Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost .exe COM surrogate and Trojan Powelik


  • This topic is locked This topic is locked
23 replies to this topic

#1 Bostonrunner

Bostonrunner

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 November 2014 - 12:45 PM

I have windows 7 64 bit system hp pc. Ran dds tool and am attaching dds.txt and attach.txt.  CPU usage skyrockets and many process lines show COM surrogate running.  Also Norton blocks Trojan pwelik and notifies of high CPU usage.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Brian II at 12:12:51 on 2014-11-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4001.1692 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN24L141WW05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\BRIANI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: lpl.com
Trusted Zone: lumesis.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{4FF5B2C7-0A65-46C7-9079-32C0F5A2C4E5} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{EDEE820F-B3D1-4479-A18D-2FFE5D305A32} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  EpePcNp64 DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Users\Brian II\AppData\Local\Citrix\Plugins\79\npappdetector.dll
FF - plugin: C:\Users\Brian II\AppData\Roaming\Mozilla\plugins\npatgpc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\Windows\System32\drivers\MfeEpeOpal.sys [2011-7-21 94152]
R0 MfeEpePc;MfeEpePc;C:\Windows\System32\drivers\MfeEpePc.sys [2011-7-21 158280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-6 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-6 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-6 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141105.001\IDSviA64.sys [2014-11-6 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-6 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-6 593112]
R2 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-7-8 162816]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-8-26 322048]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-7-21 1318912]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe [2014-10-6 265040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-14 142640]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-11-26 2431792]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-15 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2011-5-9 64312]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-5-9 464440]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-8-15 158976]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-8-15 31152]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-11-05 15:23:14 -------- d-----w- C:\NPE
2014-10-21 17:40:34 -------- d-----w- C:\Users\Brian II\AppData\Local\Macromedia
2014-10-21 17:28:18 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 17:08:29 -------- d-----w- C:\Program Files (x86)\CarbonPoker Odds Calculator
2014-10-20 15:48:23 -------- d-----w- C:\Users\Brian II\AppData\Local\eclipse
2014-10-20 15:01:04 -------- d-----w- C:\Users\Brian II\AppData\Local\CarbonPoker
2014-10-15 19:53:53 3722240 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-10 16:00:54 -------- d-----w- C:\Intel
.
==================== Find3M  ====================
.
2014-10-20 15:52:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 15:52:30 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 12:13:37.75 ===============
and attach file

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/24/2012 3:07:14 PM
System Uptime: 11/6/2014 9:22:18 AM (3 hours ago)
.
Motherboard: Foxconn |  | 2ABF
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz | CPU 1 | 1590/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 385.718 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.882 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP171: 10/16/2014 3:01:23 AM - Windows Update
RP172: 10/16/2014 10:43:58 AM - Installed HP Update.
RP173: 10/27/2014 4:17:26 PM - Scheduled Checkpoint
RP174: 11/6/2014 11:15:29 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.21
Adobe AIR
Adobe AIR Free Download Packages
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Amazon Kindle
Bejeweled 3
Blackhawk Striker 2
Blio
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Cradle of Rome 2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Device Access Manager for HP ProtectTools
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
Drive Encryption For HP ProtectTools
Farm Frenzy
Farmscapes
FATE
ffdshow v1.2.4422 [2012-04-09]
File Sanitizer For HP ProtectTools
File Type Assistant
Final Drive Fury
Firefox Free Download Packages
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.3.0.1009
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.2.2.3
Highlightly
Hoyle Card Games
HP Auto
HP Client Services
HP Connect Solutions
HP Customer Experience Enhancements
HP Desktop Keyboard
HP FWUpdateEDO2
HP Games
HP LJ300-400 color M351-M451
HP Odometer
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Product FWUpdater
HP ProtectTools Security Manager
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Unified IO
HP Update
HP Vision Hardware Diagnostics
hpbDSService
hpbM351M451DSService
HPDiagnosticAlert
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI
HPLJDXPHelper
HPLJUTCore
HPLJUTM351-M451
hppLaserJetService
hppM351_M451LaserJetService
hppToolboxProxyM351
hpStatusAlerts
hpStatusAlertsM351_M451
I.R.I.S. OCR
InstanceFinder
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
join.me
Junk Mail filter update
Kobo
LabelPrint
Letters from Nowhere 2
LJDXPHelperUI
Luxor HD
Mah Jong Medley
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Recording Player
Norton 360
OJ4620FWUpdateAlert
opensource
PDF Complete Special Edition
Penguins!
Photo Common
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
QuickBooks
QuickBooks Pro 2014
QuickBooks Runtime Redistributable
Ralink 802.11n Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
The Treasures of Mystery Island: The Ghost Ship
ToolboxProxy
Torchlight
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update Installer for WildTangent Games App
VIP Access SDK (1.0.1.4)
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/6/2014 9:26:27 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/5/2014 8:11:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
11/5/2014 10:21:22 AM, Error: Service Control Manager [7030]  - The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/5/2014 10:17:47 AM, Error: Service Control Manager [7000]  - The NPEService service failed to start due to the following error:  The system cannot find the file specified.
10/31/2014 7:28:00 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 

 

 

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 06 November 2014 - 04:11 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 November 2014 - 06:16 PM

Thanks for your help.  EST file:

 

[2014.11.06 18:03:58.302] - Begin
[2014.11.06 18:03:58.302] -
[2014.11.06 18:03:58.318] -     ....................................
[2014.11.06 18:03:58.318] -   ..::::::::::::::::::....................
[2014.11.06 18:03:58.318] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.06 18:03:58.318] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.06 18:03:58.333] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.06 18:03:58.333] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.06 18:03:58.333] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.06 18:03:58.333] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.06 18:03:58.333] -     ....................................
[2014.11.06 18:03:58.333] -
[2014.11.06 18:03:58.333] - --------------------------------------------------------------------------------
[2014.11.06 18:03:58.333] -
[2014.11.06 18:03:58.333] - INFO: OS: 6.1.7601 SP1
[2014.11.06 18:03:58.333] - INFO: Product Type: Workstation
[2014.11.06 18:03:58.333] - INFO: WoW64: True
[2014.11.06 18:03:58.333] - INFO: Machine guid: EBA6E99B-1D97-4465-9453-8DB0FA48F828
[2014.11.06 18:03:58.333] -
[2014.11.06 18:04:04.417] - INFO: Scanning for system infection...
[2014.11.06 18:04:04.417] - --------------------------------------------------------------------------------
[2014.11.06 18:04:04.417] -
[2014.11.06 18:04:04.417] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 18:04:04.417] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 18:04:04.417] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 18:04:04.417] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 18:04:04.417] - INFO: Processing classes...
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}]
[2014.11.06 18:04:04.417] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F0AD44C0-60FB-11D1-B265-00A0243F1B5C}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.06 18:04:04.433] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:04:04.433] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:04:04.449] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:04:04.449] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:04:04.449] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:04:04.449] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:04:04.449] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:04:04.449] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.06 18:04:04.449] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 18:04:04.449] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 18:04:04.449] - INFO: Win32/Poweliks found
[2014.11.06 18:05:19.816] - INFO: process: dllhost.exe, pid 14492, parent 6964
[2014.11.06 18:05:19.816] - INFO: Terminated process pid = 14492
[2014.11.06 18:05:19.816] - INFO: process: dllhost.exe, pid 9564, parent 14492
[2014.11.06 18:05:19.816] - INFO: Terminated process pid = 9564
[2014.11.06 18:05:19.816] - INFO: process: dllhost.exe, pid 15476, parent 9564
[2014.11.06 18:05:19.816] - INFO: Terminated process pid = 15476
[2014.11.06 18:05:19.818] - INFO: process: dllhost.exe, pid 16880, parent 804
[2014.11.06 18:05:19.818] - INFO: Terminated process pid = 16880
[2014.11.06 18:05:19.821] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 18:05:19.821] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 18:05:19.821] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 18:05:19.821] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 18:05:19.821] - INFO: Processing classes...
[2014.11.06 18:05:19.821] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:05:19.821] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:05:19.821] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.06 18:05:19.823] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F0AD44C0-60FB-11D1-B265-00A0243F1B5C}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}]
[2014.11.06 18:05:19.826] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\.DEFAULT\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.06 18:05:19.828] - INFO: Processing clsid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.06 18:05:19.828] - INFO: Deleted classid [\Registry\User\S-1-5-21-2116565142-2898140465-1252225305-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{086A3F0F-CF9A-441C-94E6-7EA920ED8B7F}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{0BEBE1C3-9906-437B-8BF0-26098FCCFB11}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{11307AAE-E562-4152-882F-89E1B82E80C3}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{11D3ED8F-3FA3-4642-8A03-BED919B50C2E}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{18BCA438-BAAC-4E76-BC6F-1FD5DFB5D81E}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{198BA995-6D8D-48C9-BA2D-28199F0E07BD}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1A70F1DA-8801-44B7-B227-43FD85C1BD46}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1C239B4E-866D-4FB2-A0F5-E6DB538C17B2}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{1FC61CE5-9303-481A-9304-7FF9BA2EF5FC}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{23D283CF-8041-43CB-8AC3-EB0CAB136BE3}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{2454BDDB-3EDD-4A29-9CE8-16DA41ED5AEF}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{27951AC3-2100-454B-A8A4-0FBE431BCEA8}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{289D00A6-6A73-49F3-8F82-5404EC25E829}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{37F2C54C-DE73-4D7E-92D8-6330DC235EF0}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{393E0E68-11AC-41D6-BF70-8263EB0420BE}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{4089E469-7D38-4B58-824D-8535E1252D41}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{451FFA0D-F091-45E8-B294-8CEDFAFB0554}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{548E275F-0290-40E7-B454-738B0C61DE60}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{55E8577B-E48A-49C3-BC87-DCAB90157603}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{5722C2DA-A84E-487B-A1BA-E688C3790626}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{62072A9D-B793-4E4F-BC83-D927275FC0F8}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{6A5C6DEE-C603-4402-B78D-8010C031CF63}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{6FEAA44D-B4A8-4078-A262-6C9C59F768AE}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7148D525-A487-4B84-A850-52BB1C9AA444}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{714D3A9D-F7C6-487F-A903-E01D9B70C0D2}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7A1668A0-0C28-4F00-BC93-EC1D4FCEF2FF}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{7D39C2C5-D11A-497F-9C9C-9573C0A6D87C}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{825BDDE4-ECCD-4652-800C-6E06F1717224}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{96526238-2A9E-4F78-96AB-1A0EFC45C61E}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{A80A9CEC-401F-4242-9579-6A8BC2FA9072}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{ACA2EA65-587D-409D-A0E9-36B0A6E2D2E0}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{ADCF5391-C7F8-4909-A415-6959B0F10769}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{B906071E-9281-44B9-BBDB-98893081D222}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{C1942E1F-1B66-464E-A408-4AE7D2B3C9A3}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{C6A83752-462C-4213-835F-41B93E30A113}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{D0EC826A-16E3-432C-BCAE-667C25A2756C}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{D8F219B9-D0C0-470C-8210-74650E79D3DC}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{DED72938-4B76-40A5-BE13-845F4AF4B983}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{E26D94DD-4CF7-4705-9DFB-5A00B07C4D19}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{E49B30C9-6D7E-48F5-91DA-F2F0414C6A13}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EA9C5C50-F43B-4AEB-A994-58520C38D640}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EB65EDA9-9261-4604-A706-8FC34AB65297}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{EE4E49B0-38EC-4C23-A7A6-2E190B5E3418}]
[2014.11.06 18:05:19.831] - INFO: Processing clsid [\Registry\User\S-1-5-18\SOFTWARE\Classes\CLSID\{F80E0A72-22C2-4307-9738-79DD4502FCCE}]
[2014.11.06 18:05:19.833] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:05:19.833] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:05:19.833] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 18:05:19.833] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 18:05:19.833] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.06 18:05:19.833] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 18:05:19.833] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 18:05:19.833] - INFO: Cleaning status: 0
[2014.11.06 18:05:29.664] - End

 

And FRST files:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Brian II (administrator) on BRIANII-HP on 06-11-2014 18:10:02
Running from C:\Users\Brian II\Desktop
Loaded Profile: Brian II (Available profiles: Brian II)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [136760 2011-07-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\Run: [MsnMsgr] => "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\MountPoints2: {b1f928d1-43f2-11e4-b8a4-ac162d0f5731} - F:\Autorun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Brian II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\hp\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKLM - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKLM-x32 - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKCU - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Highlightly -> {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -> C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Highlightly -> {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -> C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Brian II\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian II\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938\searchplugins\safesearch.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-06]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-06-30]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.79) - C:\Users\Brian II\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20]
CHR Extension: (Google Drive) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20]
CHR Extension: (YouTube) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20]
CHR Extension: (Highlightly) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom [2014-01-13]
CHR Extension: (Google Search) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20]
CHR Extension: (Norton Identity Protection) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-20]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [cmclajginlihohopoeofghddnhpplhom] - C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464440 2011-05-09] (Hewlett-Packard Company)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [162816 2011-07-08] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPFSService; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-07-21] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141105.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [94152 2011-07-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-07-21] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.004\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.004\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-08-15] ()
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-11-06] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 18:10 - 2014-11-06 18:10 - 00024807 _____ () C:\Users\Brian II\Desktop\FRST.txt
2014-11-06 18:09 - 2014-11-06 18:10 - 00000000 ____D () C:\FRST
2014-11-06 18:08 - 2014-11-06 18:08 - 02114560 _____ (Farbar) C:\Users\Brian II\Desktop\FRST64.exe
2014-11-06 18:03 - 2014-11-06 18:05 - 00145534 _____ () C:\Users\Brian II\Desktop\ESETPoweliksCleaner.exe_20141106.180358.7024.log
2014-11-06 18:03 - 2014-11-06 18:03 - 00186568 _____ (ESET) C:\Users\Brian II\Downloads\ESETPoweliksCleaner.exe
2014-11-06 14:47 - 2014-11-06 14:47 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-11-06 14:35 - 2014-11-06 14:47 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-11-06 12:28 - 2014-11-06 12:28 - 00015880 _____ () C:\Users\Brian II\Downloads\Womens Phone List October 2014.xlsx
2014-11-06 12:13 - 2014-11-06 12:13 - 00022458 _____ () C:\Users\Brian II\Desktop\dds.txt
2014-11-06 12:13 - 2014-11-06 12:13 - 00009236 _____ () C:\Users\Brian II\Desktop\attach.txt
2014-11-06 12:12 - 2014-11-06 12:12 - 00688992 ____R (Swearware) C:\Users\Brian II\Downloads\dds (1).com
2014-11-06 12:11 - 2014-11-06 12:11 - 00688992 _____ (Swearware) C:\Users\Brian II\Downloads\dds.com
2014-11-06 10:31 - 2014-11-06 10:31 - 00000323 _____ () C:\Users\Brian II\Desktop\HP OfficeJet 4620 series Printer Firmware Update.url
2014-11-05 10:23 - 2014-11-06 14:42 - 00000000 ____D () C:\NPE
2014-10-27 18:25 - 2014-11-05 18:54 - 00000000 ____D () C:\Users\Brian II\Documents\Mountain View Group
2014-10-24 06:26 - 2014-10-24 06:26 - 03780499 _____ () C:\Users\Brian II\Downloads\Toolsformoney Models for October '14.zip
2014-10-21 12:40 - 2014-10-21 12:40 - 00000000 ____D () C:\Users\Brian II\AppData\Local\Macromedia
2014-10-21 12:28 - 2014-10-21 12:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 12:08 - 2014-10-21 21:50 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker Odds Calculator
2014-10-20 10:48 - 2014-10-20 10:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\eclipse
2014-10-20 10:01 - 2014-10-20 10:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\CarbonPoker
2014-10-20 10:00 - 2014-10-21 21:50 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 14:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 14:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 14:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 14:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:55 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:55 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:55 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:55 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:55 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:55 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:55 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:55 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:55 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:55 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:55 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:55 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:55 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:55 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:55 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:55 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:55 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:55 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:55 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:55 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:55 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:55 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:55 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:55 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:55 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:55 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:54 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 14:54 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 14:54 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:54 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:54 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:54 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:54 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:54 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:54 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 14:54 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:54 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:54 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:54 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 14:54 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 14:54 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 14:54 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:54 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:54 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 14:54 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:54 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:54 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:54 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 14:54 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 14:54 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 14:54 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:54 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:54 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 14:54 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 14:54 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:54 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 14:54 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:54 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:54 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:54 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 14:54 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:54 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:54 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 14:54 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:54 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 14:54 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 14:54 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 14:54 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:54 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 14:54 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:54 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 14:54 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:54 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:54 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 14:54 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:54 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 14:53 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:53 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:53 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:53 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:53 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:53 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 14:53 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:53 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:53 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 14:53 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:53 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:53 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-10 11:00 - 2014-10-10 11:00 - 00000000 ____D () C:\Intel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 18:07 - 2012-09-12 06:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 17:24 - 2012-09-17 18:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 15:35 - 2012-08-24 14:12 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{44D02B4B-AA74-4CCF-81E7-A745A48E46E9}
2014-11-06 14:50 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 14:50 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 14:47 - 2013-02-15 09:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\NPE
2014-11-06 14:46 - 2009-07-14 00:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 14:45 - 2012-08-24 14:06 - 01905054 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 14:42 - 2012-08-15 15:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-06 14:41 - 2012-09-12 06:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 14:40 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 14:40 - 2009-07-13 23:51 - 00046993 _____ () C:\Windows\setupact.log
2014-11-06 13:23 - 2014-03-21 06:37 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForBrian II.job
2014-11-06 12:58 - 2010-11-20 22:47 - 01034604 _____ () C:\Windows\PFRO.log
2014-11-06 12:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 11:05 - 2013-01-28 11:03 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-11-06 10:44 - 2012-09-12 12:27 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\HpUpdate
2014-11-05 10:06 - 2014-01-15 10:33 - 03060320 ____N (Symantec Corporation) C:\Users\Brian II\Downloads\NPE.exe
2014-11-04 18:48 - 2012-09-12 08:28 - 00000000 ____D () C:\Users\Brian II\AppData\Local\CrashDumps
2014-10-31 06:23 - 2014-03-21 06:37 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBrian II
2014-10-31 06:23 - 2013-02-01 08:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-31 06:23 - 2012-09-07 10:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-30 11:28 - 2013-09-17 12:53 - 00000000 ____D () C:\Users\Brian II\Documents\Brian
2014-10-29 14:09 - 2013-04-11 07:46 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 19:09 - 2013-11-13 18:58 - 00000000 ____D () C:\Users\Brian II\Documents\JulieMc School Docs
2014-10-27 15:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-24 10:11 - 2013-05-24 15:53 - 00000000 ____D () C:\Users\Brian II\Documents\HHS
2014-10-21 13:02 - 2012-09-12 06:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 13:02 - 2012-09-12 06:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 15:55 - 2013-02-01 13:46 - 00000000 ____D () C:\Users\Brian II\Documents\My Kindle Content
2014-10-20 10:55 - 2012-09-14 09:16 - 00000000 ____D () C:\Users\Brian II\AppData\Local\Adobe
2014-10-20 10:52 - 2012-09-17 18:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:52 - 2012-09-17 18:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:52 - 2012-09-17 18:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 10:48 - 2013-01-28 11:03 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\Mozilla
2014-10-16 09:45 - 2012-08-15 15:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-16 08:27 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 02:28 - 2009-07-13 23:45 - 00357176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:07 - 2012-09-07 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:04 - 2013-08-02 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2012-09-07 10:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 11:00 - 2012-08-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Intel

Some content of TEMP:
====================
C:\Users\Brian II\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 15:06

==================== End Of Log ============================

and addition txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Brian II at 2014-11-06 18:10:46
Running from C:\Users\Brian II\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR Free Download Packages (HKCU\...\Adobe AIR Free Download Packages) (Version:  - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.12 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.82.26444 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firefox Free Download Packages (HKCU\...\Firefox Free Download Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Highlightly (HKLM-x32\...\Highlightly) (Version: 1.9.0.0 - Highlightly) <==== ATTENTION
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version:  - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{3CF97AC1-219E-44DA-B3DE-32FCAD606231}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM351-M451 (x32 Version: 1.02.0013 - HP) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM351_M451LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
hppToolboxProxyM351 (x32 Version: 020.021.004 - HP) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM351_M451 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.10.1.258 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{199DB693-9278-40EC-8BC8-5DE939DA03C5}) (Version: 2.29.3216 - Cisco WebEx LLC)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OJ4620FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
QuickBooks (x32 Version: 24.0.4005.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4005.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2116565142-2898140465-1252225305-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

16-10-2014 07:01:23 Windows Update
16-10-2014 14:43:58 Installed HP Update.
27-10-2014 20:17:26 Scheduled Checkpoint
06-11-2014 16:15:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E24B094-6AA0-4A41-BE5D-43DD755ECA46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {11BE9545-CD28-48C6-B0AB-C91376DB4D6D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {11DF1B0D-61AD-4F80-9E64-A1B90A7E3A4E} - System32\Tasks\HPCeeScheduleForBrian II => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {22B9FA02-7E51-474A-81C2-195BF84F06BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {239E7E87-C9BC-4AD5-A0EC-ADD603E4B0A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3BD84436-809E-4A15-974B-46D0613D4FAF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {3D11F2FD-F71D-481A-909C-D7F8D96D98A4} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION
Task: {589BBA22-3B61-4EC7-A274-896CC8A3291C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5BE3EC4D-3E47-4C8A-B36B-729A5E9C7721} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {66F145B1-07ED-462D-868B-D1E6B4C75746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B310302A-DF3A-4538-9C60-6E3CA312D0F8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C707706E-395C-4760-815A-702F7865D101} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {D10BB4F1-B357-4B12-A154-9862B46497F3} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-05-06] (                                                            ) <==== ATTENTION
Task: {FFF5C9B2-FEBF-452E-899B-C6E6D321C8C3} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrian II.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-07-21 19:57 - 2011-07-21 19:57 - 03376128 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-07-21 19:19 - 2011-07-21 19:19 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-07-21 19:19 - 2011-07-21 19:19 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-15 15:11 - 2011-09-09 05:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-15 15:25 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2014-02-27 09:49 - 2014-08-15 08:44 - 00083768 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
2011-07-21 19:41 - 2011-07-21 19:41 - 02818048 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-21 19:18 - 2011-07-21 19:18 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-21 19:40 - 2011-07-21 19:40 - 03080192 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-21 19:44 - 2011-07-21 19:44 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-21 19:42 - 2011-07-21 19:42 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-21 19:21 - 2011-07-21 19:21 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-21 19:22 - 2011-07-21 19:22 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-02-27 09:49 - 2014-08-15 08:44 - 00084280 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
2014-02-27 09:49 - 2014-06-27 15:52 - 00198992 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-02-27 09:49 - 2014-02-27 09:49 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00581960 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-02-27 12:59 - 2014-02-27 12:59 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00778056 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2011-07-19 15:07 - 2011-07-19 15:07 - 00111160 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Brian II\Documents\Mountain View Group phone list instructions.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2116565142-2898140465-1252225305-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2116565142-2898140465-1252225305-1003 - Limited - Enabled)
Brian II (S-1-5-21-2116565142-2898140465-1252225305-1001 - Administrator - Enabled) => C:\Users\Brian II
Guest (S-1-5-21-2116565142-2898140465-1252225305-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 10:38:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TSAssist.exe version 2014.5.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9f8

Start Time: 01cff9cd3a1d57bd

Termination Time: 1390

Application Path: C:\Program Files (x86)\File Type Assistant\TSAssist.exe

Report Id: c41e71f5-65ca-11e4-974e-ac162d0f5731

Error: (11/06/2014 10:17:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2e2c86cb-aeca-4836-88ce-fa975506c16a}

Error: (11/05/2014 06:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064ad42
Faulting process id: 0x2af4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/05/2014 06:21:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c4

Start Time: 01cff9459374b5b7

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/05/2014 09:47:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3728

Start Time: 01cff9064f562dd2

Termination Time: 3606

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 06:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x4f5c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/04/2014 06:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 49a8

Start Time: 01cff84283381cff

Termination Time: 3514

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x155c0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/04/2014 10:17:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064ad45
Faulting process id: 0x1adc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/04/2014 10:17:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {17969b9b-eed6-4e80-b3d2-f3f9d44eb4d5}

System errors:
=============
Error: (11/06/2014 06:04:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 03:03:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/06/2014 02:42:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/06/2014 02:36:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/06/2014 02:01:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/06/2014 02:00:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 00:59:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/06/2014 10:32:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 09:26:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/05/2014 08:13:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (11/06/2014 10:38:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TSAssist.exe2014.5.6.09f801cff9cd3a1d57bd1390C:\Program Files (x86)\File Type Assistant\TSAssist.exec41e71f5-65ca-11e4-974e-ac162d0f5731

Error: (11/06/2014 10:17:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2e2c86cb-aeca-4836-88ce-fa975506c16a}

Error: (11/05/2014 06:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63Flash32_15_0_0_167.ocx15.0.0.167541384c0c00000050064ad422af401cff94f3e6f4c28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocx0bdf9cd2-6546-11e4-8d06-ac162d0f5731

Error: (11/05/2014 06:21:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1734414c401cff9459374b5b710C:\Program Files\Internet Explorer\iexplore.exe

Error: (11/05/2014 09:47:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344372801cff9064f562dd23606C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/04/2014 06:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf4f5c01cff88943cd7c86C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll011c855d-647d-11e4-8527-ac162d0f5731

Error: (11/04/2014 06:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1734449a801cff84283381cff3514C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/04/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91155c001cff8870e2d9a76C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5e320b1b-647a-11e4-8527-ac162d0f5731

Error: (11/04/2014 10:17:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63Flash32_15_0_0_167.ocx15.0.0.167541384c0c00000050064ad451adc01cff8303d21669bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocxb5460acd-6435-11e4-8527-ac162d0f5731

Error: (11/04/2014 10:17:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {17969b9b-eed6-4e80-b3d2-f3f9d44eb4d5}

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4000.82 MB
Available physical RAM: 2125.22 MB
Total Pagefile: 7999.81 MB
Available Pagefile: 5743.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:384.44 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.12 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 06 November 2014 - 06:24 PM

Hi,

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

                                     Adobe AIR Free Download Packages
                                                    File Type Assistant
                                       Firefox Free Download Packages
                                                            Highlightly


Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 06 November 2014 - 06:24 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 November 2014 - 09:31 PM

adw cleaner file:

 

# AdwCleaner v3.311 - Report created 06/11/2014 at 21:24:15
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Brian II - BRIANII-HP
# Running from : C:\Users\Brian II\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Users\Brian II\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\wangzhisong\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom
Folder Deleted : C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Brian II\daemonprocess.txt
File Deleted : C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938\searchplugins\safesearch.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cmclajginlihohopoeofghddnhpplhom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Key Deleted : HKCU\Software\Bitberry
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938\prefs.js ]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
Deleted [Extension] : cmclajginlihohopoeofghddnhpplhom

*************************

AdwCleaner[R1].txt - [2515 octets] - [06/11/2014 21:22:17]
AdwCleaner[S1].txt - [2428 octets] - [06/11/2014 21:24:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2488 octets] ##########



#6 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 November 2014 - 10:03 PM

anti malware log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 9:43:40 PM
Logfile:
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.11.07.01
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brian II

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348742
Time Elapsed: 15 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.Highlightly, HKLM\SOFTWARE\CLASSES\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\CLASSES\TYPELIB\{EA3802D2-C00A-4478-9319-34075A31C28F}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\CLASSES\INTERFACE\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EA3802D2-C00A-4478-9319-34075A31C28F}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKU\S-1-5-21-2116565142-2898140465-1252225305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKU\S-1-5-21-2116565142-2898140465-1252225305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [c627d6628cf0c5711fce882c877b6e92],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\Highlightly, Quarantined, [da131820225a72c4510c62312fd558a8],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Highlightly.A, C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom, Quarantined, [f6f7ff395b21d363955c8b774cb75fa1],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#7 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 November 2014 - 10:08 PM

FRST txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Brian II (administrator) on BRIANII-HP on 06-11-2014 22:05:18
Running from C:\Users\Brian II\Desktop
Loaded Profile: Brian II (Available profiles: Brian II)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [136760 2011-07-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\Run: [MsnMsgr] => "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKU\S-1-5-21-2116565142-2898140465-1252225305-1001\...\MountPoints2: {b1f928d1-43f2-11e4-b8a4-ac162d0f5731} - F:\Autorun.exe
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Brian II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\hp\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKLM - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKLM-x32 - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
SearchScopes: HKCU - {EEC377E1-9836-484B-AFA1-05B0EC8A33EF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Brian II\AppData\Roaming\Mozilla\Firefox\Profiles\acyyvt8u.default-1412109133938
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Brian II\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian II\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-06]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-09-12]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.79) - C:\Users\Brian II\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20]
CHR Extension: (Google Drive) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20]
CHR Extension: (YouTube) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20]
CHR Extension: (Google Search) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20]
CHR Extension: (No Name) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-20]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\Brian II\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464440 2011-05-09] (Hewlett-Packard Company)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [162816 2011-07-08] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPFSService; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-07-21] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141105.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [94152 2011-07-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-07-21] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.004\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.004\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-08-15] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 21:42 - 2014-11-06 21:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 21:42 - 2014-11-06 21:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 21:42 - 2014-11-06 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 21:42 - 2014-11-06 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 21:42 - 2014-11-06 21:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 21:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 21:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 21:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 21:35 - 2014-11-06 21:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Brian II\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-06 21:22 - 2014-11-06 21:24 - 00000000 ____D () C:\AdwCleaner
2014-11-06 21:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-06 21:21 - 2014-11-06 21:21 - 01375089 _____ () C:\Users\Brian II\Desktop\AdwCleaner.exe
2014-11-06 18:10 - 2014-11-06 22:05 - 00023489 _____ () C:\Users\Brian II\Desktop\FRST.txt
2014-11-06 18:10 - 2014-11-06 18:11 - 00034712 _____ () C:\Users\Brian II\Desktop\Addition.txt
2014-11-06 18:09 - 2014-11-06 22:05 - 00000000 ____D () C:\FRST
2014-11-06 18:08 - 2014-11-06 18:08 - 02114560 _____ (Farbar) C:\Users\Brian II\Desktop\FRST64.exe
2014-11-06 18:03 - 2014-11-06 18:05 - 00145534 _____ () C:\Users\Brian II\Desktop\ESETPoweliksCleaner.exe_20141106.180358.7024.log
2014-11-06 18:03 - 2014-11-06 18:03 - 00186568 _____ (ESET) C:\Users\Brian II\Downloads\ESETPoweliksCleaner.exe
2014-11-06 12:28 - 2014-11-06 12:28 - 00015880 _____ () C:\Users\Brian II\Downloads\Womens Phone List October 2014.xlsx
2014-11-06 12:13 - 2014-11-06 12:13 - 00022458 _____ () C:\Users\Brian II\Desktop\dds.txt
2014-11-06 12:13 - 2014-11-06 12:13 - 00009236 _____ () C:\Users\Brian II\Desktop\attach.txt
2014-11-06 12:12 - 2014-11-06 12:12 - 00688992 ____R (Swearware) C:\Users\Brian II\Downloads\dds (1).com
2014-11-06 12:11 - 2014-11-06 12:11 - 00688992 _____ (Swearware) C:\Users\Brian II\Downloads\dds.com
2014-11-06 10:31 - 2014-11-06 10:31 - 00000323 _____ () C:\Users\Brian II\Desktop\HP OfficeJet 4620 series Printer Firmware Update.url
2014-11-05 10:23 - 2014-11-06 14:42 - 00000000 ____D () C:\NPE
2014-10-27 18:25 - 2014-11-05 18:54 - 00000000 ____D () C:\Users\Brian II\Documents\Mountain View Group
2014-10-24 06:26 - 2014-10-24 06:26 - 03780499 _____ () C:\Users\Brian II\Downloads\Toolsformoney Models for October '14.zip
2014-10-21 12:40 - 2014-10-21 12:40 - 00000000 ____D () C:\Users\Brian II\AppData\Local\Macromedia
2014-10-21 12:28 - 2014-10-21 12:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 12:08 - 2014-10-21 21:50 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker Odds Calculator
2014-10-20 10:48 - 2014-10-20 10:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\eclipse
2014-10-20 10:01 - 2014-10-20 10:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\CarbonPoker
2014-10-20 10:00 - 2014-10-21 21:50 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 14:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 14:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 14:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 14:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:55 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:55 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:55 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:55 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:55 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:55 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:55 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:55 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:55 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:55 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:55 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:55 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:55 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:55 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:55 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:55 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:55 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:55 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:55 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:55 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:55 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:55 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:55 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:55 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:55 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:55 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:55 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:55 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:55 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:55 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:55 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:54 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 14:54 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 14:54 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:54 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:54 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:54 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:54 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:54 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:54 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:54 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 14:54 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:54 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:54 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:54 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 14:54 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 14:54 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 14:54 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:54 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:54 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 14:54 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:54 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:54 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:54 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 14:54 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 14:54 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 14:54 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:54 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:54 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 14:54 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 14:54 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 14:54 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:54 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 14:54 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:54 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:54 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:54 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 14:54 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:54 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:54 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 14:54 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:54 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 14:54 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 14:54 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 14:54 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:54 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 14:54 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:54 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 14:54 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:54 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:54 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 14:54 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:54 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 14:53 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:53 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:53 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:53 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:53 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:53 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 14:53 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:53 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:53 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:53 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 14:53 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:53 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:53 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:53 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-10 11:00 - 2014-10-10 11:00 - 00000000 ____D () C:\Intel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 21:34 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:34 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:32 - 2009-07-14 00:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:31 - 2012-08-24 14:06 - 01912644 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 21:27 - 2012-09-12 06:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 21:27 - 2012-08-15 15:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-06 21:26 - 2010-11-20 22:47 - 01034918 _____ () C:\Windows\PFRO.log
2014-11-06 21:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 21:26 - 2009-07-13 23:51 - 00047049 _____ () C:\Windows\setupact.log
2014-11-06 21:24 - 2012-09-17 18:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 21:24 - 2012-08-24 14:07 - 00000000 ____D () C:\Users\Brian II
2014-11-06 21:07 - 2012-09-12 06:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 21:03 - 2013-02-01 08:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-06 21:03 - 2012-09-07 10:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-06 20:46 - 2014-03-21 06:37 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForBrian II.job
2014-11-06 15:35 - 2012-08-24 14:12 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{44D02B4B-AA74-4CCF-81E7-A745A48E46E9}
2014-11-06 14:47 - 2013-02-15 09:48 - 00000000 ____D () C:\Users\Brian II\AppData\Local\NPE
2014-11-06 12:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 10:44 - 2012-09-12 12:27 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\HpUpdate
2014-11-05 10:06 - 2014-01-15 10:33 - 03060320 ____N (Symantec Corporation) C:\Users\Brian II\Downloads\NPE.exe
2014-11-04 18:48 - 2012-09-12 08:28 - 00000000 ____D () C:\Users\Brian II\AppData\Local\CrashDumps
2014-10-31 06:23 - 2014-03-21 06:37 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBrian II
2014-10-30 11:28 - 2013-09-17 12:53 - 00000000 ____D () C:\Users\Brian II\Documents\Brian
2014-10-29 14:09 - 2013-04-11 07:46 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 19:09 - 2013-11-13 18:58 - 00000000 ____D () C:\Users\Brian II\Documents\JulieMc School Docs
2014-10-27 15:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-24 10:11 - 2013-05-24 15:53 - 00000000 ____D () C:\Users\Brian II\Documents\HHS
2014-10-21 13:02 - 2012-09-12 06:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 13:02 - 2012-09-12 06:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 15:55 - 2013-02-01 13:46 - 00000000 ____D () C:\Users\Brian II\Documents\My Kindle Content
2014-10-20 10:55 - 2012-09-14 09:16 - 00000000 ____D () C:\Users\Brian II\AppData\Local\Adobe
2014-10-20 10:52 - 2012-09-17 18:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:52 - 2012-09-17 18:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:52 - 2012-09-17 18:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 10:48 - 2013-01-28 11:03 - 00000000 ____D () C:\Users\Brian II\AppData\Roaming\Mozilla
2014-10-16 09:45 - 2012-08-15 15:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-16 08:27 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 02:28 - 2009-07-13 23:45 - 00357176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:07 - 2012-09-07 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:04 - 2013-08-02 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2012-09-07 10:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 11:00 - 2012-08-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Intel

Some content of TEMP:
====================
C:\Users\Brian II\AppData\Local\Temp\Extract.exe
C:\Users\Brian II\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 15:06

==================== End Of Log ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Brian II at 2014-11-06 22:05:56
Running from C:\Users\Brian II\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.12 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.82.26444 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version:  - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{3CF97AC1-219E-44DA-B3DE-32FCAD606231}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM351-M451 (x32 Version: 1.02.0013 - HP) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM351_M451LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
hppToolboxProxyM351 (x32 Version: 020.021.004 - HP) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM351_M451 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.10.1.258 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{199DB693-9278-40EC-8BC8-5DE939DA03C5}) (Version: 2.29.3216 - Cisco WebEx LLC)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OJ4620FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
QuickBooks (x32 Version: 24.0.4005.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4005.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2116565142-2898140465-1252225305-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

16-10-2014 07:01:23 Windows Update
16-10-2014 14:43:58 Installed HP Update.
27-10-2014 20:17:26 Scheduled Checkpoint
06-11-2014 16:15:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E24B094-6AA0-4A41-BE5D-43DD755ECA46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {11BE9545-CD28-48C6-B0AB-C91376DB4D6D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {11DF1B0D-61AD-4F80-9E64-A1B90A7E3A4E} - System32\Tasks\HPCeeScheduleForBrian II => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {22B9FA02-7E51-474A-81C2-195BF84F06BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {239E7E87-C9BC-4AD5-A0EC-ADD603E4B0A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3BD84436-809E-4A15-974B-46D0613D4FAF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {589BBA22-3B61-4EC7-A274-896CC8A3291C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5BE3EC4D-3E47-4C8A-B36B-729A5E9C7721} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {66F145B1-07ED-462D-868B-D1E6B4C75746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B310302A-DF3A-4538-9C60-6E3CA312D0F8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C707706E-395C-4760-815A-702F7865D101} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {FFF5C9B2-FEBF-452E-899B-C6E6D321C8C3} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrian II.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-07-21 19:57 - 2011-07-21 19:57 - 03376128 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-07-21 19:19 - 2011-07-21 19:19 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-07-21 19:19 - 2011-07-21 19:19 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-15 15:11 - 2011-09-09 05:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-15 15:25 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2014-02-27 09:49 - 2014-08-15 08:44 - 00083768 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
2011-07-21 19:41 - 2011-07-21 19:41 - 02818048 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-21 19:18 - 2011-07-21 19:18 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-21 19:40 - 2011-07-21 19:40 - 03080192 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-21 19:44 - 2011-07-21 19:44 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-21 19:42 - 2011-07-21 19:42 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-21 19:21 - 2011-07-21 19:21 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-21 19:22 - 2011-07-21 19:22 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-02-27 09:49 - 2014-08-15 08:44 - 00084280 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
2014-02-27 09:49 - 2014-06-27 15:52 - 00198992 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-02-27 09:49 - 2014-02-27 09:49 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00581960 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-02-27 12:59 - 2014-02-27 12:59 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00778056 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-02-27 12:58 - 2014-02-27 12:58 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2011-07-19 15:07 - 2011-07-19 15:07 - 00111160 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Brian II\Documents\Mountain View Group phone list instructions.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2116565142-2898140465-1252225305-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2116565142-2898140465-1252225305-1003 - Limited - Enabled)
Brian II (S-1-5-21-2116565142-2898140465-1252225305-1001 - Administrator - Enabled) => C:\Users\Brian II
Guest (S-1-5-21-2116565142-2898140465-1252225305-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 10:38:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TSAssist.exe version 2014.5.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9f8

Start Time: 01cff9cd3a1d57bd

Termination Time: 1390

Application Path: C:\Program Files (x86)\File Type Assistant\TSAssist.exe

Report Id: c41e71f5-65ca-11e4-974e-ac162d0f5731

Error: (11/06/2014 10:17:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2e2c86cb-aeca-4836-88ce-fa975506c16a}

Error: (11/05/2014 06:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064ad42
Faulting process id: 0x2af4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/05/2014 06:21:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c4

Start Time: 01cff9459374b5b7

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/05/2014 09:47:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3728

Start Time: 01cff9064f562dd2

Termination Time: 3606

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 06:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x4f5c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/04/2014 06:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 49a8

Start Time: 01cff84283381cff

Termination Time: 3514

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x155c0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/04/2014 10:17:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064ad45
Faulting process id: 0x1adc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/04/2014 10:17:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {17969b9b-eed6-4e80-b3d2-f3f9d44eb4d5}

System errors:
=============
Error: (11/06/2014 09:27:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/06/2014 06:04:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 03:03:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/06/2014 02:42:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/06/2014 02:36:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/06/2014 02:01:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/06/2014 02:00:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 00:59:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/06/2014 10:32:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 09:26:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (11/06/2014 10:38:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TSAssist.exe2014.5.6.09f801cff9cd3a1d57bd1390C:\Program Files (x86)\File Type Assistant\TSAssist.exec41e71f5-65ca-11e4-974e-ac162d0f5731

Error: (11/06/2014 10:17:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2e2c86cb-aeca-4836-88ce-fa975506c16a}

Error: (11/05/2014 06:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63Flash32_15_0_0_167.ocx15.0.0.167541384c0c00000050064ad422af401cff94f3e6f4c28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocx0bdf9cd2-6546-11e4-8d06-ac162d0f5731

Error: (11/05/2014 06:21:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1734414c401cff9459374b5b710C:\Program Files\Internet Explorer\iexplore.exe

Error: (11/05/2014 09:47:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344372801cff9064f562dd23606C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/04/2014 06:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf4f5c01cff88943cd7c86C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll011c855d-647d-11e4-8527-ac162d0f5731

Error: (11/04/2014 06:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1734449a801cff84283381cff3514C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/04/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91155c001cff8870e2d9a76C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5e320b1b-647a-11e4-8527-ac162d0f5731

Error: (11/04/2014 10:17:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63Flash32_15_0_0_167.ocx15.0.0.167541384c0c00000050064ad451adc01cff8303d21669bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocxb5460acd-6435-11e4-8527-ac162d0f5731

Error: (11/04/2014 10:17:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {17969b9b-eed6-4e80-b3d2-f3f9d44eb4d5}

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 4000.82 MB
Available physical RAM: 2309.3 MB
Total Pagefile: 7999.81 MB
Available Pagefile: 5942.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:384.33 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.12 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 07 November 2014 - 05:40 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   546bytes   7 downloads

Let's do a final check up:



Step 2


Please download esetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 3

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif



Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

Edited by deeprybka, 07 November 2014 - 05:42 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 November 2014 - 09:41 AM

fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Brian II at 2014-11-07 09:30:02 Run:1
Running from C:\Users\Brian II\Desktop
Loaded Profile: Brian II (Available profiles: Brian II)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-10-21 12:28 - 2014-10-21 12:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\intu-help-qb7" => Key deleted successfully.
"HKCR\CLSID\{5A03BD9D-766D-47A6-8E87-CD90F60BE245}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 07 November 2014 - 10:41 AM

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 November 2014 - 11:35 AM

EST online cleaner results:

C:\Windows\uninst.exe a variant of Win32/PCCleaners potentially unwanted application

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 07 November 2014 - 12:07 PM

Please post the complete ESET logfile... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 November 2014 - 01:59 PM

This is what I got. No file .txt appeared ON DESK TOP WHICH IS WHERE I HAD CLEANER LOCATED.

C:\Windows\uninst.exe a variant of Win32/PCCleaners potentially unwanted application

#14 Bostonrunner

Bostonrunner
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 November 2014 - 02:02 PM

caps unintentional...


Do I need to run again?

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 PM

Posted 07 November 2014 - 02:03 PM

 

A log filelog.pngis created at logpath.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users