - [05/06/2014 22:26:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5062 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Skip (administrator) on ASUS on 05-06-2014 22:38:56
Running from C:\Users\Skip\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ADP) C:\ADP\ESD\ESDSchedulerService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Global Graphics Software Ltd.) C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Global Graphics Software Ltd) C:\Windows\System32\CorelCreatorMessages.exe
(Akamai Technologies, Inc.) C:\Users\Skip\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Skip\AppData\Local\Akamai\netsession_win.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Skip\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec) C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CorelCreatorClient] => C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe [779776 2012-04-25] (Global Graphics Software Ltd.)
HKLM\...\Run: [Symantec System Recovery 2013] => C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe [4161352 2013-04-24] (Symantec Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe [13676040 2013-03-22] (D-Link Corporation)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-06-19] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-09-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-09-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Skip\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [GoogleChromeAutoLaunch_CB98C61ACD7011EAC15746256F8A2A95] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\S-1-5-21-658970193-1743035812-3977296091-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-01] (Siber Systems)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Skip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Skip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://besthomepageever.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB54DEEBEE2EACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKCU - {06BF30B4-FC3D-4742-B026-AD96489CDA40} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {3D55E5A9-E952-465F-8F10-197F686C9968} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://192.168.1.23:8080/VatDec.cab
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://www.mydlink.com/8D/activeX//camclictrl.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @D-Link.com/camclictrl - C:\Program Files (x86)\D-Link\Plugin\npCamCliCtrl.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Skip\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig
CHR StartupUrls: "hxxp://besthomepageever.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2013-11-01]
CHR Extension: (Google Drive) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-05]
CHR Extension: (Google Search) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-05]
CHR Extension: (Google Calendar) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-11]
CHR Extension: (Earth) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2013-01-05]
CHR Extension: (Autodesk Homestyler) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-12-07]
CHR Extension: (RoboForm Lite) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2013-01-05]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-08-12]
CHR Extension: (Bookmarks) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcgggmjhkegncpcaffddonfhpnfocdk [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-04-01]
CHR Extension: (Gmail) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-05]
CHR Extension: (RoboForm) - C:\Users\Skip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-23]
CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Skip\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Skip\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-23]
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd)
R2 ESDSchedulerService; C:\ADP\ESD\ESDSchedulerService.exe [20480 2009-09-30] (ADP)
S3 GenericMount Helper Service; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [1979384 2013-03-26] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Symantec System Recovery; C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [6287176 2013-04-24] (Symantec Corporation)
R3 SymTrackService; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe [2976736 2013-04-24] (Symantec)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
R2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-04-09] (Intel Corporation)
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2013-01-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2013-01-04] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [69208 2013-03-26] (Symantec Corporation)
R3 ICTDrv; C:\Windows\System32\DRIVERS\ICTDrv.sys [22488 2009-07-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-02] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 SSRFsF; C:\Windows\System32\DRIVERS\SSRFsF.sys [28152 2013-04-24] (Symantec)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [22104 2013-03-26] (Symantec Corporation)
R0 Vtrack; C:\Windows\System32\DRIVERS\VTrack.sys [350712 2013-04-24] (Symantec)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 22:38 - 2014-06-05 22:39 - 00033182 _____ () C:\Users\Skip\Downloads\FRST.txt
2014-06-05 22:38 - 2014-06-05 22:38 - 00000000 ____D () C:\FRST
2014-06-05 22:36 - 2014-06-05 22:36 - 00005819 _____ () C:\Users\Skip\Desktop\SkipJohnsonMalwarebytes.zip
2014-06-05 22:36 - 2014-06-05 22:36 - 00005162 _____ () C:\Users\Skip\Desktop\SkipJohnsonAdwCleaner[S0].txt
2014-06-05 22:36 - 2014-06-05 22:36 - 00001756 _____ () C:\Users\Skip\Desktop\SkipJohnsonAdwCleaner[S0].zip
2014-06-05 22:23 - 2014-06-05 22:23 - 02068992 _____ (Farbar) C:\Users\Skip\Downloads\FRST64.exe
2014-06-05 22:22 - 2014-06-05 22:26 - 00000000 ____D () C:\AdwCleaner
2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 22:21 - 2014-06-05 22:21 - 01333465 _____ () C:\Users\Skip\Downloads\AdwCleaner.exe
2014-06-05 21:59 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-05 21:59 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-05 21:59 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-05 21:59 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-05 21:59 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-05 21:59 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-05 21:51 - 2014-06-05 21:51 - 00052425 _____ () C:\Users\Skip\Desktop\Scan.xml
2014-06-05 21:11 - 2014-06-05 22:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 21:11 - 2014-06-05 22:26 - 00131072 ___HT () C:\Users\Skip\Desktop\~outlook.pst.tmp
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 21:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 21:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 21:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 21:08 - 2014-06-05 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Skip\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-04 10:41 - 2014-06-04 10:41 - 00000316 _____ () C:\Users\Skip\Downloads\BK_PENG_002340_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-04 10:41 - 2014-06-04 10:41 - 00000298 _____ () C:\Users\Skip\Downloads\BK_SANS_006722_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-04 10:41 - 2014-06-04 10:41 - 00000285 _____ () C:\Users\Skip\Downloads\BK_HACH_001602_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-03 17:50 - 2014-06-03 17:52 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6.4 - Hotfix 1
2014-06-03 13:46 - 2014-06-03 13:46 - 06896830 _____ () C:\Users\Skip\Desktop\XM-v5.5.8.build20991.bin
2014-06-03 11:15 - 2014-06-03 11:15 - 00201891 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_23.zip
2014-06-03 11:03 - 2014-06-03 11:08 - 00000000 ____D () C:\Users\Skip\Desktop\Week 23
2014-06-02 21:33 - 2014-06-03 12:19 - 00022810 _____ () C:\Users\Skip\Desktop\kingcrimsonbostonColonial.xlsx
2014-06-02 21:06 - 2014-06-03 12:35 - 00022485 _____ () C:\Users\Skip\Desktop\DylanPhiladelphia.xlsx
2014-06-02 21:03 - 2014-06-02 21:03 - 00022352 _____ () C:\Users\Skip\Desktop\Harry Connick Jr @ Verizon (weekday) Sent 4-1-13.xlsx
2014-06-02 16:56 - 2014-06-02 17:01 - 00000000 ____D () C:\Users\Skip\Desktop\SymantecSysRec
2014-06-01 15:36 - 2014-06-01 15:36 - 00029184 ___SH () C:\Users\Skip\Thumbs.db
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-01 15:25 - 2014-06-01 15:25 - 112616784 _____ (Apple Inc.) C:\Users\Skip\Downloads\iTunes64Setup (2).exe
2014-06-01 15:21 - 2014-06-01 15:21 - 00000302 _____ () C:\Users\Skip\Downloads\BK_RAND_003841_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-01 15:21 - 2014-06-01 15:21 - 00000286 _____ () C:\Users\Skip\Downloads\BK_PENG_002350_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-31 21:44 - 2014-05-31 21:50 - 850641832 _____ () C:\Users\Skip\Downloads\Sym_System_Recovery_2013_11.0.2.49853_English_Recovery_Disk.zip
2014-05-27 14:47 - 2014-05-27 14:47 - 00193893 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_22.zip
2014-05-27 13:37 - 2014-05-14 16:01 - 06893376 _____ () C:\Users\Skip\Desktop\SPVC32.dll
2014-05-27 13:27 - 2014-05-27 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 02:45 - 2014-05-27 02:45 - 00028830 _____ () C:\Users\Skip\Desktop\dds.txt
2014-05-27 02:45 - 2014-05-27 02:45 - 00022646 _____ () C:\Users\Skip\Desktop\attach.txt
2014-05-27 00:43 - 2014-05-27 04:06 - 00000000 ____D () C:\Users\Skip\Desktop\Backup
2014-05-26 23:44 - 2014-05-27 04:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-26 23:44 - 2014-05-26 23:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-26 23:09 - 2014-05-26 23:09 - 00000396 _____ () C:\ProgramData\SMRResults410.dat
2014-05-26 22:44 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-26 22:44 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-26 22:44 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-26 22:44 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-26 22:42 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-26 22:42 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-26 22:42 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-26 22:42 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-26 22:42 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-26 22:42 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-26 22:42 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-26 22:42 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-26 22:42 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-26 22:42 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-26 22:42 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-26 22:42 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-26 22:42 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-26 22:42 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-26 22:42 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-26 22:42 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-26 22:42 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-26 22:42 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-26 22:42 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-26 22:34 - 2014-06-05 22:31 - 00000000 ____D () C:\Users\Skip\AppData\Roaming\DropboxMaster
2014-05-26 22:28 - 2014-05-26 22:29 - 00000000 ____D () C:\NPE
2014-05-26 22:26 - 2014-06-05 22:18 - 00000000 ____D () C:\Users\Skip\AppData\Local\CrashDumps
2014-05-26 22:25 - 2014-05-26 23:06 - 00000000 ____D () C:\Users\Skip\AppData\Local\NPE
2014-05-26 22:25 - 2014-05-26 22:25 - 00000000 ____D () C:\ProgramData\Norton
2014-05-26 22:24 - 2014-05-26 22:24 - 03077584 ____N (Symantec Corporation) C:\Users\Skip\Downloads\NPE.exe
2014-05-26 21:07 - 2014-05-26 21:07 - 00012326 _____ () C:\Users\Skip\AppData\Local\ulimtofd
2014-05-26 21:06 - 2014-05-26 21:06 - 00068314 _____ () C:\Users\Skip\AppData\Local\igfmolkh
2014-05-26 21:04 - 2014-05-26 21:04 - 00000000 _____ () C:\Users\Skip\AppData\Roaming\SharedSettings.ccs
2014-05-19 16:19 - 2014-05-19 16:19 - 00210610 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_21.zip
2014-05-19 15:16 - 2014-05-19 15:28 - 00000000 ____D () C:\Users\Skip\Desktop\Week 20
2014-05-16 20:13 - 2014-05-16 20:13 - 00010933 _____ () C:\Users\Skip\Desktop\CellNums.xlsx
2014-05-16 12:42 - 2014-05-16 12:43 - 00000314 _____ () C:\Users\Skip\Downloads\BK_HARP_003931_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:43 - 00000312 _____ () C:\Users\Skip\Downloads\BK_RAND_003611_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:43 - 00000293 _____ () C:\Users\Skip\Downloads\BK_TANT_003215_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:42 - 00000296 _____ () C:\Users\Skip\Downloads\BK_ADBL_018080_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:42 - 00000289 _____ () C:\Users\Skip\Downloads\BK_ADBL_012860_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:36 - 2014-05-16 12:36 - 00000319 _____ () C:\Users\Skip\Downloads\BK_HACH_001598_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:36 - 2014-05-16 12:36 - 00000315 _____ () C:\Users\Skip\Downloads\BK_AREN_001767_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:28 - 2014-05-16 12:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-13 19:09 - 2014-05-13 19:09 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v2-2.0.3.4.img
2014-05-13 19:05 - 2014-05-13 19:05 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v1_ver1.3.3.6.img
2014-05-13 19:03 - 2014-05-13 19:03 - 11316251 _____ () C:\Users\Skip\Desktop\RVS4000_Firmware_Upgrade_Utility_v1.3.zip
2014-05-13 18:53 - 2014-05-13 18:52 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v1_ver1.3.3.6 (1).img
2014-05-13 18:47 - 2014-05-13 18:47 - 00013603 _____ () C:\Users\Skip\Downloads\Routercfg.cfg
2014-05-13 10:55 - 2014-05-13 10:55 - 00000000 __SHD () C:\Users\Skip\AppData\Local\EmieUserList
2014-05-13 10:55 - 2014-05-13 10:55 - 00000000 __SHD () C:\Users\Skip\AppData\Local\EmieSiteList
2014-05-13 02:36 - 2014-05-13 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-13 02:35 - 2014-05-13 02:35 - 00000000 ____D () C:\Users\Skip\AppData\Local\NVIDIA
2014-05-13 02:01 - 2014-05-13 02:01 - 01191392 _____ () C:\Windows\Minidump\051314-40934-01.dmp
2014-05-13 01:47 - 2014-06-05 22:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-13 01:43 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-13 01:43 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-13 01:43 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-13 01:43 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-13 01:42 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-13 01:42 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-13 01:42 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-13 01:42 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-13 01:42 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-13 01:42 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-13 01:42 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-13 01:42 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-13 01:42 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-13 01:42 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-13 01:42 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-13 01:42 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-13 01:42 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-13 01:42 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-13 01:42 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-13 01:42 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-13 01:42 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-13 01:42 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-13 01:42 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-13 01:42 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-13 01:42 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-13 01:42 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-13 01:42 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-13 01:42 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-13 01:42 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-13 01:42 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-13 01:42 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-13 01:42 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-13 01:42 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-13 01:42 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-13 01:42 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-13 01:42 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-13 01:42 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-13 01:42 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-13 01:42 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-13 01:42 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-13 01:42 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-13 01:42 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-13 01:42 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-13 01:42 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-13 01:34 - 2014-03-04 07:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-12 16:34 - 2014-05-12 16:34 - 00207249 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_20.zip
2014-05-12 12:43 - 2014-05-12 16:22 - 00000000 ____D () C:\Users\Skip\Desktop\Week 19
2014-05-06 13:00 - 2014-05-06 13:00 - 00003993 _____ () C:\Users\Skip\Downloads\Checking2 (1).csv
2014-05-06 12:59 - 2014-05-06 12:59 - 00003993 _____ () C:\Users\Skip\Downloads\Checking2.csv
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 22:39 - 2014-06-05 22:38 - 00033182 _____ () C:\Users\Skip\Downloads\FRST.txt
2014-06-05 22:39 - 2013-01-04 20:42 - 00000000 ____D () C:\Users\Skip\AppData\Local\Temp
2014-06-05 22:38 - 2014-06-05 22:38 - 00000000 ____D () C:\FRST
2014-06-05 22:37 - 2009-07-14 00:45 - 00021920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 22:37 - 2009-07-14 00:45 - 00021920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 22:36 - 2014-06-05 22:36 - 00005819 _____ () C:\Users\Skip\Desktop\SkipJohnsonMalwarebytes.zip
2014-06-05 22:36 - 2014-06-05 22:36 - 00005162 _____ () C:\Users\Skip\Desktop\SkipJohnsonAdwCleaner[S0].txt
2014-06-05 22:36 - 2014-06-05 22:36 - 00001756 _____ () C:\Users\Skip\Desktop\SkipJohnsonAdwCleaner[S0].zip
2014-06-05 22:34 - 2009-07-14 01:13 - 00006530 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 22:33 - 2013-01-04 23:32 - 01185692 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 22:32 - 2013-01-14 16:25 - 00000000 ____D () C:\Users\Skip\AppData\Roaming\Dropbox
2014-06-05 22:31 - 2014-05-26 22:34 - 00000000 ____D () C:\Users\Skip\AppData\Roaming\DropboxMaster
2014-06-05 22:31 - 2013-01-14 16:28 - 00000000 ___RD () C:\Users\Skip\Dropbox
2014-06-05 22:29 - 2014-06-05 21:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 22:29 - 2013-04-21 14:00 - 00000000 ____D () C:\Users\Skip\AppData\Local\Eye-Fi
2014-06-05 22:29 - 2013-01-05 19:24 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 22:28 - 2013-11-02 22:29 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-06-05 22:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 22:27 - 2013-01-04 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 22:27 - 2010-11-20 23:47 - 00347610 _____ () C:\Windows\PFRO.log
2014-06-05 22:27 - 2009-07-14 00:51 - 00041834 _____ () C:\Windows\setupact.log
2014-06-05 22:26 - 2014-06-05 22:22 - 00000000 ____D () C:\AdwCleaner
2014-06-05 22:26 - 2014-06-05 21:11 - 00131072 ___HT () C:\Users\Skip\Desktop\~outlook.pst.tmp
2014-06-05 22:26 - 2014-03-24 19:48 - 1996080128 _____ () C:\Users\Skip\Desktop\outlook.pst
2014-06-05 22:23 - 2014-06-05 22:23 - 02068992 _____ (Farbar) C:\Users\Skip\Downloads\FRST64.exe
2014-06-05 22:21 - 2014-06-05 22:21 - 01333465 _____ () C:\Users\Skip\Downloads\AdwCleaner.exe
2014-06-05 22:19 - 2013-01-05 19:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 22:18 - 2014-05-26 22:26 - 00000000 ____D () C:\Users\Skip\AppData\Local\CrashDumps
2014-06-05 22:08 - 2013-01-04 20:43 - 00000000 ___RD () C:\Users\Skip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-05 22:08 - 2013-01-04 20:43 - 00000000 ___RD () C:\Users\Skip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-05 22:07 - 2013-10-04 11:00 - 00000884 __RSH () C:\Users\Skip\ntuser.pol
2014-06-05 22:07 - 2013-01-04 20:42 - 00000000 ____D () C:\Users\Skip
2014-06-05 22:02 - 2014-05-13 01:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-05 22:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-05 21:59 - 2013-01-05 00:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-05 21:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-05 21:51 - 2014-06-05 21:51 - 00052425 _____ () C:\Users\Skip\Desktop\Scan.xml
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 21:08 - 2014-06-05 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Skip\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-05 21:02 - 2014-01-07 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 12:29 - 2013-05-22 15:04 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-06-05 07:13 - 2013-11-03 00:06 - 00000000 __SHD () C:\.VTrack
2014-06-04 10:41 - 2014-06-04 10:41 - 00000316 _____ () C:\Users\Skip\Downloads\BK_PENG_002340_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-04 10:41 - 2014-06-04 10:41 - 00000298 _____ () C:\Users\Skip\Downloads\BK_SANS_006722_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-04 10:41 - 2014-06-04 10:41 - 00000285 _____ () C:\Users\Skip\Downloads\BK_HACH_001602_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-03 17:52 - 2014-06-03 17:50 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6.4 - Hotfix 1
2014-06-03 17:52 - 2013-04-09 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2014-06-03 17:49 - 2013-01-04 22:32 - 00000000 ____D () C:\Users\Skip\Documents\BETTE
2014-06-03 15:45 - 2013-01-04 22:32 - 00000000 ____D () C:\Users\Skip\Documents\Bette04
2014-06-03 13:46 - 2014-06-03 13:46 - 06896830 _____ () C:\Users\Skip\Desktop\XM-v5.5.8.build20991.bin
2014-06-03 12:35 - 2014-06-02 21:06 - 00022485 _____ () C:\Users\Skip\Desktop\DylanPhiladelphia.xlsx
2014-06-03 12:19 - 2014-06-02 21:33 - 00022810 _____ () C:\Users\Skip\Desktop\kingcrimsonbostonColonial.xlsx
2014-06-03 11:15 - 2014-06-03 11:15 - 00201891 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_23.zip
2014-06-03 11:08 - 2014-06-03 11:03 - 00000000 ____D () C:\Users\Skip\Desktop\Week 23
2014-06-02 21:06 - 2013-04-29 22:53 - 00000000 ____D () C:\Users\Skip\Desktop\RascalsDeals
2014-06-02 21:03 - 2014-06-02 21:03 - 00022352 _____ () C:\Users\Skip\Desktop\Harry Connick Jr @ Verizon (weekday) Sent 4-1-13.xlsx
2014-06-02 17:01 - 2014-06-02 16:56 - 00000000 ____D () C:\Users\Skip\Desktop\SymantecSysRec
2014-06-01 15:41 - 2013-01-05 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-06-01 15:36 - 2014-06-01 15:36 - 00029184 ___SH () C:\Users\Skip\Thumbs.db
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 15:33 - 2014-06-01 15:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-01 15:25 - 2014-06-01 15:25 - 112616784 _____ (Apple Inc.) C:\Users\Skip\Downloads\iTunes64Setup (2).exe
2014-06-01 15:21 - 2014-06-01 15:21 - 00000302 _____ () C:\Users\Skip\Downloads\BK_RAND_003841_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-06-01 15:21 - 2014-06-01 15:21 - 00000286 _____ () C:\Users\Skip\Downloads\BK_PENG_002350_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-31 21:50 - 2014-05-31 21:44 - 850641832 _____ () C:\Users\Skip\Downloads\Sym_System_Recovery_2013_11.0.2.49853_English_Recovery_Disk.zip
2014-05-27 17:40 - 2013-01-07 20:10 - 00000000 _____ () C:\Users\Skip\Documents\06
2014-05-27 17:22 - 2013-01-07 19:51 - 00000000 _____ () C:\Users\Skip\Documents\02
2014-05-27 14:47 - 2014-05-27 14:47 - 00193893 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_22.zip
2014-05-27 13:27 - 2014-05-27 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 13:26 - 2013-01-05 19:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-27 04:21 - 2014-05-26 23:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-27 04:21 - 2013-12-30 17:17 - 00000000 ____D () C:\Users\Skip\AppData\Local\Akamai
2014-05-27 04:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-27 04:06 - 2014-05-27 00:43 - 00000000 ____D () C:\Users\Skip\Desktop\Backup
2014-05-27 02:45 - 2014-05-27 02:45 - 00028830 _____ () C:\Users\Skip\Desktop\dds.txt
2014-05-27 02:45 - 2014-05-27 02:45 - 00022646 _____ () C:\Users\Skip\Desktop\attach.txt
2014-05-27 02:16 - 2013-01-04 22:37 - 00216064 ___SH () C:\Users\Skip\Documents\Thumbs.db
2014-05-27 01:27 - 2013-02-25 17:29 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-05-26 23:44 - 2014-05-26 23:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-26 23:09 - 2014-05-26 23:09 - 00000396 _____ () C:\ProgramData\SMRResults410.dat
2014-05-26 23:06 - 2014-05-26 22:25 - 00000000 ____D () C:\Users\Skip\AppData\Local\NPE
2014-05-26 22:34 - 2013-01-14 16:26 - 00000000 ____D () C:\Users\Skip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 22:29 - 2014-05-26 22:28 - 00000000 ____D () C:\NPE
2014-05-26 22:25 - 2014-05-26 22:25 - 00000000 ____D () C:\ProgramData\Norton
2014-05-26 22:24 - 2014-05-26 22:24 - 03077584 ____N (Symantec Corporation) C:\Users\Skip\Downloads\NPE.exe
2014-05-26 21:57 - 2013-01-09 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADP Software
2014-05-26 21:57 - 2013-01-05 00:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 21:57 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-26 21:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-26 21:48 - 2014-02-03 17:20 - 00000000 ____D () C:\Users\Skip\Desktop\Week 5
2014-05-26 21:20 - 2013-09-18 17:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-26 21:07 - 2014-05-26 21:07 - 00012326 _____ () C:\Users\Skip\AppData\Local\ulimtofd
2014-05-26 21:06 - 2014-05-26 21:06 - 00068314 _____ () C:\Users\Skip\AppData\Local\igfmolkh
2014-05-26 21:04 - 2014-05-26 21:04 - 00000000 _____ () C:\Users\Skip\AppData\Roaming\SharedSettings.ccs
2014-05-20 23:50 - 2013-01-07 18:52 - 00000000 ____D () C:\Users\Skip\AppData\Local\Lookeen
2014-05-19 16:19 - 2014-05-19 16:19 - 00210610 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_21.zip
2014-05-19 16:12 - 2014-04-21 12:20 - 00000000 ____D () C:\Users\Skip\Desktop\Week 16
2014-05-19 15:28 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Skip\Desktop\Week 20
2014-05-16 20:13 - 2014-05-16 20:13 - 00010933 _____ () C:\Users\Skip\Desktop\CellNums.xlsx
2014-05-16 12:43 - 2014-05-16 12:42 - 00000314 _____ () C:\Users\Skip\Downloads\BK_HARP_003931_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:43 - 2014-05-16 12:42 - 00000312 _____ () C:\Users\Skip\Downloads\BK_RAND_003611_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:43 - 2014-05-16 12:42 - 00000293 _____ () C:\Users\Skip\Downloads\BK_TANT_003215_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:42 - 00000296 _____ () C:\Users\Skip\Downloads\BK_ADBL_018080_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:42 - 2014-05-16 12:42 - 00000289 _____ () C:\Users\Skip\Downloads\BK_ADBL_012860_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:36 - 2014-05-16 12:36 - 00000319 _____ () C:\Users\Skip\Downloads\BK_HACH_001598_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:36 - 2014-05-16 12:36 - 00000315 _____ () C:\Users\Skip\Downloads\BK_AREN_001767_LC_64_22050_ster_APGBB4URAMLYJ.adh
2014-05-16 12:28 - 2014-05-16 12:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-14 16:01 - 2014-05-27 13:37 - 06893376 _____ () C:\Users\Skip\Desktop\SPVC32.dll
2014-05-14 13:03 - 2014-01-07 11:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 13:03 - 2013-01-07 10:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 13:03 - 2013-01-07 10:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 19:09 - 2014-05-13 19:09 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v2-2.0.3.4.img
2014-05-13 19:05 - 2014-05-13 19:05 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v1_ver1.3.3.6.img
2014-05-13 19:03 - 2014-05-13 19:03 - 11316251 _____ () C:\Users\Skip\Desktop\RVS4000_Firmware_Upgrade_Utility_v1.3.zip
2014-05-13 18:52 - 2014-05-13 18:53 - 08389120 _____ () C:\Users\Skip\Desktop\RVS4000v1_ver1.3.3.6 (1).img
2014-05-13 18:47 - 2014-05-13 18:47 - 00013603 _____ () C:\Users\Skip\Downloads\Routercfg.cfg
2014-05-13 15:31 - 2013-01-04 21:32 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-05-13 10:55 - 2014-05-13 10:55 - 00000000 __SHD () C:\Users\Skip\AppData\Local\EmieUserList
2014-05-13 10:55 - 2014-05-13 10:55 - 00000000 __SHD () C:\Users\Skip\AppData\Local\EmieSiteList
2014-05-13 03:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-13 02:36 - 2014-05-13 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-13 02:35 - 2014-05-13 02:35 - 00000000 ____D () C:\Users\Skip\AppData\Local\NVIDIA
2014-05-13 02:35 - 2013-04-21 14:00 - 00000000 ____D () C:\Users\Skip\AppData\Roaming\Eye-Fi
2014-05-13 02:01 - 2014-05-13 02:01 - 01191392 _____ () C:\Windows\Minidump\051314-40934-01.dmp
2014-05-13 02:01 - 2013-10-05 16:55 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 02:00 - 2013-10-05 16:55 - 922050561 _____ () C:\Windows\MEMORY.DMP
2014-05-13 01:42 - 2013-01-04 23:15 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-05-13 01:42 - 2013-01-04 23:12 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-13 01:42 - 2013-01-04 23:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-13 01:42 - 2013-01-04 23:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-13 01:34 - 2013-01-04 21:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-13 01:34 - 2013-01-04 21:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-13 00:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 16:34 - 2014-05-12 16:34 - 00207249 _____ () C:\Users\Skip\Downloads\PR_PreviewResults_UK6_20.zip
2014-05-12 16:22 - 2014-05-12 12:43 - 00000000 ____D () C:\Users\Skip\Desktop\Week 19
2014-05-12 07:26 - 2014-06-05 21:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 21:10 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 21:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 16:24 - 2013-01-04 22:37 - 00000000 _____ () C:\Users\Skip\Documents\eFax_4_4_Port
2014-05-09 02:14 - 2014-05-26 22:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:14 - 2013-01-05 19:24 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 02:14 - 2013-01-05 19:24 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 02:11 - 2014-05-26 22:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 13:00 - 2014-05-06 13:00 - 00003993 _____ () C:\Users\Skip\Downloads\Checking2 (1).csv
2014-05-06 12:59 - 2014-05-06 12:59 - 00003993 _____ () C:\Users\Skip\Downloads\Checking2.csv
2014-05-06 00:40 - 2014-06-05 21:59 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-06-05 21:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
 
Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat
C:\Users\Skip\gotomypc_540.exe
 
 
Some content of TEMP:
====================
C:\Users\Skip\AppData\Local\Temp\Abspdf.exe
C:\Users\Skip\AppData\Local\Temp\AcDeltree.exe
C:\Users\Skip\AppData\Local\Temp\acfpdfu.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfui.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Skip\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Skip\AppData\Local\Temp\cdintf.dll
C:\Users\Skip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnttmec.dll
C:\Users\Skip\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\nvStInst.exe
C:\Users\Skip\AppData\Local\Temp\ose00000.exe
C:\Users\Skip\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Skip\AppData\Local\Temp\Quarantine.exe
C:\Users\Skip\AppData\Local\Temp\SunWin32FunctionCalls_762420.dll
C:\Users\Skip\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Skip\AppData\Local\Temp\xmllite.dll
C:\Users\Skip\AppData\Local\Temp\_is45B8.exe
C:\Users\Skip\AppData\Local\Temp\_is4EB4.exe
C:\Users\Skip\AppData\Local\Temp\_is9433.exe
C:\Users\Skip\AppData\Local\Temp\_isC2BA.exe
C:\Users\Skip\AppData\Local\Temp\_isEBE6.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 00:46
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Skip at 2014-06-05 22:39:28
Running from C:\Users\Skip\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.02 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{936FA6E0-8A87-4A03-8004-138AB7A97637}) (Version: 8.0.0.16 - ArcSoft, Inc.)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{AD944121-0484-4F0E-B4E8-920463A4DC5C}) (Version: 1.1.1.36 - ArcSoft)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamCliCtrl (HKLM-x32\...\{3C7028F8-DF4A-4FA5-90F8-F0FAEC271653}) (Version: 1.0.7303 - D-Link)
Canon D1300/MF6700 (HKLM\...\{DC61FFB7-A6FE-4237-B836-EDE8CA85B5AE}) (Version: 3.9.0.0 - CANON INC.)
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Centra Client (HKLM-x32\...\CentraClient) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.1.4 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.0.1.4 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.0.1.4 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
Corel PDF Fusion (HKLM\...\{7D93C785-B8CD-4B29-BBAA-8D28E30A5910}) (Version: 1.11.0000 - Corel Corporation)
Corel PDF Fusion Add-ins (HKLM-x32\...\{41635206-C6D5-4AEF-BCD6-CEDBC5BDD336}) (Version: 1.11.0 - Corel Corporation)
CorelCAD (HKLM-x32\...\{5A5A9E20-A613-4acd-9417-98A04B484BC6}) (Version: 11.4.209 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.7 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.1.1281 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.7 - Corel Corporation) Hidden
Crystal Reports XI Release 2 .NET 2005 Server (HKLM-x32\...\{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}) (Version: 11.5.0.0 - Business Objects)
Device Pack (HKLM-x32\...\{D54D4A22-4382-4485-92DF-00C39F123E87}) (Version: 1.4.10 - D-Link)
D-Link D-ViewCam (HKLM-x32\...\{440E9F90-0619-4E84-8226-65AD5073AD24}) (Version: 3.5.0 - D-Link)
Document Express DjVu Plug-in (HKLM-x32\...\{02AAA6D6-B139-4B3E-B40F-927BA60E4B91}) (Version: 6.1.31831 - Caminova, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.00.0000 - SEIKO EPSON Corp.)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
GEAR ISO Burn (HKLM-x32\...\{0B1E89DA-AFE7-497D-ACE7-8FE68A78E2B6}) (Version: 1.7.1.0 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{260BCAC0-8BF7-40E2-92C1-7B106FD1116B}) (Version: 8.1.1337 - Citrix Online)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Print View Software (HKLM\...\{1E95102E-27A4-416F-A9D1-308C9603F14A}) (Version: 3.0.0.0 - Hewlett-Packard)
HP Print View Software (HKLM-x32\...\HP Marketing Resources) (Version:  - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel Extreme Tuning Utility 2.0.143.16 (HKLM-x32\...\{72B59E5A-CF45-4528-8227-7EDF5EC772BE}) (Version: 2.0.143.16 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® SMBus (HKLM\...\SMBus) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISIS Drivers (HKLM-x32\...\{7C4A09A7-C641-4330-95B5-23F64DDEE1C2}) (Version: 1.00.0000 - EMC Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Lookeen version 8.3.1.5156 (HKLM-x32\...\6D7E910F-716D-41E2-98A4-29691C352C1A_is1) (Version: 8.3.1.5156 - Axonic)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Online Plug-in (x32 Version: 14.0.1.4 - Citrix Systems, Inc.) Hidden
PC/Payroll (HKLM-x32\...\{91A57240-6526-47CF-8B2A-B00CF290C6BA}) (Version: 06.50.07 - ADP)
QuickBooks (x32 Version: 23.0.4010.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2013 (HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4008.2305 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.2.22 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RoboForm 7-9-7-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
Self-service Plug-in (x32 Version: 4.0.1.41859 - Citrix Systems, Inc.) Hidden
StreetSmart Edge (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.21.28.0 - Schwab)
Symantec System Recovery 2013 (HKLM\...\Symantec System Recovery 2013) (Version: 11.0.1.47662 - Symantec Corporation)
Symantec System Recovery 2013 (Version: 11.0.1.47662 - Symantec Corporation) Hidden
Tradelog (HKLM-x32\...\TradeLog_is1) (Version: 13 - Armen Computing Ltd.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinBizFedFormset (x32 Version: 012.000.1148 - Intuit Inc.) Hidden
TurboTax 2012 WinBizReleaseEngine (x32 Version: 012.000.0402 - Intuit Inc.) Hidden
TurboTax 2012 WinBizTaxSupport (x32 Version: 012.000.1137 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wpaiper (x32 Version: 012.000.1356 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wpaiper (x32 Version: 013.000.1320 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
WorkForce Pro GT-S50 Scanner Driver Update (HKLM-x32\...\{2DF68708-8E2E-4A96-9773-FEB8F19E902E}) (Version:  - )
Xtend (HKLM-x32\...\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1) (Version: 3.0 - UNKNOWN)
Xtend (x32 Version: 3.0 - UNKNOWN) Hidden
 
==================== Restore Points  =========================
 
31-05-2014 15:15:30 Windows Backup
31-05-2014 15:26:03 Windows Update
01-06-2014 19:31:58 Installed iTunes
04-06-2014 15:26:32 Windows Update
06-06-2014 01:54:04 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4179203E-A07E-4A33-8AB1-A1918CB905B3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-06-01] (Siber Systems)
Task: {58A58BCA-AA91-41BA-95C9-9B9F33F2FFBA} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2010-12-13] (Microsoft Corporation)
Task: {86AD8A72-B4EC-4B7A-A10A-9CAE99B29DFF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {A0282A13-914B-42EE-B18B-BF8A2BE00CF4} - System32\Tasks\Western Digital\SmartWare\____Volume_35458d96_56e8_11e2_81ab_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93b0c26_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-02-28] (Western Digital Technologies, Inc.)
Task: {C8CEB011-EE84-4DCE-AC9B-5FFC80DB4F09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: {CBC599B4-15B2-4E61-ACE4-EDF164CF31F3} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {D78D9F18-FC3A-497C-84D8-84090ACED899} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E141C860-D816-4DAB-8380-8B2ACB3D1210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-25 10:48 - 2012-04-25 10:48 - 00146432 _____ () C:\Windows\System32\corelcreatorpm.dll
2013-05-22 15:00 - 2011-04-11 01:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2013-05-22 15:00 - 2013-03-18 10:16 - 01353728 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spe__du.dll
2013-01-04 21:32 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 00:19 - 2011-09-15 00:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2014-05-27 13:27 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-27 13:27 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2013-05-18 00:11 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-05-18 00:11 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2013-01-05 19:19 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2013-01-05 19:19 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-05-27 13:27 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-27 13:27 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-27 13:27 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-06-05 22:30 - 2014-06-05 22:30 - 00043008 _____ () c:\users\skip\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnttmec.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Skip\AppData\Roaming\Dropbox\bin\libcef.dll
2010-04-09 18:03 - 2010-04-09 18:03 - 00089864 _____ () C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\ChipsetAccess.dll
2010-04-09 18:04 - 2010-04-09 18:04 - 00032008 _____ () C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneAppMutex.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Skip\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/05/2014 10:34:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/05/2014 10:34:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/05/2014 10:28:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2014 10:18:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1d6c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/05/2014 10:17:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1f54f710
Faulting process id: 0x1d6c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/05/2014 10:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x11ac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/05/2014 10:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1284
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/05/2014 10:11:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/05/2014 10:11:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/05/2014 10:05:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/03/2014 00:41:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (06/03/2014 00:41:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (06/01/2014 03:23:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (06/01/2014 00:20:32 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:20:30 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:20:28 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:20:26 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:20:24 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:20:22 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
Error: (06/01/2014 00:19:51 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.
 
 
Microsoft Office Sessions:
=========================
Error: (05/27/2014 07:27:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13779 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (05/19/2014 03:58:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 330930 seconds with 2640 seconds of active time.  This session ended with a crash.
 
Error: (05/08/2014 04:02:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 472573 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error: (03/20/2013 03:33:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2898 seconds with 2460 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-26 23:25:32.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 8183.11 MB
Available physical RAM: 5596.95 MB
Total Pagefile: 16364.41 MB
Available Pagefile: 13556.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:631.55 GB) NTFS
Drive e: (041121_1551) (CDROM) (Total:1.93 GB) (Free:0 GB) UDF
Drive w: (MyComputers) (Network) (Total:931.2 GB) (Free:96.2 GB) NTFS
Drive x: (TimeMachineBackup) (Network) (Total:2746.24 GB) (Free:1087.42 GB) NTFS
Drive z: (FamilyLibrary) (Network) (Total:931.2 GB) (Free:96.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6E2756BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 PM

Posted 06 June 2014 - 09:27 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKCU - {3D55E5A9-E952-465F-8F10-197F686C9968} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {F7BDD2B5-4825-4BFE-993C-B560335FFE2A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN29092481801941723&UM=2
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Skip\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Skip\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-04]
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [X]
C:\Users\Skip\AppData\Local\Temp\Abspdf.exe
C:\Users\Skip\AppData\Local\Temp\AcDeltree.exe
C:\Users\Skip\AppData\Local\Temp\acfpdfu.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfui.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Skip\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Skip\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Skip\AppData\Local\Temp\cdintf.dll
C:\Users\Skip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnttmec.dll
C:\Users\Skip\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Skip\AppData\Local\Temp\nvStInst.exe
C:\Users\Skip\AppData\Local\Temp\ose00000.exe
C:\Users\Skip\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Skip\AppData\Local\Temp\SunWin32FunctionCalls_762420.dll
C:\Users\Skip\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Skip\AppData\Local\Temp\xmllite.dll
C:\Users\Skip\AppData\Local\Temp\_is45B8.exe
C:\Users\Skip\AppData\Local\Temp\_is4EB4.exe
C:\Users\Skip\AppData\Local\Temp\_is9433.exe
C:\Users\Skip\AppData\Local\Temp\_isC2BA.exe
C:\Users\Skip\AppData\Local\Temp\_isEBE6.exe

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 PM

Posted 12 June 2014 - 09:13 AM

Are you still with me?

#6 tredgs

tredgs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 12 June 2014 - 05:48 PM

Sorry.  Got sent out of town for a few days and just back.  Will take the next step ASAP.  Your help and patience are much appreciated.

s



#7 tredgs

tredgs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 June 2014 - 08:50 PM

I think I am OK.  Still might have a bot resending that original email that messed me up, as I am getting occasional returns on non-valid email addressed, but only about 6 of those so far.

I will likely wipe the drive now and reinstall now that I have access.  Thank you so very much for your help:

 

 Results of screen317's Security Check version 0.99.84 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60 
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114 
 Google Chrome 35.0.1916.153 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 PM

Posted 18 June 2014 - 07:48 AM

Your Security Check log is clean.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 PM

Posted 24 June 2014 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users