Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Win32.Generic!BT


  • This topic is locked This topic is locked
12 replies to this topic

#1 TARDIS_Blue_Box

TARDIS_Blue_Box

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oak Lawn, IL
  • Local time:02:51 AM

Posted 30 June 2014 - 04:03 PM

NOTE: I have Windows 8.1, so I couldn't install DDS; I used FRST.

I am infected with Trojan.Win32.Generic!BT and I don't know how to get rid of it. VIPRE found it today in a deep scan, and I saw that it has 55 instances of MyWebSearch that I think that this Trojan has possibly installed. I also noticed that VIPRE blocked another Trojan, $RAT83FN.exe, and I think it might be affiliated with the main Trojan as well. Also, some apps don't open anymore. Has the Trojan blocked them? Anyway, here is the FRST log and the Additional log: 

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Julie (administrator) on HOUSEPC on 30-06-2014 15:36:13
Running from C:\Users\Julie\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Spigot, Inc.) C:\Users\Julie\AppData\Roaming\Search Protection\SearchProtection.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\sbamui.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\mantle.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe
(Runtime Software) C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [655256 2012-08-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124256 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-23] (APN)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-08-30] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [InboxAce EPM Support] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe [12872 2013-12-27] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [InboxAce_1g Browser Plugin Loader 64] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon64.exe [71752 2013-12-27] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-03-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-24] ()
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [SkyDrive] => C:\Users\Julie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251080 2014-06-21] (Microsoft Corporation)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [SearchProtection] => C:\Users\Julie\AppData\Roaming\Search Protection\SearchProtection.EXE [847208 2014-06-18] (Spigot, Inc.)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-27] (Google Inc.)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-363602582-4152972005-2857896535-1001\...\Run: [GoogleChromeAutoLaunch_4C888888355C9F9814E291B620236A57] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zabaware Reader Startup.lnk
ShortcutTarget: Zabaware Reader Startup.lnk -> C:\Program Files (x86)\Zabaware\Reader 2\ZabaReader.exe (Zabaware, Inc.)
Startup: C:\Users\dalek_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM - {B0A58ED4-2718-4501-9A56-D52D435B129D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=9228B06F-635F-452D-BFB5-A037EF0AD461&psa=&ind=2013122716&st=sb&n=77fdd09c&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {B0A58ED4-2718-4501-9A56-D52D435B129D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKCU - DefaultScope {77CD7B0B-A144-4373-AFBA-023F41057B52} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {3E3EB4C0-1230-42ED-900F-7D2CF08C8D96} URL = http://www.weather.com/search/enhanced?where={searchTerms}
SearchScopes: HKCU - {7186EB69-3966-4F11-8D34-AFDA24BC17A5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {77CD7B0B-A144-4373-AFBA-023F41057B52} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=9228B06F-635F-452D-BFB5-A037EF0AD461&psa=&ind=2013122716&st=sb&n=77fdd09c&searchfor={searchTerms}
SearchScopes: HKCU - {99395553-B87B-4A7E-AD09-4AB015EBDBA4} URL = http://search.aol.com/aol/search?invocationType=searchbox.webhome&query={searchTerms}
SearchScopes: HKCU - {AF77AE9E-1F1F-4CE4-B285-8A8B0DD435FA} URL = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
SearchScopes: HKCU - {B0A58ED4-2718-4501-9A56-D52D435B129D} URL =
SearchScopes: HKCU - {B546CFC7-C2F4-4699-8B4D-842A85C646B3} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.0.1.100&o=APN10614&tpid=ORJ-V7&apn_uid=4C9559EB-DA66-4A74-99CE-A5F89D30A79A&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_10.0.9200.16688&doi=2013-09-23&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {C5D54FAD-F10B-430B-95EF-21EE359331FC} URL = http://windows.microsoft.com/en-us/windows/search#q={searchTerms}
SearchScopes: HKCU - {CD4724B5-3063-4F8F-B72D-7DE3CB7B6E08} URL = http://www.microsoft.com/windows/compatibility/windows-7/en-us/Search.aspx?type=Hardware&s={searchTerms}
SearchScopes: HKCU - {D1E4AD42-0A24-48C5-951D-3168BF830D1C} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=6ee204270000000000001a54b20e48a4&affilt=3&r=62
SearchScopes: HKCU - {D2898CDA-E981-4AEF-BAE5-3BFC1E6E2D2F} URL = http://www.logitech.com/search/?q={searchTerms}
SearchScopes: HKCU - {F8CAC1DC-8731-495D-9F66-92EE339C0F10} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll No File
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @InboxAce_1g.com/Plugin - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll (Mindspark)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Julie\AppData\Local\Roblox\Versions\version-3942446d46db45f5\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Julie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\yahoo_ff.xml
FF Extension: hosts - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com [2013-11-14]
FF Extension: InboxAce - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-08]
FF Extension: Yahoo! Toolbar - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.ividi.org/?src=tbhp&id=6ee204270000000000001a54b20e48a4&affilt=3"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=586383&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Minifig Vacation at Grand Canyon) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfglfdhceokjpekmnldkoielcaanmda [2014-04-23]
CHR Extension: (Angry Birds) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-08-09]
CHR Extension: (TV) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-08-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-30]
CHR Extension: (Fruit Ninja HD) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceieijcdaiaaflfpnfbeclgnfbhglkde [2013-08-09]
CHR Extension: (Google Search) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-30]
CHR Extension: (Google+) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-08-09]
CHR Extension: (Tumblr app) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeefligecodgoenjgcjjijpicehokkpg [2013-08-09]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-01-23]
CHR Extension: (Email Game) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2013-08-09]
CHR Extension: (Gmail Offline) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-08-09]
CHR Extension: (White Noise) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip [2013-08-09]
CHR Extension: (Gangnam Style Game) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbdhcafljkcahgefanhpdahdnpfkaok [2013-08-09]
CHR Extension: (Causality Games) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2013-08-09]
CHR Extension: (3D Bowling ) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-08-09]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-08-09]
CHR Extension: (Cut the Rope) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-08-09]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-08-09]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-08-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-08-09]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-08-09]
CHR Extension: (Cloze - Keep Tabs on Contacts) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\imlbbglginccpmlaekkdnleoachjadka [2013-08-09]
CHR Extension: (SoundCloud) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-08-09]
CHR Extension: (My Browser Page) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-08-09]
CHR Extension: (Hangouts call) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk [2013-08-09]
CHR Extension: (Fruit Ninja Frenzy) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpbijodhadlfechicboigonjbeiall [2013-08-09]
CHR Extension: (American Racing) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfneahoibjkdlonilmnkkncopeiomoc [2013-08-09]
CHR Extension: (Google Play) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-08-09]
CHR Extension: (Open GKeep) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagigcpmedlmfppkadkopbijldllfohl [2013-08-09]
CHR Extension: (Build with Chrome) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2013-08-09]
CHR Extension: (Webcam Toy) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-08-09]
CHR Extension: (Skype Click to Call) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-16]
CHR Extension: (iCloud) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfoogmnmgnafenjlejonkpdlkjbjfkk [2013-08-09]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2013-08-09]
CHR Extension: (Rain Alarm) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (hosts) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa [2013-09-15]
CHR Extension: (Flow Colors) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2013-08-09]
CHR Extension: (Windows 8 App Store) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcofehgfaeaakklkbahafjoifnaagecj [2013-08-09]
CHR Extension: (Outlook.com) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-08-09]
CHR Extension: (Gmail) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-30]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-08-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-12] (Garmin Ltd or its subsidiaries)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
S2 InboxAce_1gService; C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe [88648 2013-12-27] (COMPANYVERS_NAME)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-24] (Dritek System INC.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-08-30] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-08-30] (ThreatTrack Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S3 TipCtrl; "C:\Program Files (x86)\uTIPu\TipCtrl.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [36432 2008-03-26] (DemoForge, LLC)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-24] (Dritek System Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-30 15:36 - 2014-06-30 15:38 - 00042633 _____ () C:\Users\Julie\Downloads\FRST.txt
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\FRST
2014-06-30 15:34 - 2014-06-30 15:34 - 02083328 _____ (Farbar) C:\Users\Julie\Downloads\FRST64.exe
2014-06-30 15:09 - 2014-06-30 15:09 - 00001130 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-06-30 15:09 - 2014-06-30 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-06-30 15:09 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-06-30 13:50 - 2014-06-30 13:50 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-06-30 13:25 - 2014-06-30 13:25 - 00000900 _____ () C:\Users\Julie\Downloads\Test.SED
2014-06-30 13:25 - 2014-06-30 13:25 - 00000835 _____ () C:\Users\Julie\Downloads\~Test.DDF
2014-06-30 13:07 - 2014-06-30 13:07 - 00001279 _____ () C:\Users\Julie\Desktop\iexpress.lnk
2014-06-30 12:28 - 2014-06-30 12:28 - 00001189 _____ () C:\Users\Julie\Documents\BSOD.bat
2014-06-26 20:36 - 2014-06-26 20:36 - 00000000 ____D () C:\Users\Julie\Tracing
2014-06-26 20:04 - 2014-06-26 20:04 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-26 20:04 - 2014-06-26 20:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-26 20:04 - 2014-06-26 20:04 - 00000000 ____D () C:\WINDOWS\en
2014-06-26 20:03 - 2014-06-26 20:03 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-26 18:19 - 2014-06-26 18:19 - 00000336 _____ () C:\WINDOWS\SysWOW64\CountBlockedByFirewall.XML
2014-06-26 18:04 - 2014-06-26 18:04 - 01492112 _____ () C:\Users\Julie\Downloads\SpaceWormhole3D_setup.zip
2014-06-25 16:11 - 2014-06-25 16:11 - 00056125 _____ () C:\Users\Julie\Documents\My Movie.wlmp
2014-06-25 12:01 - 2014-06-25 12:01 - 00000000 ____D () C:\Users\Julie\AppData\Local\AskPartnerNetwork
2014-06-24 20:02 - 2014-06-24 20:02 - 00079335 _____ () C:\Users\Julie\Downloads\metro_orbs_by_pedrocasoa-d3kj4jd.rar
2014-06-24 20:02 - 2014-06-24 20:02 - 00053210 _____ () C:\Users\Julie\Downloads\minecraft_start_orb_pack_by_mulsivaas-d3cscai.zip
2014-06-24 15:52 - 2013-09-22 21:02 - 00035114 _____ () C:\Users\Julie\Downloads\tardis.bmp
2014-06-24 15:47 - 2010-05-09 15:35 - 00035048 _____ () C:\Users\Julie\Downloads\DW logo.bmp
2014-06-24 15:28 - 2010-05-09 17:08 - 00001101 _____ () C:\Users\Julie\Downloads\Instructions.txt
2014-06-24 15:26 - 2014-06-24 15:26 - 00002963 _____ () C:\Users\Julie\Desktop\Reflector.lnk
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reflector
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Program Files\Reflector
2014-06-24 15:24 - 2014-06-24 15:26 - 11694080 _____ () C:\Users\Julie\Downloads\Reflector64 v1.3.3.msi
2014-06-22 19:13 - 2014-06-22 19:13 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-22 19:13 - 2014-06-22 19:13 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-22 19:13 - 2014-06-22 19:13 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-22 19:13 - 2014-06-22 19:13 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-22 19:12 - 2014-06-22 19:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-22 11:56 - 2014-06-22 11:56 - 00000652 _____ () C:\WINDOWS\SysWOW64\WebFilterConfig.xml
2014-06-21 14:38 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-21 14:38 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-21 14:38 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-21 14:38 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-21 14:38 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-21 14:38 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-21 14:38 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-21 14:38 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-21 14:38 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-21 14:38 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-21 14:38 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-21 14:38 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-21 14:38 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-21 14:38 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-21 14:38 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-21 14:38 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-21 14:38 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-21 14:38 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-21 14:38 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-21 14:38 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-21 14:38 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-21 14:38 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-21 14:38 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-21 14:38 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-21 14:38 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-21 14:38 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-21 14:38 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-21 14:38 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-21 14:38 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-12 05:53 - 2014-04-18 03:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-06-12 05:53 - 2014-04-18 03:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-12 05:53 - 2014-04-18 03:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-12 05:53 - 2014-04-18 02:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-12 05:53 - 2014-04-18 02:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-12 05:53 - 2014-04-08 23:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-12 05:53 - 2014-04-06 11:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-12 05:53 - 2014-04-06 11:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-12 05:53 - 2014-04-06 10:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-12 05:53 - 2014-04-06 10:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-12 05:53 - 2014-04-06 10:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-12 05:53 - 2014-04-06 10:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-12 05:53 - 2014-04-06 09:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-12 05:53 - 2014-04-06 07:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-12 05:53 - 2014-04-06 06:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-12 05:53 - 2014-04-06 06:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-12 05:53 - 2014-04-06 05:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-12 05:53 - 2014-04-06 05:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-12 05:53 - 2014-04-06 05:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-12 05:53 - 2014-04-06 05:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-12 05:53 - 2014-04-06 05:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-12 05:53 - 2014-04-03 03:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-12 05:53 - 2014-04-02 22:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-12 05:53 - 2014-04-02 21:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-12 05:53 - 2014-04-02 21:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-12 05:53 - 2014-04-02 21:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-12 05:53 - 2014-04-02 21:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-06-12 05:53 - 2014-03-31 00:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-12 05:53 - 2014-03-30 17:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-12 05:53 - 2014-03-28 10:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-12 05:53 - 2014-03-26 22:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-12 05:53 - 2014-03-24 17:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-12 05:53 - 2014-03-19 19:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-12 05:53 - 2014-03-19 18:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-12 05:53 - 2014-03-19 03:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-12 05:53 - 2014-03-18 23:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-12 05:53 - 2014-03-18 00:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-12 05:53 - 2014-03-17 23:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-12 05:53 - 2014-03-17 00:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-12 05:53 - 2014-03-16 22:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-12 05:53 - 2014-03-16 21:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-12 05:53 - 2014-03-14 01:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-12 05:53 - 2014-03-14 01:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-12 05:53 - 2014-03-06 07:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-12 05:53 - 2013-09-29 23:03 - 13172736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-06-12 05:52 - 2014-04-18 09:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-12 05:52 - 2014-04-18 09:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-12 05:52 - 2014-04-18 08:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-12 05:52 - 2014-04-18 04:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-12 05:52 - 2014-04-18 03:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-12 05:52 - 2014-04-14 04:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-12 05:52 - 2014-04-14 03:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-12 05:52 - 2014-04-10 23:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-12 05:52 - 2014-04-10 23:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-12 05:52 - 2014-04-10 22:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-12 05:52 - 2014-04-09 06:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-12 05:52 - 2014-04-09 01:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-12 05:52 - 2014-04-09 00:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-12 05:52 - 2014-04-08 22:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-12 05:52 - 2014-04-07 21:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-12 05:52 - 2014-04-06 11:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-12 05:52 - 2014-04-06 11:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-12 05:52 - 2014-04-06 11:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-12 05:52 - 2014-04-06 11:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-12 05:52 - 2014-04-06 11:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-12 05:52 - 2014-04-06 11:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-12 05:52 - 2014-04-06 11:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-12 05:52 - 2014-04-06 11:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-12 05:52 - 2014-04-06 11:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-12 05:52 - 2014-04-06 11:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-12 05:52 - 2014-04-06 11:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-12 05:52 - 2014-04-06 11:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-12 05:52 - 2014-04-06 10:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-12 05:52 - 2014-04-06 10:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-12 05:52 - 2014-04-06 10:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-12 05:52 - 2014-04-06 07:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-12 05:52 - 2014-04-06 07:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-12 05:52 - 2014-04-06 07:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-12 05:52 - 2014-04-06 07:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-12 05:52 - 2014-04-06 06:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-12 05:52 - 2014-04-06 06:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-12 05:52 - 2014-04-06 06:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-12 05:52 - 2014-04-06 04:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-12 05:52 - 2014-04-03 03:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-12 05:52 - 2014-04-03 03:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-12 05:52 - 2014-04-02 23:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-12 05:52 - 2014-04-02 23:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-12 05:52 - 2014-04-02 21:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-12 05:52 - 2014-04-02 21:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-12 05:52 - 2014-04-02 21:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-12 05:52 - 2014-04-01 01:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-12 05:52 - 2014-03-30 19:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-12 05:52 - 2014-03-30 19:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-12 05:52 - 2014-03-30 18:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-12 05:52 - 2014-03-30 17:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-12 05:52 - 2014-03-30 17:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-12 05:52 - 2014-03-30 17:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-12 05:52 - 2014-03-30 16:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-12 05:52 - 2014-03-27 01:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-12 05:52 - 2014-03-27 00:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-12 05:52 - 2014-03-26 23:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-12 05:52 - 2014-03-26 23:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-12 05:52 - 2014-03-26 23:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-12 05:52 - 2014-03-26 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-12 05:52 - 2014-03-26 22:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-12 05:52 - 2014-03-19 22:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-12 05:52 - 2014-03-19 03:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-12 05:52 - 2014-03-19 02:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-12 05:52 - 2014-03-19 02:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-12 05:52 - 2014-03-19 01:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-12 05:52 - 2014-03-19 00:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-12 05:52 - 2014-03-19 00:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-12 05:52 - 2014-03-19 00:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-12 05:52 - 2014-03-19 00:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-12 05:52 - 2014-03-19 00:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-12 05:52 - 2014-03-19 00:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-12 05:52 - 2014-03-18 23:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-12 05:52 - 2014-03-18 23:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-12 05:52 - 2014-03-18 03:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-12 05:52 - 2014-03-16 23:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-12 05:52 - 2014-03-16 21:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-11 19:14 - 2014-05-09 22:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-11 19:14 - 2014-05-09 22:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-11 19:14 - 2014-05-03 02:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-11 19:14 - 2014-05-02 23:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-11 19:14 - 2014-05-02 23:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-11 19:14 - 2014-05-02 22:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-11 19:14 - 2014-05-02 22:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-11 19:14 - 2014-04-03 02:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-11 19:14 - 2014-04-03 02:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:13 - 2014-05-08 18:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-11 19:13 - 2014-05-04 23:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-11 19:13 - 2014-04-30 06:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-11 19:13 - 2014-04-29 22:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-11 19:08 - 2014-05-19 01:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-11 19:08 - 2014-05-19 01:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-11 19:08 - 2014-05-19 00:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-11 19:08 - 2014-04-29 23:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-11 19:08 - 2014-04-29 23:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-11 19:08 - 2014-04-29 22:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-11 19:07 - 2014-05-01 08:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-11 19:07 - 2014-05-01 08:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-11 19:07 - 2014-05-01 02:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-11 19:07 - 2014-05-01 02:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-11 19:07 - 2014-05-01 01:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-11 19:07 - 2014-05-01 00:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-11 19:05 - 2014-06-11 19:05 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-07 12:24 - 2014-06-07 12:24 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-07 12:24 - 2014-06-07 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 12:23 - 2014-06-07 12:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-07 12:23 - 2014-06-07 12:24 - 00000000 ____D () C:\Program Files\iTunes
2014-06-07 12:23 - 2014-06-07 12:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-07 12:23 - 2014-06-07 12:23 - 00000000 ____D () C:\Program Files\iPod
2014-06-03 17:04 - 2014-06-03 17:04 - 00000000 ____D () C:\ProgramData\CanonIJ

==================== One Month Modified Files and Folders =======

2014-06-30 15:38 - 2014-06-30 15:36 - 00042633 _____ () C:\Users\Julie\Downloads\FRST.txt
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\FRST
2014-06-30 15:34 - 2014-06-30 15:34 - 02083328 _____ (Farbar) C:\Users\Julie\Downloads\FRST64.exe
2014-06-30 15:16 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-30 15:13 - 2013-11-11 21:38 - 01604099 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-30 15:12 - 2013-08-22 09:46 - 00355772 _____ () C:\WINDOWS\setupact.log
2014-06-30 15:09 - 2014-06-30 15:09 - 00001130 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-06-30 15:09 - 2014-06-30 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-06-30 15:09 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-06-30 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-30 14:49 - 2013-11-11 14:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-30 14:46 - 2013-01-30 17:31 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 13:50 - 2014-06-30 13:50 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-06-30 13:25 - 2014-06-30 13:25 - 00000900 _____ () C:\Users\Julie\Downloads\Test.SED
2014-06-30 13:25 - 2014-06-30 13:25 - 00000835 _____ () C:\Users\Julie\Downloads\~Test.DDF
2014-06-30 13:07 - 2014-06-30 13:07 - 00001279 _____ () C:\Users\Julie\Desktop\iexpress.lnk
2014-06-30 12:51 - 2012-12-15 00:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-363602582-4152972005-2857896535-1001
2014-06-30 12:46 - 2013-01-30 17:31 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-30 12:46 - 2013-01-30 17:31 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 12:28 - 2014-06-30 12:28 - 00001189 _____ () C:\Users\Julie\Documents\BSOD.bat
2014-06-30 12:27 - 2013-11-11 21:58 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1DB76B77-0EAD-4913-A013-6874867382B2}
2014-06-30 12:21 - 2014-05-28 16:28 - 00000000 ___RD () C:\Users\Julie\OneDrive
2014-06-30 12:21 - 2014-03-11 20:45 - 00000504 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-06-30 12:21 - 2014-01-21 19:36 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-30 12:21 - 2014-01-21 19:36 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-30 12:20 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-30 12:14 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-30 10:03 - 2013-08-12 22:33 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-27 12:10 - 2013-08-16 11:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-27 12:08 - 2012-12-17 07:18 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-27 11:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-26 22:52 - 2013-11-21 19:55 - 00000000 ____D () C:\Program Files (x86)\RSUPPORT
2014-06-26 22:47 - 2013-11-11 14:50 - 00000000 ____D () C:\Users\Julie\Documents\Bandicam
2014-06-26 20:36 - 2014-06-26 20:36 - 00000000 ____D () C:\Users\Julie\Tracing
2014-06-26 20:36 - 2013-11-11 21:26 - 00000000 ____D () C:\Users\Julie
2014-06-26 20:22 - 2013-08-28 16:24 - 00000000 ____D () C:\Users\Julie\AppData\Local\Windows Live
2014-06-26 20:04 - 2014-06-26 20:04 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-26 20:04 - 2014-06-26 20:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-26 20:04 - 2014-06-26 20:04 - 00000000 ____D () C:\WINDOWS\en
2014-06-26 20:03 - 2014-06-26 20:03 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-26 20:03 - 2013-08-29 06:03 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-26 20:03 - 2013-08-29 05:59 - 00002509 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-06-26 20:03 - 2013-08-29 05:59 - 00001481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-26 20:03 - 2013-08-29 05:53 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-26 20:02 - 2013-08-29 05:52 - 00010738 _____ () C:\WINDOWS\DirectX.log
2014-06-26 19:29 - 2013-10-10 20:18 - 00000000 ____D () C:\Users\Julie\Documents\Vista
2014-06-26 19:00 - 2014-04-24 20:57 - 00001224 _____ () C:\Users\Julie\Desktop\ROBLOX Studio 2013.lnk
2014-06-26 19:00 - 2014-04-24 20:57 - 00000000 ____D () C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-06-26 18:19 - 2014-06-26 18:19 - 00000336 _____ () C:\WINDOWS\SysWOW64\CountBlockedByFirewall.XML
2014-06-26 18:04 - 2014-06-26 18:04 - 01492112 _____ () C:\Users\Julie\Downloads\SpaceWormhole3D_setup.zip
2014-06-25 16:11 - 2014-06-25 16:11 - 00056125 _____ () C:\Users\Julie\Documents\My Movie.wlmp
2014-06-25 14:37 - 2014-03-11 19:51 - 00000000 ____D () C:\Users\Julie\AppData\Local\Reflector
2014-06-25 12:01 - 2014-06-25 12:01 - 00000000 ____D () C:\Users\Julie\AppData\Local\AskPartnerNetwork
2014-06-25 08:53 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-24 20:02 - 2014-06-24 20:02 - 00079335 _____ () C:\Users\Julie\Downloads\metro_orbs_by_pedrocasoa-d3kj4jd.rar
2014-06-24 20:02 - 2014-06-24 20:02 - 00053210 _____ () C:\Users\Julie\Downloads\minecraft_start_orb_pack_by_mulsivaas-d3cscai.zip
2014-06-24 15:26 - 2014-06-24 15:26 - 00002963 _____ () C:\Users\Julie\Desktop\Reflector.lnk
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reflector
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Program Files\Reflector
2014-06-24 15:26 - 2014-06-24 15:24 - 11694080 _____ () C:\Users\Julie\Downloads\Reflector64 v1.3.3.msi
2014-06-23 14:26 - 2013-10-26 18:58 - 00000000 ____D () C:\ProgramData\VMware
2014-06-23 14:24 - 2013-10-26 19:02 - 00000000 ____D () C:\Users\Julie\AppData\Roaming\VMware
2014-06-22 19:13 - 2014-06-22 19:13 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-22 19:13 - 2014-06-22 19:13 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-22 19:13 - 2014-06-22 19:13 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-22 19:13 - 2014-06-22 19:13 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-22 19:12 - 2014-06-22 19:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-22 19:12 - 2014-06-22 19:12 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-22 11:56 - 2014-06-22 11:56 - 00000652 _____ () C:\WINDOWS\SysWOW64\WebFilterConfig.xml
2014-06-22 07:56 - 2013-11-26 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-21 20:21 - 2014-04-24 21:05 - 00001409 _____ () C:\Users\Julie\Desktop\ROBLOX Playerz.lnk
2014-06-21 20:21 - 2014-04-24 21:05 - 00001409 _____ () C:\Users\Julie\Desktop\ROBLOX Player.lnk
2014-06-21 19:40 - 2013-09-29 22:55 - 00028160 _____ () C:\WINDOWS\PFRO.log
2014-06-21 16:47 - 2014-03-21 08:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-21 12:42 - 2013-01-30 17:31 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 12:41 - 2013-01-30 17:31 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-13 20:19 - 2013-09-12 19:18 - 00004968 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for housepc-Julie housepc
2014-06-12 18:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-12 14:42 - 2013-10-11 07:23 - 00000832 _____ () C:\WINDOWS\SysWOW64\lanss_v111_lnsscomm.csv
2014-06-12 13:58 - 2013-08-22 09:44 - 00474928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-12 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-12 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-12 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-11 21:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-11 19:05 - 2014-06-11 19:05 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-10 12:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-07 12:24 - 2014-06-07 12:24 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-07 12:24 - 2014-06-07 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 12:24 - 2014-06-07 12:23 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-07 12:24 - 2014-06-07 12:23 - 00000000 ____D () C:\Program Files\iTunes
2014-06-07 12:24 - 2014-06-07 12:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-07 12:23 - 2014-06-07 12:23 - 00000000 ____D () C:\Program Files\iPod
2014-06-07 11:54 - 2013-08-12 22:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 11:52 - 2013-08-12 22:33 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-06-07 11:52 - 2013-08-12 22:33 - 00092488 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-06-07 11:52 - 2013-08-12 22:33 - 00035656 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-06-05 07:26 - 2014-02-02 15:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-03 17:04 - 2014-06-03 17:04 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-06-01 17:18 - 2013-01-30 17:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-31 00:13 - 2013-08-22 10:38 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 00:13 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\dalek_000\AppData\Local\Temp\COMAP.EXE
C:\Users\dalek_000\AppData\Local\Temp\InstallBSRVista_v5.exe
C:\Users\Julie\AppData\Local\Temp\bbcap.dll
C:\Users\Julie\AppData\Local\Temp\bbchlp.dll
C:\Users\Julie\AppData\Local\Temp\bdfilters.dll
C:\Users\Julie\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Julie\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Julie\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Julie\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Julie\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_ab7ba92a-491a-457d-b558-e1c03baee816_TX_PR_.exe
C:\Users\Julie\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-30 10:43

==================== End Of Log ============================

 

 

Additional Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by Julie at 2014-06-30 15:40:39
Running from C:\Users\Julie\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.110 - Alps Electric)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0F01}) (Version: 12.15.1.18 - APN, LLC) <==== ATTENTION
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.5.510 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Corel Office - CS Templates (x32 Version: 5.18 - 公司名称) Hidden
Corel Office - CT Templates (x32 Version: 5.18 - 您的公司名稱) Hidden
Corel Office - IPM (x32 Version: 5.18 - Corel Corporation) Hidden
Corel Office - JP Templates (x32 Version: 5.18 - 会社名) Hidden
Corel Office - KR Templates (x32 Version: 5.18 - 회사명) Hidden
Corel Office - Launcher (x32 Version: 5.18 - Corel Corporation) Hidden
Corel Office - Templates RU (x32 Version: 5.18 - Название организации) Hidden
Corel Office - Templates1 (x32 Version: 5.18 - Your Company Name) Hidden
Corel Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version: 5.0.119.1520 - Corel Corporation)
Corel Office (x32 Version: 5.18 - Corel Corporation) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Elevated Installer (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version:  - )
Family Tree Heritage Collaboration Support (HKLM-x32\...\InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software)
Family Tree Heritage Collaboration Support (x32 Version: 1.10.0010 - Individual Software) Hidden
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
Garmin Express (HKLM-x32\...\{22cb5aae-d413-47c3-9710-95a7d3c3027d}) (Version: 2.1.11 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.11 - Garmin Ltd or its subsidiaries) Hidden
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
hosts (HKLM-x32\...\hosts) (Version: 1.28.153.3 - Irismedia) <==== ATTENTION
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1311.20) (Version: 3.6.1311.20 - Solveig Multimedia)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
L&H TTS3000 Japanese (HKLM-x32\...\LHTTSJPJ) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Gateway)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Gateway Incorporated)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.2 (HKLM\...\{49C9FDFF-6056-4E8C-B9AF-B7B4D78023E2}) (Version: 4.3.2 - Oracle Corporation)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.01.0000 - RSUPPORT)
ROBLOX Player for Julie (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Julie (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Search Protection (HKCU\...\Search Protection) (Version: 9.4.0.2 - Spigot, Inc.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.5.1 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.5.1 - ThreatTrack Security, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zabaware TTS Reader 2.0 (HKLM-x32\...\Zabaware TTS Reader) (Version: 2.0 - Zabaware, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

10-06-2014 01:38:43 Scheduled Checkpoint
14-06-2014 00:26:51 Windows Update
21-06-2014 17:37:30 Windows Update
24-06-2014 20:10:11 Installed Reflector
27-06-2014 01:00:14 Windows Live Essentials
27-06-2014 01:02:13 Installed DirectX

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02F09A97-8FA2-4E84-987D-1E333B79934D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {04FCA341-2839-4669-A2F1-32153B82E4BF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {08E62A87-9576-4935-A4D6-A263E26207E1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0B086725-B790-4A29-96AF-137AE7098EB2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-363602582-4152972005-2857896535-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0F290516-95DE-4764-806D-8C1FAA93ADF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2327C00A-94B8-4194-B6F3-DDCEC25B15C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {23D401EE-5838-4939-914F-762FC3353BEC} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-18] (CyberLink)
Task: {2A477C30-3ED9-4B28-BF35-4C51DF3B7916} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-21] (Microsoft Corporation)
Task: {2AE198E4-E030-4B32-B293-AD01E67A12BF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2BB47B13-77AD-4F68-BA78-961BC14E04EC} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30C5BA61-CD66-4766-8F9E-5D858729EB03} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73BDCD7B-254D-43D3-887C-E1980B9F9046} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-27] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C7A5E8E-0BFC-4D73-B679-DE5A4DFC36E9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for housepc-Julie housepc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-21] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98F4DA1B-F39F-4454-B858-55AE01634251} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA7C1385-AE0A-4545-A81B-10642DF2DA1E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DB849B40-879E-41C4-8B74-8C8803F87BCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E9B333D8-11F5-4A27-8EBA-0D09F47EF9AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {EC36757A-74EC-4887-8673-47EEB6896B73} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {EF6024DE-F55A-4934-8FFD-7982077AEB1C} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-29] ()
Task: {F8BF099F-1361-4331-82DF-A65557415BFA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-363602582-4152972005-2857896535-1005 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {FD6FA5EB-6935-450D-B7A5-2A67881F15DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 08:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-02 15:53 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-06-21 16:09 - 2014-06-21 16:09 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-08-23 01:26 - 2012-08-23 01:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-08-23 01:26 - 2012-08-23 01:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
2012-08-23 01:26 - 2012-08-23 01:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-06-21 12:06 - 2014-06-21 12:06 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-09-30 17:58 - 2014-06-03 11:01 - 00190752 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2013-09-30 17:58 - 2014-06-03 11:01 - 00178464 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2012-09-24 08:02 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Julie\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\StartupFolder: => "Ultra Hal Text-to-Speech Reader Startup.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Zabaware Reader Startup.lnk"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKCU\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4C888888355C9F9814E291B620236A57"
HKCU\...\StartupApproved\Run: => "SkyDrive"
HKCU\...\StartupApproved\Run: => "swg"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 03:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2fd8

Start Time: 01cf94a0c5c2a8c7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: baff9c29-0094-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 03:18:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dixml.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15bc

Start Time: 01cf94a00ec9ebcf

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe

Report Id: b8d9384a-0093-11e4-85e7-4c72b9c90d51

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2014 03:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dixml.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2f78

Start Time: 01cf949fb6618acd

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe

Report Id: 4641f1f2-0093-11e4-85e7-4c72b9c90d51

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2014 02:55:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2600

Start Time: 01cf949c95063ce9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8abd4f55-0090-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 02:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fb0

Start Time: 01cf949863efa376

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 59775fc4-008c-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 01:55:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f28

Start Time: 01cf9494331fd973

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 27605326-0088-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 01:25:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c60

Start Time: 01cf9490021daf6b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: f5d3d4be-0083-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fec

Start Time: 01cf948bd13777db

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c4b8d985-007f-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:39:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17b4

Start Time: 01cf948992a94243

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8629bb79-007d-11e4-85e7-4c72b9c90d51

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x2dc
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

System errors:
=============
Error: (06/30/2014 03:21:56 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 03:21:50 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 03:19:12 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 03:19:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 03:17:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 03:17:00 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/30/2014 01:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The InboxAceService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2014 00:20:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMware Bridge Protocol service failed to start due to the following error:
%%2

Error: (06/30/2014 10:02:57 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1A54B20E48A4" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/30/2014 10:02:57 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1A54B20E48A4" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Microsoft Office Sessions:
=========================
Error: (06/30/2014 03:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204982fd801cf94a0c5c2a8c74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exebaff9c29-0094-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 03:18:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dixml.exe2.5.0.015bc01cf94a00ec9ebcf4294967295C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exeb8d9384a-0093-11e4-85e7-4c72b9c90d51

Error: (06/30/2014 03:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dixml.exe2.5.0.02f7801cf949fb6618acd4294967295C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe4641f1f2-0093-11e4-85e7-4c72b9c90d51

Error: (06/30/2014 02:55:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498260001cf949c95063ce94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe8abd4f55-0090-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 02:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204981fb001cf949863efa3764294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe59775fc4-008c-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 01:55:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498f2801cf9494331fd9734294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe27605326-0088-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 01:25:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498c6001cf9490021daf6b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exef5d3d4be-0083-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498fec01cf948bd13777db4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exec4b8d985-007f-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:39:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049817b401cf948992a942434294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe8629bb79-007d-11e4-85e7-4c72b9c90d51microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/30/2014 00:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b34252dc01cf94887b1e989cC:\Users\Julie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllbed6d712-007b-11e4-85e7-4c72b9c90d51

CodeIntegrity Errors:
===================================
  Date: 2014-02-01 16:44:34.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Thanks for any future help!



BC AdBot (Login to Remove)

 


#2 TARDIS_Blue_Box

TARDIS_Blue_Box
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oak Lawn, IL
  • Local time:02:51 AM

Posted 01 July 2014 - 12:05 PM

It also seems, according to Malwarebytes, which I installed yesterday, I have tons of PUPs (Potentially Unwanted Programs) on my PC, and in different amounts everyday. I don't know why it picked up more than it did last time when I scanned. Plus, I don't know why VIPRE picks up 40+ traces of MyWebSearch. What do I do?


Edited by TARDIS_Blue_Box, 01 July 2014 - 12:06 PM.


#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 05 July 2014 - 11:59 AM

Hi TARDIS_Blue_Box :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 06 July 2014 - 10:09 PM

Hi TARDIS_Blue_Box,
 
Good job posting the FRST logs. :thumbsup:
 
I would like to officially welcome you to Bleeping Computer. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.

I am in California at GMT-7 Hours (DST). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started.

  • Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Right-click TDSSKiller.exe and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Next:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Let me know if you have any questions.

 

polskamachina



#5 TARDIS_Blue_Box

TARDIS_Blue_Box
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oak Lawn, IL
  • Local time:02:51 AM

Posted 09 July 2014 - 09:26 PM

Hi, sorry for the late reply,

 

  TDSSKiller didn't find anything in it's scan.

  Although, AdwCleaner found files and I have the log file:

 

# AdwCleaner v3.215 - Report created 09/07/2014 at 21:17:34
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Julie - HOUSEPC
# Running from : C:\Users\Julie\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

File Found : C:\Users\All Users\Desktop\eBay.lnk
File Found : C:\Users\Julie\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\All Users\apn
Folder Found : C:\Users\All Users\AskPartnerNetwork
Folder Found : C:\Users\All Users\Viewpoint
Folder Found : C:\Users\dalek_000\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\dalek_000\AppData\Local\Temp\apn
Folder Found : C:\Users\dalek_000\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\dalek_000\AppData\Roaming\Search Protection
Folder Found : C:\Users\dalek_000\Documents\Updater
Folder Found : C:\Users\Julie\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
Folder Found : C:\Users\Julie\AppData\Local\Temp\apn
Folder Found : C:\Users\Julie\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Julie\AppData\LocalLow\iac
Folder Found : C:\Users\Julie\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\Julie\AppData\LocalLow\InboxAce_1gEI
Folder Found : C:\Users\Julie\AppData\LocalLow\Unitech LLC
Folder Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Julie\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\Unitech LLC
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Unitech LLC
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Unitech LLC
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxAce_1g Browser Plugin Loader 64]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\prefs.js ]

[ File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\prefs.js ]

Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : iflpcokdamgefbghpdipcibmhlkdopop

*************************

AdwCleaner[R0].txt - [11111 octets] - [09/07/2014 21:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11172 octets] #########

 

I don't think I need to keep anything it picked up while scanning.

Again, sorry for the late reply!



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 10 July 2014 - 04:41 PM

Hi TARDIS_Blue_Box :)
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next:
 
Please open Malwarebytes again.

  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.
  • To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following location:
    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Let me know if you have any questions. Have you noticed any improvement with your apps?

polskamachina



#7 TARDIS_Blue_Box

TARDIS_Blue_Box
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oak Lawn, IL
  • Local time:02:51 AM

Posted 17 July 2014 - 12:27 AM

Sorry for the extremely late replies lately, I'm just a little busy is all. I will run AdwCleaner in the morning and MalwareBytes too. I have noticed that windows apps and tiles of desktop apps in the start screen open now. Computer speed may be a little better as well.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 17 July 2014 - 04:18 PM

Hi TARDIS_Blue_Box :)

 

That's welcome news that your apps are working now. I'll await your upcoming logs.

 

polskamachina

 

 



#9 TARDIS_Blue_Box

TARDIS_Blue_Box
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oak Lawn, IL
  • Local time:02:51 AM

Posted 18 July 2014 - 03:10 PM

Here are the logs. I seem to have two from AdwCleaner, though.

 

==AdwCleaner[R1]==

 

# AdwCleaner v3.215 - Report created 17/07/2014 at 08:02:07
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Julie - HOUSEPC
# Running from : C:\Users\Julie\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

File Found : C:\Users\All Users\Desktop\eBay.lnk
File Found : C:\Users\Julie\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\All Users\apn
Folder Found : C:\Users\All Users\AskPartnerNetwork
Folder Found : C:\Users\All Users\Viewpoint
Folder Found : C:\Users\dalek_000\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\dalek_000\AppData\Local\Temp\apn
Folder Found : C:\Users\dalek_000\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\dalek_000\AppData\Roaming\Search Protection
Folder Found : C:\Users\dalek_000\Documents\Updater
Folder Found : C:\Users\Julie\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
Folder Found : C:\Users\Julie\AppData\Local\Temp\apn
Folder Found : C:\Users\Julie\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Julie\AppData\LocalLow\iac
Folder Found : C:\Users\Julie\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\Julie\AppData\LocalLow\InboxAce_1gEI
Folder Found : C:\Users\Julie\AppData\LocalLow\Unitech LLC
Folder Found : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Julie\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\Unitech LLC
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Unitech LLC
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Unitech LLC
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxAce_1g Browser Plugin Loader 64]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\prefs.js ]

[ File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\prefs.js ]

Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : iflpcokdamgefbghpdipcibmhlkdopop

*************************

AdwCleaner[R0].txt - [11325 octets] - [09/07/2014 21:17:34]
AdwCleaner[R1].txt - [11063 octets] - [17/07/2014 08:02:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11124 octets] ##########

 

==AdwCleaner[S0]==

 

# AdwCleaner v3.215 - Report created 17/07/2014 at 08:06:06
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Julie - HOUSEPC
# Running from : C:\Users\Julie\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\dalek_000\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\dalek_000\AppData\Local\Temp\apn
Folder Deleted : C:\Users\dalek_000\AppData\LocalLow\InboxAce_1g
Folder Deleted : C:\Users\dalek_000\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\dalek_000\Documents\Updater
Folder Deleted : C:\Users\Julie\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Julie\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Julie\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Julie\AppData\LocalLow\iac
Folder Deleted : C:\Users\Julie\AppData\LocalLow\InboxAce_1g
Folder Deleted : C:\Users\Julie\AppData\LocalLow\InboxAce_1gEI
Folder Deleted : C:\Users\Julie\AppData\LocalLow\Unitech LLC
Folder Deleted : C:\Users\Julie\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Julie\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxAce_1g Browser Plugin Loader 64]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Unitech LLC
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\dalek_000\AppData\Roaming\Mozilla\Firefox\Profiles\e37x678v.default\prefs.js ]

[ File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\bthhvufp.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : iflpcokdamgefbghpdipcibmhlkdopop

*************************

AdwCleaner[R0].txt - [11325 octets] - [09/07/2014 21:17:34]
AdwCleaner[R1].txt - [11277 octets] - [17/07/2014 08:02:07]
AdwCleaner[S0].txt - [10720 octets] - [17/07/2014 08:06:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10781 octets] ##########

 

==mbam log==

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/18/2014
Scan Time: 11:44:00 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.18.07
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Julie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418585
Time Elapsed: 3 hr, 9 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Spigot.A, C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://search.yahoo.com/?type=586383&fr=spigot-yhp-ch",), Replaced,[32cde0c0631855e1cde67a5b08fc0000]

Physical Sectors: 0
(No malicious items detected)

(end)



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 20 July 2014 - 11:38 AM

Hi TARDIS_Blue_Box,

 

Good job with the logs. Please be patient while I research the correct antidote for your malware troubles. :)

 

polskamachina



#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 21 July 2014 - 10:46 AM

Hi TARDIS_Blue_Box :)
 
Your Malwarebytes log shows that your Chrome home page has been hijacked to a less than legitimate website. Please open your Chrome preferences and reset your home page to something more on the level. If you need instructions, please click here.
 
Let me know if you have any questions. How is your computer performing now?
 
polskamachina



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 26 July 2014 - 11:27 PM

Hi TARDIS Blue_Box :)

 

It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
 
Let me know if you have any questions.
 
polskamachina



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,920 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 31 July 2014 - 01:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users