Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware Snap.Do, NewPlayer, Easy Speed, etc.


  • This topic is locked This topic is locked
22 replies to this topic

#1 LBackover

LBackover

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 20 July 2014 - 01:48 PM

Hello... Looking for help.

 

Tricked into downloading an "update" without understanding it was an advertisement.  

 

Here's the 9 items that were installed all at once:  

 

Cinema-Plus-1.2

DesktopWeatherAlerts

Easy Speed Check

Easy Speed PC

FreeSoftToday 025.163

NewPlayer

NewPlayer

Remote Desktop Access (VuuPC)

Snap.Do; Snap.Do Engine

 

There's pop-ups tabs and hovering ads happening all over the place.  

 

Hoping someone can help talk me down off the ledge!  

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 21 July 2014 - 02:11 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 07:50 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Dana (administrator) on DANAROSEN on 21-07-2014 08:34:59
Running from C:\Users\Dana\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
() C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
() C:\Users\Dana\AppData\Local\LPT\srptm.exe
(Cinema Plus) C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe
() C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
() C:\Users\Dana\AppData\Local\fst_us_163\upfst_us_163.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Probit Software LTD) C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe
(Smartbar) C:\Users\Dana\AppData\Local\Smartbar\Application\SnapDo.exe
() C:\Users\Dana\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
(Dropbox, Inc.) C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Local Weather LLC) C:\Users\Dana\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Cinema Plus) C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bg.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [fst_us_163] => "C:\Program Files (x86)\fst_us_163\fst_us_163.exe"
HKLM-x32\...\RunOnce: [upfst_us_163.exe] => C:\Users\Dana\AppData\Local\fst_us_163\upfst_us_163.exe [3324384 2014-07-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [Google Update] => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-10] (Google Inc.)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [MusicManager] => C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [GoogleChromeAutoLaunch_35D503578298CFB9BB273407D0EC26F2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe [148272 2013-03-18] (Probit Software LTD)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [EasySpeedCheck] => C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe [194200 2014-05-12] (Probit Software LTD)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Dana\AppData\Local\Smartbar\Application\SnapDo.exe [29728 2014-07-06] (Smartbar)
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Dana\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Dana\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13866;https=127.0.0.1:13866
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {6A08377C-5E11-43F3-9AB6-CAB25F0EAE35} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {6A08377C-5E11-43F3-9AB6-CAB25F0EAE35} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
BHO: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll (Cinema Plus)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll" No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll (Cinema Plus)
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll" No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll" No File
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\Dana\AppData\Roaming\Zoom\bin_00\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-19]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85B2qFc6EDzwteIbuyoHEJu6S2NIKhDkRmmChUpLoCG3_PVrIK2vB2-vl39eP2IVqC3p2pJeof-OMUuDlTvVhwnQ0C41aQ7iWTvVx7G2bU6K1ULf88L_2Bc1t6VyX79iI", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlMGoIDxoPfmHzjFv7biGYD0tIjZ_glgng4XDiZGDJdzFrMBfAbjdl3uBXnLq8oL-ua-nwNfTSVTD9nXjoLLQK5eBjCLwA,,"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-24]
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (Google Search) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Search by Image (by Google)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-11-21]
CHR Extension: (WhoIs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhnaioakffcmagdeoigioijcblhfiib [2013-11-21]
CHR Extension: (Zoho CRM) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2013-11-21]
CHR Extension: (Quick SEO - PageRank, Backlinks & Alexa Tool) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2013-11-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-30]
CHR Extension: (Hangouts) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-04]
CHR Extension: (Google Wallet) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
 
==================== Services (Whitelisted) =================
 
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-20] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-20] (globalUpdate) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34336 2014-06-10] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 NewPlayer; C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.exe [147456 2014-07-20] () [File not signed]
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-07-16] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [200808 2012-09-07] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140720.019\ENG64.SYS [126040 2014-03-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140720.019\EX64.SYS [2099288 2014-03-23] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 08:34 - 2014-07-21 08:35 - 00027517 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-07-21 08:32 - 2014-07-21 08:35 - 00000000 ____D () C:\FRST
2014-07-21 08:31 - 2014-07-21 08:31 - 02089984 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Probit Software
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-20 14:26 - 2014-07-20 14:26 - 00001089 _____ () C:\Users\Dana\Desktop\Continue VuuPC Installation.lnk
2014-07-20 14:23 - 2014-07-20 14:32 - 00000000 ____D () C:\Users\Dana\AppData\Local\LPT
2014-07-20 14:22 - 2014-07-20 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97}
2014-07-20 14:20 - 2014-07-20 14:26 - 00001458 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user.job
2014-07-20 14:20 - 2014-07-20 14:26 - 00001438 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.job
2014-07-20 14:20 - 2014-07-20 14:22 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-07-20 14:20 - 2014-07-20 14:20 - 00004442 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5
2014-07-20 14:19 - 2014-07-21 08:24 - 00000956 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-20 14:19 - 2014-07-20 14:26 - 00002284 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.job
2014-07-20 14:19 - 2014-07-20 14:26 - 00001584 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1.job
2014-07-20 14:19 - 2014-07-20 14:26 - 00001364 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.job
2014-07-20 14:19 - 2014-07-20 14:25 - 00000952 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 14:19 - 2014-07-20 14:19 - 00005288 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4
2014-07-20 14:19 - 2014-07-20 14:19 - 00004588 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1
2014-07-20 14:19 - 2014-07-20 14:19 - 00004368 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2
2014-07-20 14:19 - 2014-07-20 14:19 - 00003928 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-20 14:19 - 2014-07-20 14:19 - 00003692 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-20 14:19 - 2014-07-20 14:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\newplayer
2014-07-20 14:19 - 2014-07-20 14:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\Local_Weather_LLC
2014-07-20 14:18 - 2014-07-20 14:26 - 00003826 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.job
2014-07-20 14:18 - 2014-07-20 14:26 - 00002456 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.job
2014-07-20 14:18 - 2014-07-20 14:26 - 00001576 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6.job
2014-07-20 14:18 - 2014-07-20 14:25 - 00001512 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7.job
2014-07-20 14:18 - 2014-07-20 14:23 - 00000000 ____D () C:\Users\Dana\AppData\Local\Smartbar
2014-07-20 14:18 - 2014-07-20 14:23 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.2
2014-07-20 14:18 - 2014-07-20 14:18 - 00006830 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11
2014-07-20 14:18 - 2014-07-20 14:18 - 00005460 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3
2014-07-20 14:18 - 2014-07-20 14:18 - 00004580 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6
2014-07-20 14:18 - 2014-07-20 14:18 - 00004516 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7
2014-07-20 14:18 - 2014-07-20 14:18 - 00001903 _____ () C:\Users\Dana\Desktop\NewPlayer.lnk
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Users\Dana\AppData\Local\globalUpdate
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-20 14:17 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-07-20 14:16 - 2014-07-21 08:34 - 00000000 ____D () C:\Users\Dana\AppData\Local\WeatherAlerts
2014-07-20 14:16 - 2014-07-20 14:29 - 00000000 ____D () C:\Users\Dana\AppData\Local\fst_us_163
2014-07-20 14:16 - 2014-07-20 14:26 - 00000422 _____ () C:\Windows\Tasks\NewPlayer Update.job
2014-07-20 14:16 - 2014-07-20 14:25 - 00000402 _____ () C:\Windows\Tasks\NewPlayer_wd.job
2014-07-20 14:16 - 2014-07-20 14:22 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\VOPackage
2014-07-20 14:16 - 2014-07-20 14:17 - 00001334 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00003060 _____ () C:\Windows\System32\Tasks\NewPlayer Update
2014-07-20 14:16 - 2014-07-20 14:16 - 00002980 _____ () C:\Windows\System32\Tasks\NewPlayer_wd
2014-07-20 14:16 - 2014-07-20 14:16 - 00001299 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00001299 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00001284 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\fst_us_163
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\di9NewPlayer
2014-07-20 14:15 - 2014-07-20 14:15 - 01385128 _____ () C:\Users\Dana\Downloads\Setup.exe
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 _____ () C:\END
2014-07-18 18:46 - 2014-07-18 18:46 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 18:46 - 2014-07-18 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 18:46 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 18:46 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 18:46 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 18:46 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-15 07:06 - 2014-07-15 07:06 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 22:11 - 2014-07-14 22:11 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-14 21:03 - 2014-07-14 21:08 - 248114027 _____ () C:\Users\Dana\Downloads\TEACHINGS OF THE RAV - MASTERING RESRICTIONS CLASS 1 20140708.wmv
2014-07-12 08:42 - 2014-07-12 08:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 08:11 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 08:11 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 08:11 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-09 08:11 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 08:11 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 08:11 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:11 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:11 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 08:11 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 08:11 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 08:11 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:11 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 08:11 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 08:11 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 08:11 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 08:11 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 08:11 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 08:11 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 08:11 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 08:11 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 08:11 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 08:10 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:10 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:10 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:10 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:10 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 08:10 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:10 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 08:10 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 08:10 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:10 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 08:10 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 08:35 - 2014-07-21 08:34 - 00027517 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-07-21 08:35 - 2014-07-21 08:32 - 00000000 ____D () C:\FRST
2014-07-21 08:34 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\WeatherAlerts
2014-07-21 08:31 - 2014-07-21 08:31 - 02089984 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-07-21 08:27 - 2013-09-02 12:29 - 00000000 ____D () C:\Users\Dana\AppData\Local\CrashDumps
2014-07-21 08:26 - 2013-01-18 18:41 - 01804485 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 08:24 - 2014-07-20 14:19 - 00000956 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-07-21 08:23 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-20 14:53 - 2013-01-18 18:49 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1715484851-1912604928-717142542-1001
2014-07-20 14:43 - 2013-02-10 11:48 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA.job
2014-07-20 14:33 - 2012-11-10 17:46 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-20 14:32 - 2014-07-20 14:23 - 00000000 ____D () C:\Users\Dana\AppData\Local\LPT
2014-07-20 14:29 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\fst_us_163
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Probit Software
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-20 14:27 - 2014-05-18 11:54 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\DropboxMaster
2014-07-20 14:27 - 2013-01-20 23:51 - 00000000 ___RD () C:\Users\Dana\Dropbox
2014-07-20 14:27 - 2013-01-20 23:47 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Dropbox
2014-07-20 14:26 - 2014-07-20 14:26 - 00001089 _____ () C:\Users\Dana\Desktop\Continue VuuPC Installation.lnk
2014-07-20 14:26 - 2014-07-20 14:20 - 00001458 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user.job
2014-07-20 14:26 - 2014-07-20 14:20 - 00001438 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.job
2014-07-20 14:26 - 2014-07-20 14:19 - 00002284 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.job
2014-07-20 14:26 - 2014-07-20 14:19 - 00001584 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1.job
2014-07-20 14:26 - 2014-07-20 14:19 - 00001364 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.job
2014-07-20 14:26 - 2014-07-20 14:18 - 00003826 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.job
2014-07-20 14:26 - 2014-07-20 14:18 - 00002456 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.job
2014-07-20 14:26 - 2014-07-20 14:18 - 00001576 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6.job
2014-07-20 14:26 - 2014-07-20 14:16 - 00000422 _____ () C:\Windows\Tasks\NewPlayer Update.job
2014-07-20 14:26 - 2013-01-18 20:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 14:25 - 2014-07-20 14:19 - 00000952 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 14:25 - 2014-07-20 14:18 - 00001512 _____ () C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7.job
2014-07-20 14:25 - 2014-07-20 14:16 - 00000402 _____ () C:\Windows\Tasks\NewPlayer_wd.job
2014-07-20 14:25 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 14:25 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-20 14:23 - 2014-07-20 14:18 - 00000000 ____D () C:\Users\Dana\AppData\Local\Smartbar
2014-07-20 14:23 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.2
2014-07-20 14:22 - 2014-07-20 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97}
2014-07-20 14:22 - 2014-07-20 14:20 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-07-20 14:22 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\VOPackage
2014-07-20 14:20 - 2014-07-20 14:20 - 00004442 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5
2014-07-20 14:19 - 2014-07-20 14:19 - 00005288 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4
2014-07-20 14:19 - 2014-07-20 14:19 - 00004588 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1
2014-07-20 14:19 - 2014-07-20 14:19 - 00004368 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2
2014-07-20 14:19 - 2014-07-20 14:19 - 00003928 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-20 14:19 - 2014-07-20 14:19 - 00003692 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-20 14:19 - 2014-07-20 14:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\newplayer
2014-07-20 14:19 - 2014-07-20 14:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\Local_Weather_LLC
2014-07-20 14:18 - 2014-07-20 14:18 - 00006830 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11
2014-07-20 14:18 - 2014-07-20 14:18 - 00005460 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3
2014-07-20 14:18 - 2014-07-20 14:18 - 00004580 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6
2014-07-20 14:18 - 2014-07-20 14:18 - 00004516 _____ () C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7
2014-07-20 14:18 - 2014-07-20 14:18 - 00001903 _____ () C:\Users\Dana\Desktop\NewPlayer.lnk
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Users\Dana\AppData\Local\globalUpdate
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-20 14:18 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-20 14:18 - 2014-07-20 14:17 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-07-20 14:18 - 2013-01-18 20:27 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 14:17 - 2014-07-20 14:16 - 00001334 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00003060 _____ () C:\Windows\System32\Tasks\NewPlayer Update
2014-07-20 14:16 - 2014-07-20 14:16 - 00002980 _____ () C:\Windows\System32\Tasks\NewPlayer_wd
2014-07-20 14:16 - 2014-07-20 14:16 - 00001299 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00001299 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00001284 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\fst_us_163
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\di9NewPlayer
2014-07-20 14:15 - 2014-07-20 14:15 - 01385128 _____ () C:\Users\Dana\Downloads\Setup.exe
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 _____ () C:\END
2014-07-18 18:46 - 2014-07-18 18:46 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 18:46 - 2014-07-18 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 18:46 - 2014-01-16 23:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 18:46 - 2013-07-17 10:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 18:32 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-18 17:20 - 2013-01-18 20:28 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 08:45 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-15 21:43 - 2013-02-10 11:48 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core.job
2014-07-15 20:54 - 2013-01-18 19:39 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\PCDr
2014-07-15 07:06 - 2014-07-15 07:06 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 07:05 - 2012-11-10 19:30 - 00229896 _____ () C:\Windows\PFRO.log
2014-07-14 22:11 - 2014-07-14 22:11 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-14 22:10 - 2013-01-18 19:04 - 00000000 ____D () C:\Users\Dana\AppData\Local\Apple Computer
2014-07-14 21:57 - 2013-02-09 20:49 - 00100352 ___SH () C:\Users\Dana\Downloads\Thumbs.db
2014-07-14 21:08 - 2014-07-14 21:03 - 248114027 _____ () C:\Users\Dana\Downloads\TEACHINGS OF THE RAV - MASTERING RESRICTIONS CLASS 1 20140708.wmv
2014-07-13 18:30 - 2012-07-26 03:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 09:10 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-07-12 08:42 - 2014-07-12 08:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-12 08:42 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 08:41 - 2013-08-14 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 08:39 - 2013-01-19 14:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 03:02 - 2014-07-18 18:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-18 18:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-18 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-18 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 08:32 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-30 18:42 - 2014-07-09 08:11 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 18:42 - 2014-07-09 08:11 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 18:42 - 2014-07-09 08:11 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-30 18:08 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-06-27 23:35 - 2014-07-09 08:11 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 16:53 - 2013-12-01 13:48 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:53 - 2013-12-01 13:48 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 21:38 - 2013-02-10 11:48 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA
2014-06-25 21:38 - 2013-02-10 11:48 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core
 
Some content of TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk1gsh.dll
C:\Users\Dana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 04:19
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Dana at 2014-07-21 08:36:24
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Speed Check (HKLM-x32\...\Easy Speed Check) (Version: 1.1.2 - Probit Software LTD)
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD)
FreeSoftToday 025.163 (HKLM-x32\...\fst_us_163_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NewPlayer (HKLM-x32\...\1EC0AEF7-C123-E8C4-C067-C319930EBEC0) (Version:  - NewPlayer-software) <==== ATTENTION
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.3 - ) <==== ATTENTION
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{23e21170-4bf1-4237-9c3a-d94048df0010}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Zoom (HKCU\...\ZoomUMX) (Version: 2.1 - Zoom Video Communications, Inc.)
 
==================== Restore Points  =========================
 
27-06-2014 11:55:57 Scheduled Checkpoint
09-07-2014 12:23:57 Windows Update
12-07-2014 12:39:13 Windows Update
15-07-2014 02:09:52 Installed QuickTime 7
18-07-2014 22:45:53 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00D86A79-7D8F-450D-A00A-2C33209B9473} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {010E531A-B35B-4D2D-B978-B864A1A73245} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1917D324-C2C8-4323-80FC-44D4E4218A49} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {240ED185-59D9-4171-A484-51753EB9435D} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe [2014-07-20] (Cinema Plus)
Task: {2E7FA47F-C637-4734-BBB9-20D915EFFBA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {30333F48-9BA0-42CB-9997-B3A18841FF6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {389CD004-76EB-45D3-BD91-5940E49A09E5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {39946108-B222-4213-9A99-2BFAA0A260B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {4CFF4065-30E9-4201-B8C3-CBFBC41205AA} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.exe [2014-07-20] (Cinema Plus)
Task: {5102A2CF-4D40-40B3-AED5-516E1E91553E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-20] (globalUpdate) <==== ATTENTION
Task: {52FC4C4E-8889-447D-948D-D4C58F8C2BDE} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-20] (Cinema Plus)
Task: {5B8FC722-2DFD-49C9-A954-2CF2536FF1CE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-20] (globalUpdate) <==== ATTENTION
Task: {643AE151-1CC1-47A9-BEF4-4CE9173C4C09} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {672AD229-674B-4B52-A88F-08AACBF617DC} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe [2014-07-20] (Cinema Plus)
Task: {6D60FDB1-854B-4270-8B59-F531328CD1FC} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\di9NewPlayer\di3NewPlayerC92.exe [2014-07-20] ()
Task: {76498FE7-C12B-4197-9DFD-F820CF025F4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {77243336-CFC3-44BB-BA6E-B647CBF1DB0C} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {78BDD8EF-AB67-4D94-B04F-18857F68AA5D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8582ABF5-E6F2-4D61-A2EB-1E1ED1B73E8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {884DFDFC-ABF5-4A3A-B5FB-8AEE1223DF41} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-20] (Cinema Plus)
Task: {914D68E5-1EEE-41BB-A984-95B27502CA5D} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.exe [2014-07-20] (Cinema Plus)
Task: {9A154B1D-38CE-4884-9416-807FB9074DF0} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.exe [2014-07-20] (Cinema Plus)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7B1EE27-22A7-4F95-A441-13F6A5762BB8} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.exe [2014-07-20] (Cinema Plus)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {BA16FE77-FF9C-4876-BEB6-576C01924C2F} - System32\Tasks\NewPlayer_wd => C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe [2014-07-20] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6D49553-97AA-4ED6-A33C-2B07CA447EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {D1318C1C-854D-4DCE-ADEC-BDFA58B5B496} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe [2014-07-20] (Cinema Plus)
Task: {D6A63E6F-46D0-46E2-82A6-68CB289CA17D} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C8A39A-C811-465B-A5A1-F4952D8D4113} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-29] (Intel)
Task: {E6590393-8377-482F-B61F-011B616AE96B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NewPlayer Update.job => C:\Program Files (x86)\di9NewPlayer\di3NewPlayerC92.exe
Task: C:\Windows\Tasks\NewPlayer_wd.job => C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-10 18:31 - 2014-06-10 18:31 - 00034336 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-07-20 14:16 - 2014-07-20 14:16 - 00147456 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.exe
2014-07-16 08:41 - 2014-07-16 08:41 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-06-10 18:31 - 2014-06-10 18:31 - 00036384 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00024608 _____ () C:\Users\Dana\AppData\Local\LPT\srptm.exe
2014-07-20 14:16 - 2014-07-20 14:16 - 00098304 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe
2014-07-20 14:16 - 2014-07-17 13:02 - 03324384 _____ () C:\Users\Dana\AppData\Local\fst_us_163\upfst_us_163.exe
2012-11-10 19:13 - 2012-07-30 13:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 13:00 - 2014-02-25 13:00 - 00550952 _____ () C:\Users\Dana\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00044064 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-07-20 14:16 - 2014-07-20 14:16 - 00171520 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00060960 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00084000 _____ () C:\Users\Dana\AppData\Local\LPT\srpt.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00044576 _____ () C:\Users\Dana\AppData\Local\LPT\srptc.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00018976 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Common.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00070688 _____ () C:\Users\Dana\AppData\Local\LPT\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\LPT\sppsm.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00159776 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00028704 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00167456 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00047648 _____ () C:\Users\Dana\AppData\Local\LPT\srbu.dll
2014-07-20 14:19 - 2014-07-20 14:19 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00026656 _____ () C:\Users\Dana\AppData\Local\LPT\srpdm.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00027680 _____ () C:\Users\Dana\AppData\Local\LPT\ProxySettings.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00045600 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00029216 _____ () C:\Users\Dana\AppData\Local\LPT\sreu.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00055840 _____ () C:\Users\Dana\AppData\Local\LPT\srprl.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00051232 _____ () C:\Users\Dana\AppData\Local\LPT\lrrot.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 10683392 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 07741952 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 01681408 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 02248192 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00117248 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00231936 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 17:21 - 2014-05-15 17:21 - 00253440 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 17:24 - 2014-05-15 17:24 - 00344064 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 00026624 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00112142 _____ () C:\Program Files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 01000974 _____ () C:\Program Files (x86)\Easy Speed Check\libstdc++-6.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00279955 _____ () C:\Program Files (x86)\Easy Speed Check\libidn-11.dll
2014-07-20 14:18 - 2013-08-25 20:02 - 00131598 _____ () C:\Program Files (x86)\Easy Speed Check\zlib1.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00020480 _____ () C:\Program Files (x86)\Easy Speed Check\cwebpage.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00048160 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00071712 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srau.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00167456 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 02344992 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\spbl.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00159776 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00015904 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\siem.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sppsm.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00698400 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00016416 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00080416 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00028704 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00070688 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00030752 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srsbs.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00047648 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srbu.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00067104 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00152096 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smti.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00032800 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srom.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00032800 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smtu.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00040992 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smta.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00071200 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smsp.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00026144 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sgml.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00063520 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00026656 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srpdm.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00045088 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00036896 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00194592 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00257056 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srns.dll
2014-07-20 14:27 - 2014-07-20 14:27 - 00043008 _____ () c:\users\dana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk1gsh.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Dana\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-20 14:18 - 2014-07-20 14:18 - 00125496 _____ () C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-02-17 10:37 - 2014-02-17 10:37 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-11-10 17:40 - 2012-07-20 14:04 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00101408 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00142880 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 08:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17028, time stamp: 0x53a20947
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00023e60
Faulting process id: 0x185c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/21/2014 08:23:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/15/2014 08:43:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/12/2014 10:22:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/10/2014 08:49:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - July 2014 (KB890830).
 
Error: (06/30/2014 06:07:15 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (06/02/2014 05:27:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/02/2014 05:16:50 PM) (Source: DCOM) (EventID: 10010) (User: DANAROSEN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (06/02/2014 05:11:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (06/02/2014 05:12:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:34:36 PM on ‎6/‎2/‎2014 was unexpected.
 
Error: (05/18/2014 11:52:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 08:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947ntdll.dll6.2.9200.1691253645e25c000000500023e60185c01cfa4df157e8facC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll60271a04-10d2-11e4-bea2-c48508b4e127
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 59%
Total physical RAM: 3973.75 MB
Available physical RAM: 1615.16 MB
Total Pagefile: 6917.75 MB
Available Pagefile: 3580.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.87 GB) (Free:396.13 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FEBBAA24)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: AB57CDDB)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 21 July 2014 - 08:00 AM

Ok. Please continue with the following steps:


Step 1

Please uninstall some programs:
  • Please open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Ask Toolbar
    Cinema-Plus-1.2
    DesktopWeatherAlerts
    Easy Speed Check
    Easy Speed PC
    FreeSoftToday 025.163
    LPT System Updater Service
    NewPlayer
    NewPlayer
    Remote Desktop Access
    Snap.Do
    Snap.Do Engine

  • Reboot your computer.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 08:07 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Dana at 2014-07-21 08:36:24
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Speed Check (HKLM-x32\...\Easy Speed Check) (Version: 1.1.2 - Probit Software LTD)
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD)
FreeSoftToday 025.163 (HKLM-x32\...\fst_us_163_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NewPlayer (HKLM-x32\...\1EC0AEF7-C123-E8C4-C067-C319930EBEC0) (Version:  - NewPlayer-software) <==== ATTENTION
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.3 - ) <==== ATTENTION
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{23e21170-4bf1-4237-9c3a-d94048df0010}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Zoom (HKCU\...\ZoomUMX) (Version: 2.1 - Zoom Video Communications, Inc.)
 
==================== Restore Points  =========================
 
27-06-2014 11:55:57 Scheduled Checkpoint
09-07-2014 12:23:57 Windows Update
12-07-2014 12:39:13 Windows Update
15-07-2014 02:09:52 Installed QuickTime 7
18-07-2014 22:45:53 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00D86A79-7D8F-450D-A00A-2C33209B9473} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {010E531A-B35B-4D2D-B978-B864A1A73245} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1917D324-C2C8-4323-80FC-44D4E4218A49} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {240ED185-59D9-4171-A484-51753EB9435D} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe [2014-07-20] (Cinema Plus)
Task: {2E7FA47F-C637-4734-BBB9-20D915EFFBA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {30333F48-9BA0-42CB-9997-B3A18841FF6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {389CD004-76EB-45D3-BD91-5940E49A09E5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {39946108-B222-4213-9A99-2BFAA0A260B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {4CFF4065-30E9-4201-B8C3-CBFBC41205AA} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.exe [2014-07-20] (Cinema Plus)
Task: {5102A2CF-4D40-40B3-AED5-516E1E91553E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-20] (globalUpdate) <==== ATTENTION
Task: {52FC4C4E-8889-447D-948D-D4C58F8C2BDE} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-20] (Cinema Plus)
Task: {5B8FC722-2DFD-49C9-A954-2CF2536FF1CE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-20] (globalUpdate) <==== ATTENTION
Task: {643AE151-1CC1-47A9-BEF4-4CE9173C4C09} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {672AD229-674B-4B52-A88F-08AACBF617DC} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe [2014-07-20] (Cinema Plus)
Task: {6D60FDB1-854B-4270-8B59-F531328CD1FC} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\di9NewPlayer\di3NewPlayerC92.exe [2014-07-20] ()
Task: {76498FE7-C12B-4197-9DFD-F820CF025F4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {77243336-CFC3-44BB-BA6E-B647CBF1DB0C} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {78BDD8EF-AB67-4D94-B04F-18857F68AA5D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8582ABF5-E6F2-4D61-A2EB-1E1ED1B73E8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {884DFDFC-ABF5-4A3A-B5FB-8AEE1223DF41} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-20] (Cinema Plus)
Task: {914D68E5-1EEE-41BB-A984-95B27502CA5D} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.exe [2014-07-20] (Cinema Plus)
Task: {9A154B1D-38CE-4884-9416-807FB9074DF0} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.exe [2014-07-20] (Cinema Plus)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7B1EE27-22A7-4F95-A441-13F6A5762BB8} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3 => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.exe [2014-07-20] (Cinema Plus)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {BA16FE77-FF9C-4876-BEB6-576C01924C2F} - System32\Tasks\NewPlayer_wd => C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe [2014-07-20] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6D49553-97AA-4ED6-A33C-2B07CA447EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {D1318C1C-854D-4DCE-ADEC-BDFA58B5B496} - System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe [2014-07-20] (Cinema Plus)
Task: {D6A63E6F-46D0-46E2-82A6-68CB289CA17D} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C8A39A-C811-465B-A5A1-F4952D8D4113} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-29] (Intel)
Task: {E6590393-8377-482F-B61F-011B616AE96B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user.job => C:\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe
Task: C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NewPlayer Update.job => C:\Program Files (x86)\di9NewPlayer\di3NewPlayerC92.exe
Task: C:\Windows\Tasks\NewPlayer_wd.job => C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-10 18:31 - 2014-06-10 18:31 - 00034336 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-07-20 14:16 - 2014-07-20 14:16 - 00147456 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.exe
2014-07-16 08:41 - 2014-07-16 08:41 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-06-10 18:31 - 2014-06-10 18:31 - 00036384 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00024608 _____ () C:\Users\Dana\AppData\Local\LPT\srptm.exe
2014-07-20 14:16 - 2014-07-20 14:16 - 00098304 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerT.exe
2014-07-20 14:16 - 2014-07-17 13:02 - 03324384 _____ () C:\Users\Dana\AppData\Local\fst_us_163\upfst_us_163.exe
2012-11-10 19:13 - 2012-07-30 13:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 13:00 - 2014-02-25 13:00 - 00550952 _____ () C:\Users\Dana\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00044064 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-07-20 14:16 - 2014-07-20 14:16 - 00171520 _____ () C:\Program Files (x86)\di9NewPlayer\di2NewPlayerud175.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00060960 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00084000 _____ () C:\Users\Dana\AppData\Local\LPT\srpt.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00044576 _____ () C:\Users\Dana\AppData\Local\LPT\srptc.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00018976 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Common.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00070688 _____ () C:\Users\Dana\AppData\Local\LPT\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\LPT\sppsm.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00159776 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00028704 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00167456 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00047648 _____ () C:\Users\Dana\AppData\Local\LPT\srbu.dll
2014-07-20 14:19 - 2014-07-20 14:19 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00026656 _____ () C:\Users\Dana\AppData\Local\LPT\srpdm.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00027680 _____ () C:\Users\Dana\AppData\Local\LPT\ProxySettings.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00045600 _____ () C:\Users\Dana\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00029216 _____ () C:\Users\Dana\AppData\Local\LPT\sreu.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00055840 _____ () C:\Users\Dana\AppData\Local\LPT\srprl.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00051232 _____ () C:\Users\Dana\AppData\Local\LPT\lrrot.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 10683392 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 07741952 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 01681408 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 02248192 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00117248 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00231936 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 17:21 - 2014-05-15 17:21 - 00253440 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 17:24 - 2014-05-15 17:24 - 00344064 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 00026624 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00112142 _____ () C:\Program Files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 01000974 _____ () C:\Program Files (x86)\Easy Speed Check\libstdc++-6.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00279955 _____ () C:\Program Files (x86)\Easy Speed Check\libidn-11.dll
2014-07-20 14:18 - 2013-08-25 20:02 - 00131598 _____ () C:\Program Files (x86)\Easy Speed Check\zlib1.dll
2014-07-20 14:18 - 2014-01-28 06:04 - 00020480 _____ () C:\Program Files (x86)\Easy Speed Check\cwebpage.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00048160 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00071712 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srau.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00167456 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 02344992 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\spbl.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00159776 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00015904 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\siem.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00068640 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sppsm.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00698400 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00016416 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00080416 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00028704 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00070688 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srut.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00030752 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srsbs.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00047648 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srbu.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00067104 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00152096 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smti.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00032800 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srom.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00032800 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smtu.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00040992 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smta.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00071200 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\smsp.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00026144 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sgml.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00063520 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00026656 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srpdm.dll
2014-07-06 17:37 - 2014-07-06 17:37 - 00045088 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00036896 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-07-06 17:38 - 2014-07-06 17:38 - 00194592 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00257056 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\srns.dll
2014-07-20 14:27 - 2014-07-20 14:27 - 00043008 _____ () c:\users\dana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk1gsh.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Dana\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-20 14:18 - 2014-07-20 14:18 - 00125496 _____ () C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-02-17 10:37 - 2014-02-17 10:37 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-11-10 17:40 - 2012-07-20 14:04 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00101408 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
2014-07-06 17:39 - 2014-07-06 17:39 - 00142880 _____ () C:\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 08:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17028, time stamp: 0x53a20947
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00023e60
Faulting process id: 0x185c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/21/2014 08:23:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/15/2014 08:43:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/12/2014 10:22:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/10/2014 08:49:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - July 2014 (KB890830).
 
Error: (06/30/2014 06:07:15 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (06/02/2014 05:27:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/02/2014 05:16:50 PM) (Source: DCOM) (EventID: 10010) (User: DANAROSEN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (06/02/2014 05:11:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (06/02/2014 05:12:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:34:36 PM on ‎6/‎2/‎2014 was unexpected.
 
Error: (05/18/2014 11:52:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 08:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947ntdll.dll6.2.9200.1691253645e25c000000500023e60185c01cfa4df157e8facC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll60271a04-10d2-11e4-bea2-c48508b4e127
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62597735
 
Error: (07/21/2014 08:22:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62596391
 
Error: (07/21/2014 08:22:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62595141
 
Error: (07/21/2014 08:22:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 59%
Total physical RAM: 3973.75 MB
Available physical RAM: 1615.16 MB
Total Pagefile: 6917.75 MB
Available Pagefile: 3580.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.87 GB) (Free:396.13 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FEBBAA24)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: AB57CDDB)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 21 July 2014 - 08:20 AM

The next steps are already written in my previous post above.

#7 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 08:53 AM

Cinema-Plus-1.2 and Snap.Do Engine would not uninstall

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 09:46:06

# Updated 17/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Dana - DANAROSEN
# Running from : C:\Users\Dana\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : LPTSystemUpdater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Dana\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Dana\AppData\Local\LPT
Folder Deleted : C:\Users\Dana\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Dana\AppData\Local\Smartbar
Folder Deleted : C:\Users\Dana\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Dana\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Dana\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Dana\AppData\LocalLow\Smartbar
File Deleted : C:\END
File Deleted : C:\Users\Dana\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-1
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-11
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-2
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-3
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-4
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-6
File Deleted : C:\Windows\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7.job
File Deleted : C:\Windows\System32\Tasks\459c62d0-fa43-4c38-90a3-081c8311cfb6-7
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060548.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060548.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060548.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060548.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611051148}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622052248}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655055548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666056648}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644054448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611051148}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611051148}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622052248}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655055548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666056648}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85B2qFc6EDzwteIbuyoHEJu6S2NIKhDkRmmChUpLoCG3_PVrIK2vB2-vl39eP2IVqC3p2pJeof-OMUuDlTvVhwnQ0C41aQ7iWTvVx7G2bU6K1ULf88L_2Bc1t6VyX79iI
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlMGoIDxoPfmHzjFv7biGYD0tIjZ_glgng4XDiZGDJdzFrMBfAbjdl3uBXnLq8oL-ua-nwNfTSVTD9nXjoLLQK5eBjCLwA,,
 
*************************
 
AdwCleaner[R0].txt - [12950 octets] - [21/07/2014 09:42:18]
AdwCleaner[R1].txt - [13011 octets] - [21/07/2014 09:44:58]
AdwCleaner[S0].txt - [10295 octets] - [21/07/2014 09:46:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10356 octets] ##########


#8 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 09:14 AM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Dana (administrator) on DANAROSEN on 21-07-2014 10:12:21
Running from C:\Users\Dana\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [fst_us_163] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [Google Update] => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-10] (Google Inc.)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [MusicManager] => C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-1715484851-1912604928-717142542-1001\...\Run: [GoogleChromeAutoLaunch_35D503578298CFB9BB273407D0EC26F2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {6A08377C-5E11-43F3-9AB6-CAB25F0EAE35} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {6A08377C-5E11-43F3-9AB6-CAB25F0EAE35} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\Dana\AppData\Roaming\Zoom\bin_00\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-19]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85B2qFc6EDzwteIbuyoHEJu6S2NIKhDkRmmChUpLoCG3_PVrIK2vB2-vl39eP2IVqC3p2pJeof-OMUuDlTvVhwnQ0C41aQ7iWTvVx7G2bU6K1ULf88L_2Bc1t6VyX79iI", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlMGoIDxoPfmHzjFv7biGYD0tIjZ_glgng4XDiZGDJdzFrMBfAbjdl3uBXnLq8oL-ua-nwNfTSVTD9nXjoLLQK5eBjCLwA,,"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-24]
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (Google Search) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Search by Image (by Google)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-11-21]
CHR Extension: (WhoIs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhnaioakffcmagdeoigioijcblhfiib [2013-11-21]
CHR Extension: (Zoho CRM) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2013-11-21]
CHR Extension: (Quick SEO - PageRank, Backlinks & Alexa Tool) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2013-11-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-30]
CHR Extension: (Hangouts) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-04]
CHR Extension: (Google Wallet) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
 
==================== Services (Whitelisted) =================
 
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [200808 2012-09-07] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140720.019\ENG64.SYS [126040 2014-03-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140720.019\EX64.SYS [2099288 2014-03-23] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 09:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 09:41 - 2014-07-21 09:46 - 00000000 ____D () C:\AdwCleaner
2014-07-21 09:40 - 2014-07-21 09:40 - 01354223 _____ () C:\Users\Dana\Desktop\AdwCleaner.exe
2014-07-21 08:36 - 2014-07-21 08:37 - 00036506 _____ () C:\Users\Dana\Desktop\Addition.txt
2014-07-21 08:34 - 2014-07-21 10:12 - 00020151 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-07-21 08:32 - 2014-07-21 10:12 - 00000000 ____D () C:\FRST
2014-07-21 08:31 - 2014-07-21 08:31 - 02089984 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-07-20 14:27 - 2014-07-21 09:12 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Probit Software
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-20 14:22 - 2014-07-20 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97}
2014-07-20 14:18 - 2014-07-21 09:12 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-20 14:18 - 2014-07-20 14:23 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.2
2014-07-20 14:16 - 2014-07-21 09:12 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-20 14:15 - 2014-07-20 14:15 - 01385128 _____ () C:\Users\Dana\Downloads\Setup.exe
2014-07-18 18:46 - 2014-07-18 18:46 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 18:46 - 2014-07-18 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 18:46 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 18:46 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 18:46 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 18:46 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-15 07:06 - 2014-07-15 07:06 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 22:11 - 2014-07-14 22:11 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-14 21:03 - 2014-07-14 21:08 - 248114027 _____ () C:\Users\Dana\Downloads\TEACHINGS OF THE RAV - MASTERING RESRICTIONS CLASS 1 20140708.wmv
2014-07-12 08:42 - 2014-07-12 08:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 08:11 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 08:11 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 08:11 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-09 08:11 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 08:11 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 08:11 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:11 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:11 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 08:11 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 08:11 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 08:11 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:11 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 08:11 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 08:11 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 08:11 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 08:11 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 08:11 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 08:11 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 08:11 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 08:11 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 08:11 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 08:10 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 08:10 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:10 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:10 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:10 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:10 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 08:10 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 08:10 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 08:10 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 08:10 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:10 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 08:10 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 08:10 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:10 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 08:10 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 10:12 - 2014-07-21 08:34 - 00020151 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-07-21 10:12 - 2014-07-21 08:32 - 00000000 ____D () C:\FRST
2014-07-21 10:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 09:55 - 2012-11-10 17:46 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-21 09:54 - 2013-01-18 18:49 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1715484851-1912604928-717142542-1001
2014-07-21 09:49 - 2013-01-18 20:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 09:47 - 2012-11-10 19:30 - 00232922 _____ () C:\Windows\PFRO.log
2014-07-21 09:47 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 09:46 - 2014-07-21 09:41 - 00000000 ____D () C:\AdwCleaner
2014-07-21 09:43 - 2013-02-10 11:48 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA.job
2014-07-21 09:40 - 2014-07-21 09:40 - 01354223 _____ () C:\Users\Dana\Desktop\AdwCleaner.exe
2014-07-21 09:18 - 2013-01-18 20:27 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 09:15 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-21 09:12 - 2014-07-20 14:27 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Probit Software
2014-07-21 09:12 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-21 09:12 - 2014-07-20 14:16 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-21 09:06 - 2013-09-02 12:29 - 00000000 ____D () C:\Users\Dana\AppData\Local\CrashDumps
2014-07-21 08:37 - 2014-07-21 08:36 - 00036506 _____ () C:\Users\Dana\Desktop\Addition.txt
2014-07-21 08:36 - 2013-01-18 18:41 - 01805572 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 08:31 - 2014-07-21 08:31 - 02089984 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-20 14:27 - 2014-05-18 11:54 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\DropboxMaster
2014-07-20 14:27 - 2013-01-20 23:51 - 00000000 ___RD () C:\Users\Dana\Dropbox
2014-07-20 14:27 - 2013-01-20 23:47 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Dropbox
2014-07-20 14:25 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-20 14:23 - 2014-07-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.2
2014-07-20 14:22 - 2014-07-20 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97}
2014-07-20 14:15 - 2014-07-20 14:15 - 01385128 _____ () C:\Users\Dana\Downloads\Setup.exe
2014-07-18 18:46 - 2014-07-18 18:46 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 18:46 - 2014-07-18 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 18:46 - 2014-01-16 23:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 18:46 - 2013-07-17 10:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 17:20 - 2013-01-18 20:28 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 08:45 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-15 21:43 - 2013-02-10 11:48 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core.job
2014-07-15 20:54 - 2013-01-18 19:39 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\PCDr
2014-07-15 07:06 - 2014-07-15 07:06 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 22:11 - 2014-07-14 22:11 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-14 22:10 - 2013-01-18 19:04 - 00000000 ____D () C:\Users\Dana\AppData\Local\Apple Computer
2014-07-14 21:57 - 2013-02-09 20:49 - 00100352 ___SH () C:\Users\Dana\Downloads\Thumbs.db
2014-07-14 21:08 - 2014-07-14 21:03 - 248114027 _____ () C:\Users\Dana\Downloads\TEACHINGS OF THE RAV - MASTERING RESRICTIONS CLASS 1 20140708.wmv
2014-07-13 18:30 - 2012-07-26 03:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 09:10 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-07-12 08:42 - 2014-07-12 08:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 08:42 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-12 08:42 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 08:41 - 2013-08-14 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 08:39 - 2013-01-19 14:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 03:02 - 2014-07-18 18:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-18 18:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-18 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-18 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 08:32 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-30 18:42 - 2014-07-09 08:11 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 18:42 - 2014-07-09 08:11 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 18:42 - 2014-07-09 08:11 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-30 18:08 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-06-27 23:35 - 2014-07-09 08:11 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 16:53 - 2013-12-01 13:48 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:53 - 2013-12-01 13:48 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 21:38 - 2013-02-10 11:48 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA
2014-06-25 21:38 - 2013-02-10 11:48 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core
 
Some content of TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk1gsh.dll
C:\Users\Dana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Dana\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 04:19
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Dana at 2014-07-21 10:13:23
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{23e21170-4bf1-4237-9c3a-d94048df0010}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Zoom (HKCU\...\ZoomUMX) (Version: 2.1 - Zoom Video Communications, Inc.)
 
==================== Restore Points  =========================
 
27-06-2014 11:55:57 Scheduled Checkpoint
09-07-2014 12:23:57 Windows Update
12-07-2014 12:39:13 Windows Update
15-07-2014 02:09:52 Installed QuickTime 7
18-07-2014 22:45:53 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00D86A79-7D8F-450D-A00A-2C33209B9473} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {010E531A-B35B-4D2D-B978-B864A1A73245} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1917D324-C2C8-4323-80FC-44D4E4218A49} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {240ED185-59D9-4171-A484-51753EB9435D} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-5 No Task File <==== ATTENTION
Task: {2E7FA47F-C637-4734-BBB9-20D915EFFBA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {30333F48-9BA0-42CB-9997-B3A18841FF6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {389CD004-76EB-45D3-BD91-5940E49A09E5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {39946108-B222-4213-9A99-2BFAA0A260B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {4CFF4065-30E9-4201-B8C3-CBFBC41205AA} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-4 No Task File <==== ATTENTION
Task: {5102A2CF-4D40-40B3-AED5-516E1E91553E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {52FC4C4E-8889-447D-948D-D4C58F8C2BDE} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-7 No Task File <==== ATTENTION
Task: {5B8FC722-2DFD-49C9-A954-2CF2536FF1CE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {643AE151-1CC1-47A9-BEF4-4CE9173C4C09} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {672AD229-674B-4B52-A88F-08AACBF617DC} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-1 No Task File <==== ATTENTION
Task: {76498FE7-C12B-4197-9DFD-F820CF025F4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {77243336-CFC3-44BB-BA6E-B647CBF1DB0C} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {78BDD8EF-AB67-4D94-B04F-18857F68AA5D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8582ABF5-E6F2-4D61-A2EB-1E1ED1B73E8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {884DFDFC-ABF5-4A3A-B5FB-8AEE1223DF41} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-6 No Task File <==== ATTENTION
Task: {914D68E5-1EEE-41BB-A984-95B27502CA5D} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-11 No Task File <==== ATTENTION
Task: {9A154B1D-38CE-4884-9416-807FB9074DF0} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-2 No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7B1EE27-22A7-4F95-A441-13F6A5762BB8} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-3 No Task File <==== ATTENTION
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6D49553-97AA-4ED6-A33C-2B07CA447EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {D1318C1C-854D-4DCE-ADEC-BDFA58B5B496} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user No Task File <==== ATTENTION
Task: {D6A63E6F-46D0-46E2-82A6-68CB289CA17D} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C8A39A-C811-465B-A5A1-F4952D8D4113} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-29] (Intel)
Task: {E6590393-8377-482F-B61F-011B616AE96B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001Core.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715484851-1912604928-717142542-1001UA.job => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-11-10 19:13 - 2012-07-30 13:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 16:13 - 2012-11-28 16:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 10683392 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 07741952 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 01681408 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 02248192 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00117248 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00231936 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 17:21 - 2014-05-15 17:21 - 00253440 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 17:24 - 2014-05-15 17:24 - 00344064 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 00026624 _____ () C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-02-17 10:37 - 2014-02-17 10:37 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-11-10 17:40 - 2012-07-20 14:04 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 17:20 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 864563
 
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 864563
 
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9344
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9344
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8219
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8219
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7032
 
 
System errors:
=============
Error: (07/21/2014 09:36:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/21/2014 09:15:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.
 
Error: (07/21/2014 08:23:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/15/2014 08:43:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/12/2014 10:22:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/10/2014 08:49:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - July 2014 (KB890830).
 
Error: (06/30/2014 06:07:15 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (06/02/2014 05:27:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/02/2014 05:16:50 PM) (Source: DCOM) (EventID: 10010) (User: DANAROSEN)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (06/02/2014 05:11:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 864563
 
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 864563
 
Error: (07/21/2014 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9344
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9344
 
Error: (07/21/2014 09:56:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8219
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8219
 
Error: (07/21/2014 09:56:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 09:56:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7032
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 3973.75 MB
Available physical RAM: 2097.82 MB
Total Pagefile: 6917.75 MB
Available Pagefile: 4898.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.87 GB) (Free:396.32 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FEBBAA24)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: AB57CDDB)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 21 July 2014 - 09:22 AM

This is looking better already. How is your computer running now?


Step 1

Please download this attached Attached File  fixlist.txt   1.61KB   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 03:40 PM

Computer is running faster again without popup ads for what I can see.

 

 

 

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Dana at 2014-07-21 15:22:31 Run:1
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [fst_us_163] => [X]
2014-07-20 14:27 - 2014-07-21 09:12 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Probit Software
2014-07-20 14:27 - 2014-07-20 14:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-20 14:22 - 2014-07-20 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97}
2014-07-20 14:18 - 2014-07-21 09:12 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-20 14:18 - 2014-07-20 14:23 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.2
2014-07-20 14:16 - 2014-07-21 09:12 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-20 14:15 - 2014-07-20 14:15 - 01385128 _____ () C:\Users\Dana\Downloads\Setup.exe
Task: {240ED185-59D9-4171-A484-51753EB9435D} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-5 No Task File <==== ATTENTION
Task: {4CFF4065-30E9-4201-B8C3-CBFBC41205AA} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-4 No Task File <==== ATTENTION
Task: {5102A2CF-4D40-40B3-AED5-516E1E91553E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {52FC4C4E-8889-447D-948D-D4C58F8C2BDE} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-7 No Task File <==== ATTENTION
Task: {5B8FC722-2DFD-49C9-A954-2CF2536FF1CE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {672AD229-674B-4B52-A88F-08AACBF617DC} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-1 No Task File <==== ATTENTION
Task: {A7B1EE27-22A7-4F95-A441-13F6A5762BB8} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-3 No Task File <==== ATTENTION
Task: {D1318C1C-854D-4DCE-ADEC-BDFA58B5B496} - \459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user No Task File <==== ATTENTION
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_163 => value deleted successfully.
C:\Users\Dana\AppData\Roaming\Probit Software => Moved successfully.
C:\ProgramData\TEMP => Moved successfully.
C:\Windows\System32\Tasks\{2862F2CA-0B87-429F-B72D-F9BD85F8FC97} => Moved successfully.
C:\Program Files (x86)\Easy Speed Check => Moved successfully.
C:\Program Files (x86)\Cinema-Plus-1.2 => Moved successfully.
C:\Program Files (x86)\Probit Software => Moved successfully.
C:\Users\Dana\Downloads\Setup.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{240ED185-59D9-4171-A484-51753EB9435D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{240ED185-59D9-4171-A484-51753EB9435D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CFF4065-30E9-4201-B8C3-CBFBC41205AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CFF4065-30E9-4201-B8C3-CBFBC41205AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5102A2CF-4D40-40B3-AED5-516E1E91553E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5102A2CF-4D40-40B3-AED5-516E1E91553E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52FC4C4E-8889-447D-948D-D4C58F8C2BDE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52FC4C4E-8889-447D-948D-D4C58F8C2BDE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-7' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B8FC722-2DFD-49C9-A954-2CF2536FF1CE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B8FC722-2DFD-49C9-A954-2CF2536FF1CE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{672AD229-674B-4B52-A88F-08AACBF617DC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{672AD229-674B-4B52-A88F-08AACBF617DC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7B1EE27-22A7-4F95-A441-13F6A5762BB8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7B1EE27-22A7-4F95-A441-13F6A5762BB8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1318C1C-854D-4DCE-ADEC-BDFA58B5B496}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1318C1C-854D-4DCE-ADEC-BDFA58B5B496}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\459c62d0-fa43-4c38-90a3-081c8311cfb6-5_user' => Key deleted successfully.
 
==== End of Fixlog ====
 
 
 
 
ESET logfile
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dana\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-11.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-2.exe a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-3.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-4.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6-5.exe a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\459c62d0-fa43-4c38-90a3-081c8311cfb6.xpi JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bg.exe a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.dll a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe a variant of Win32/Toolbar.CrossRider.AE potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\e04df1f3-705d-43b2-8063-b79c0ac35277.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema-Plus-1.2\f279645b-3041-4081-922d-4b43a9a07741.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Dana\Downloads\Setup.exe.xBAD a variant of Win32/SoftPulse.H potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/SoftPulse.H potentially unwanted application
C:\Windows\Installer\96270b1.msi a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\Installer\9627466.msi Win32/Toolbar.Linkury.D potentially unwanted application
C:\Windows\Installer\MSI7D10.tmp a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSI94C1.tmp a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSICEBF.tmp a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSI7D10.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSI7D10.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSI7D10.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\Installer\MSI94C1.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSI94C1.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSI94C1.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\Installer\MSICEBF.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSICEBF.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSICEBF.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
 


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 21 July 2014 - 04:25 PM

This is looking very good. No more active malware or adware has been found.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#12 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 05:24 PM

are you sure? I went into control panel to uninstall MBAM or ESET, and noticed that "Snap.Do Engine" and a second icon also called "Snap.Do Engine" was still in the installed programs list.  I selected uninstall and it disappeared, but the another Snap.Do Engine icon that won't delete/uninstall. I highlight it and select uninstall, but nothing happens.  

 

Never did uninstall MBAM or ESET yet.  Just want to make sure this is cleaned up.



#13 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 July 2014 - 05:32 PM

yes still there in the list of installed programs after i rebooted

 

Also when I open a Chrome Browser, it opens up two tabs and two tabs for Snap.do searches

 

Here's the AdwCleaner log...

 

 # AdwCleaner v3.216 - Report created 21/07/2014 at 18:27:43

# Updated 17/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Dana - DANAROSEN
# Running from : C:\Users\Dana\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\SmartBar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85B2qFc6EDzwteIbuyoHEJu6S2NIKhDkRmmChUpLoCG3_PVrIK2vB2-vl39eP2IVqC3p2pJeof-OMUuDlTvVhwnQ0C41aQ7iWTvVx7G2bU6K1ULf88L_2Bc1t6VyX79iI
Found [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlMGoIDxoPfmHzjFv7biGYD0tIjZ_glgng4XDiZGDJdzFrMBfAbjdl3uBXnLq8oL-ua-nwNfTSVTD9nXjoLLQK5eBjCLwA,,
 
*************************
 
AdwCleaner[R0].txt - [12950 octets] - [21/07/2014 09:42:18]
AdwCleaner[R1].txt - [13011 octets] - [21/07/2014 09:44:58]
AdwCleaner[R2].txt - [1220 octets] - [21/07/2014 18:27:43]
AdwCleaner[S0].txt - [10501 octets] - [21/07/2014 09:46:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1341 octets] ##########


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 22 July 2014 - 01:52 AM

You can run AdwCleaner again an click on "Delete" after the search has completed. When the snap.do tabs still open in Chrome afterwards you can remove them manually in the Chrome settings: https://support.google.com/chrome/answer/95421?hl=en

The entries in Control panel are just leftovers. If it bothers you then the following fix should remove it.


Please download this attached Attached File  fixlist.txt   338bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 22 July 2014 - 01:53 AM.


#15 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 22 July 2014 - 06:42 AM

Thanks, I went into the Chrome settings to re-set home pages. 

 

here's the Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Dana at 2014-07-22 07:40:04 Run:2
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg delete "HKU\S-1-5-21-1715484851-1912604928-717142542-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23e21170-4bf1-4237-9c3a-d94048df0010}" /f
REG: reg delete "HKU\S-1-5-21-1715484851-1912604928-717142542-1001\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23e21170-4bf1-4237-9c3a-d94048df0010}" /f
 
*****************
 
 
========= reg delete "HKU\S-1-5-21-1715484851-1912604928-717142542-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23e21170-4bf1-4237-9c3a-d94048df0010}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-1715484851-1912604928-717142542-1001\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23e21170-4bf1-4237-9c3a-d94048df0010}" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users