Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This Infection doesn't allow me to change the settings on my Antivirus


  • This topic is locked This topic is locked
271 replies to this topic

#1 cgccook9

cgccook9

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 26 November 2014 - 01:57 PM

Well, I've been at this for almost two weeks now, and I was told by the guy that was helping me to post my topic here. I followed steps 6 7 and 8 of the preparation guide (I had to use RSIT though because I have windows 8.1) While he was helping me, we found that my hosts file had been hijacked but we were able to fix it. Now,my issue is with my antivirus Total Defense. I can't change any of the settings on it so my pop up blocker is not on (which makes the internet an extremely annoying place) I can't turn cookie control or mobile code control on either. Plus my email isn't protected. It isn't Poweliks, we already ran the scan and it came back negative so it must be something deeper in my system.
Also here is the log from the RSIT scan: Logfile of random's system information tool 1.10 (written by random/random) Run by Caroline at 2014-11-26 13:47:06 Microsoft Windows 8.1 System drive C: has 691 GB (73%) free of 945 GB Total RAM: 16265 MB (88% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:47:18 PM, on 11/26/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\SafeConnect\scClient.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\trend micro\Caroline.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file) O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SOSUAUI] "C:\Program Files (x86)\Total Defense\Online Backup\sosuploadagent.exe" -showui O4 - HKLM\..\Run: [SMessaging] C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Google Update] "C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: SafeConnect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Total Defense Anti-Malware Service (CAAMSvc) - Total Defense, Inc. - C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe O23 - Service: Total Defense ISafe Service (CAISafe) - Computer Associates International, Inc. - C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe O23 - Service: Total Defense Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SafeConnect Manager (SCManager) - Impulse Point, LLC - C:\Program Files (x86)\SafeConnect\scManager.sys O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: WinSvchostManagerSrv - Unknown owner - C:\Windows\SysWOW64\cfgmig32.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe O23 - Service: Wyse RemoteAccess (WyseRemoteAccess) - DELL Inc. - C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- End of file - 13745 bytes ======Listing Processes====== wininit.exe C:\Windows\system32\lsass.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe "dwm.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService atieclxx C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS "C:\Program Files\Tablet\Wacom\WTabletServicePro.exe" "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe 467397415760 \??\C:\Windows\system32\conhost.exe 0x4 C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe" "C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe" "C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe" "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" dashost.exe {d6e1ffe0-148d-418c-89fd09830831626c} "C:\Program Files\Intel\iCLS Client\HeciServer.exe" "C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe" "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" "C:\Program Files (x86)\SafeConnect\scManager.sys" servicestart C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe" C:\Windows\SysWOW64\cfgmig32.exe "C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe" "C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe" -service "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation taskhostex.exe taskeng.exe {70ACDFAB-5F6D-4FF3-A9B2-0E84FAFBD949} taskeng.exe {BA8C30EC-0D30-41A4-B567-B844DE91F163} "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c "C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe" "C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au "C:\Program Files (x86)\Total Defense\Online Backup\SUpdateNotifier.exe" "C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au C:\Windows\Explorer.EXE "C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe" C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\skydrive.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1 "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Dell\QuickSet\quickset.exe" "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp "C:\Program Files\Total Defense\Internet Security Suite\casc.exe" "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" "C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe" /c "C:\Program Files (x86)\SafeConnect\scClient.exe" "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "C:\Windows\System32\SettingSyncHost.exe" -Embedding "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" "C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe" "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 "C:\Program Files\iPod\bin\iPodService.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" "C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" "C:\Program Files (x86)\Dell Update\DellUpService.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" "C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" wmiadap.exe /F /T /R "C:\Users\Caroline\Desktop\RSITx64.exe" C:\Windows\System32\svchost.exe -k WerSvcGroup ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001Core.job - C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001UA.job - C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\Online Backup Update Notifier.job - C:\Program Files (x86)\Total Defense\Online Backup\SUpdateNotifier.exe C:\Windows\tasks\Total Defense Online Backup - carolinegcook29.job - C:\Program Files (x86)\Total Defense\Total Defense Online Backup\sosuploadagent.exe backupnow carolinegcook29 scheduledbackup ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-21 218776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-21 2334928] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-11-21 153248] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-21 1729752] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0123B506-0AD9-43AA-B0CF-916C122AD4C5} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {0123B506-0AD9-43AA-B0CF-916C122AD4C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-08-19 7202520] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-08-07 1321688] "RtHDVBg_PushButton"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-08-07 1321688] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-10-05 391152] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-10-05 771056] "Persistence"=C:\Windows\system32\igfxpers.exe [2013-10-05 769520] "QuickSet"=c:\Program Files\Dell\QuickSet\QuickSet.exe [2013-06-03 5762408] "IAStorIcon"=C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [2013-08-07 36352] "BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-09-19 7818040] "cctray"=C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2014-03-31 2737160] "TotalDefenseOnRun"=C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\caaphupd.exe [2014-03-31 270344] "AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"=C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED [] "Google Update"=C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-12 116648] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-08-19 766208] "SOSUAUI"=C:\Program Files (x86)\Total Defense\Online Backup\sosuploadagent.exe [2012-10-05 41552] "SMessaging"=C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe [2012-10-05 55376] "SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup SafeConnect.lnk - C:\Program Files (x86)\SafeConnect\scClient.exe C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" UmxSbxExA64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2013-10-01 623616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "VIDC.YUY2"=msyuv.dll "vidc.i420"=iyuv_32.dll "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "VIDC.YVYU"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "VIDC.UYVY"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.msvc"=msvidc32.dll "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux2"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-11-26 13:47:06 ----D---- C:\rsit 2014-11-26 13:47:06 ----D---- C:\Program Files\trend micro 2014-11-19 10:22:19 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2014-11-19 10:22:19 ----A---- C:\Windows\system32\kerberos.dll 2014-11-19 10:22:18 ----A---- C:\Windows\SYSWOW64\pku2u.dll 2014-11-19 10:22:18 ----A---- C:\Windows\system32\pku2u.dll 2014-11-18 20:05:46 ----SD---- C:\Windows\SYSWOW64\Microsoft 2014-11-18 18:53:09 ----A---- C:\Recovery.txt 2014-11-18 18:09:09 ----D---- C:\Users\Caroline\AppData\Roaming\PCDr 2014-11-18 18:06:22 ----D---- C:\ProgramData\PCDr 2014-11-18 16:58:47 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.58.47_log.txt 2014-11-18 16:56:44 ----D---- C:\Program Files (x86)\ESET 2014-11-18 16:22:53 ----D---- C:\Windows\ERUNT 2014-11-18 16:20:02 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.20.02_log.txt 2014-11-18 16:13:08 ----A---- C:\Windows\ntbtlog.txt 2014-11-18 14:19:03 ----D---- C:\ProgramData\Adobe 2014-11-18 14:18:14 ----D---- C:\Users\Caroline\AppData\Roaming\Adobe 2014-11-18 13:29:24 ----D---- C:\AdwCleaner 2014-11-17 18:47:31 ----D---- C:\Program Files\Microsoft Office 15 2014-11-12 23:59:58 ----A---- C:\Windows\system32\msi.dll 2014-11-12 23:59:54 ----A---- C:\Windows\SYSWOW64\msi.dll 2014-11-12 23:59:53 ----A---- C:\Windows\system32\authui.dll 2014-11-12 23:59:52 ----A---- C:\Windows\SYSWOW64\authui.dll 2014-11-12 23:59:51 ----A---- C:\Windows\SYSWOW64\msihnd.dll 2014-11-12 23:59:51 ----A---- C:\Windows\system32\msihnd.dll 2014-11-12 23:59:51 ----A---- C:\Windows\system32\consent.exe 2014-11-12 23:59:50 ----A---- C:\Windows\system32\appinfo.dll 2014-11-12 23:59:40 ----A---- C:\Windows\system32\user32.dll 2014-11-12 23:59:38 ----A---- C:\Windows\SYSWOW64\user32.dll 2014-11-12 23:59:37 ----A---- C:\Windows\system32\drivers\WdNisDrv.sys 2014-11-12 23:59:37 ----A---- C:\Windows\system32\drivers\WdFilter.sys 2014-11-12 23:59:35 ----A---- C:\Windows\system32\drivers\WdBoot.sys 2014-11-12 23:59:33 ----A---- C:\Windows\SYSWOW64\winshfhc.dll 2014-11-12 23:59:33 ----A---- C:\Windows\system32\winshfhc.dll 2014-11-11 20:26:21 ----A---- C:\Windows\system32\mshtml.dll 2014-11-11 20:26:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-11-11 20:25:56 ----A---- C:\Windows\system32\ieframe.dll 2014-11-11 20:25:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-11-11 20:25:40 ----A---- C:\Windows\system32\jscript9.dll 2014-11-11 20:19:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-11-11 20:18:41 ----A---- C:\Windows\system32\wininet.dll 2014-11-11 20:18:40 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-11-11 20:18:40 ----A---- C:\Windows\system32\urlmon.dll 2014-11-11 20:18:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-11-11 20:18:39 ----A---- C:\Windows\system32\iertutil.dll 2014-11-11 20:18:38 ----A---- C:\Windows\system32\inetcomm.dll 2014-11-11 20:18:37 ----A---- C:\Windows\SYSWOW64\inetcomm.dll 2014-11-11 20:18:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-11-11 20:18:37 ----A---- C:\Windows\system32\actxprxy.dll 2014-11-11 20:18:36 ----A---- C:\Windows\SYSWOW64\jscript.dll 2014-11-11 20:18:35 ----A---- C:\Windows\system32\jscript9diag.dll 2014-11-11 20:18:35 ----A---- C:\Windows\system32\jscript.dll 2014-11-11 20:18:34 ----A---- C:\Windows\system32\ieui.dll 2014-11-11 20:18:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-11-11 20:18:32 ----A---- C:\Windows\system32\msfeeds.dll 2014-11-11 20:18:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-11-11 20:18:29 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-11-11 20:18:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-11-11 20:18:27 ----A---- C:\Windows\system32\vbscript.dll 2014-11-11 20:14:58 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-11-11 20:14:53 ----A---- C:\Windows\system32\dxtrans.dll 2014-11-11 20:14:53 ----A---- C:\Windows\system32\dxtmsft.dll 2014-11-11 20:14:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2014-11-11 20:14:52 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2014-11-11 20:14:52 ----A---- C:\Windows\system32\ieapfltr.dll 2014-11-11 20:14:49 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2014-11-11 20:14:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2014-11-11 20:14:49 ----A---- C:\Windows\system32\webcheck.dll 2014-11-11 20:14:47 ----A---- C:\Windows\SYSWOW64\hlink.dll 2014-11-11 20:14:47 ----A---- C:\Windows\system32\iedkcs32.dll 2014-11-11 20:14:46 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-11-11 20:14:46 ----A---- C:\Windows\system32\iepeers.dll 2014-11-11 20:14:46 ----A---- C:\Windows\system32\ie4uinit.exe 2014-11-11 20:14:46 ----A---- C:\Windows\system32\hlink.dll 2014-11-11 20:14:45 ----A---- C:\Windows\SYSWOW64\inseng.dll 2014-11-11 20:14:45 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2014-11-11 20:14:45 ----A---- C:\Windows\SYSWOW64\actxprxy.dll 2014-11-11 20:14:45 ----A---- C:\Windows\system32\inseng.dll 2014-11-11 20:14:45 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-11-11 20:14:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-11-11 20:14:44 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2014-11-11 20:14:44 ----A---- C:\Windows\system32\msfeedsbs.dll 2014-11-11 20:14:44 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 20:14:44 ----A---- C:\Windows\system32\ieUnatt.exe 2014-11-11 20:14:44 ----A---- C:\Windows\system32\iesysprep.dll 2014-11-11 20:14:43 ----A---- C:\Windows\SYSWOW64\occache.dll 2014-11-11 20:14:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2014-11-11 20:14:43 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll 2014-11-11 20:14:43 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll 2014-11-11 20:14:43 ----A---- C:\Windows\system32\mshtmled.dll 2014-11-11 20:14:43 ----A---- C:\Windows\system32\jsproxy.dll 2014-11-11 20:14:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-11-11 20:14:42 ----A---- C:\Windows\SYSWOW64\iexpress.exe 2014-11-11 20:14:42 ----A---- C:\Windows\system32\msrating.dll 2014-11-11 20:14:42 ----A---- C:\Windows\system32\MshtmlDac.dll 2014-11-11 20:14:41 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2014-11-11 20:14:41 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2014-11-11 20:14:41 ----A---- C:\Windows\SYSWOW64\imgutil.dll 2014-11-11 20:14:41 ----A---- C:\Windows\system32\occache.dll 2014-11-11 20:14:40 ----A---- C:\Windows\SYSWOW64\wextract.exe 2014-11-11 20:14:40 ----A---- C:\Windows\SYSWOW64\pngfilt.dll 2014-11-11 20:14:40 ----A---- C:\Windows\SYSWOW64\licmgr10.dll 2014-11-11 20:14:40 ----A---- C:\Windows\system32\pngfilt.dll 2014-11-11 20:14:40 ----A---- C:\Windows\system32\licmgr10.dll 2014-11-11 20:14:40 ----A---- C:\Windows\system32\imgutil.dll 2014-11-11 20:14:39 ----A---- C:\Windows\SYSWOW64\url.dll 2014-11-11 20:14:39 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-11-11 20:14:39 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-11-11 20:14:39 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-11-11 20:14:39 ----A---- C:\Windows\system32\url.dll 2014-11-11 20:14:38 ----A---- C:\Windows\system32\wextract.exe 2014-11-11 20:14:38 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-11-11 20:14:38 ----A---- C:\Windows\system32\IEAdvpack.dll 2014-11-11 20:14:37 ----A---- C:\Windows\SYSWOW64\mshta.exe 2014-11-11 20:14:37 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe 2014-11-11 20:14:37 ----A---- C:\Windows\system32\mshta.exe 2014-11-11 20:14:37 ----A---- C:\Windows\system32\msfeedssync.exe 2014-11-11 20:14:37 ----A---- C:\Windows\system32\iexpress.exe 2014-11-11 20:14:37 ----A---- C:\Windows\system32\iesetup.dll 2014-11-11 20:14:37 ----A---- C:\Windows\system32\iernonce.dll 2014-11-11 20:13:33 ----A---- C:\Windows\SYSWOW64\schannel.dll 2014-11-11 20:13:33 ----A---- C:\Windows\system32\schannel.dll 2014-11-11 20:13:32 ----A---- C:\Windows\system32\ncryptsslp.dll 2014-11-11 20:13:32 ----A---- C:\Windows\system32\dpapisrv.dll 2014-11-11 20:13:31 ----A---- C:\Windows\SYSWOW64\ncryptsslp.dll 2014-11-11 20:12:43 ----A---- C:\Windows\system32\shell32.dll 2014-11-11 20:11:27 ----A---- C:\Windows\system32\ntoskrnl.exe 2014-11-11 20:08:46 ----A---- C:\Windows\SYSWOW64\shell32.dll 2014-11-11 20:08:43 ----A---- C:\Windows\system32\SettingsHandlers.dll 2014-11-11 20:08:42 ----A---- C:\Windows\system32\twinui.dll 2014-11-11 20:08:40 ----A---- C:\Windows\system32\localspl.dll 2014-11-11 20:08:40 ----A---- C:\Windows\system32\drivers\tcpip.sys 2014-11-11 20:08:39 ----A---- C:\Windows\system32\MFMediaEngine.dll 2014-11-11 20:08:38 ----A---- C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 20:08:37 ----A---- C:\Windows\SYSWOW64\twinui.dll 2014-11-11 20:08:36 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll 2014-11-11 20:08:35 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll 2014-11-11 20:08:35 ----A---- C:\Windows\system32\drivers\netio.sys 2014-11-11 20:08:34 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll 2014-11-11 20:08:34 ----A---- C:\Windows\system32\WsmSvc.dll 2014-11-11 20:08:33 ----A---- C:\Windows\SYSWOW64\puiobj.dll 2014-11-11 20:08:33 ----A---- C:\Windows\system32\win32spl.dll 2014-11-11 20:08:33 ----A---- C:\Windows\system32\puiobj.dll 2014-11-11 20:08:32 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS 2014-11-11 20:08:30 ----A---- C:\Windows\SYSWOW64\untfs.dll 2014-11-11 20:08:30 ----A---- C:\Windows\system32\untfs.dll 2014-11-11 20:08:30 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS 2014-11-11 20:08:28 ----A---- C:\Windows\system32\FXSCOMEX.dll 2014-11-11 20:08:25 ----A---- C:\Windows\system32\FXSAPI.dll 2014-11-11 20:08:24 ----A---- C:\Windows\SYSWOW64\FXSAPI.dll 2014-11-11 20:08:23 ----A---- C:\Windows\system32\PJLMON.DLL 2014-11-11 20:07:37 ----A---- C:\Windows\system32\rdpcorets.dll 2014-11-11 20:07:36 ----A---- C:\Windows\system32\lsasrv.dll 2014-11-11 20:07:36 ----A---- C:\Windows\system32\drivers\cng.sys 2014-11-11 20:07:35 ----A---- C:\Windows\SYSWOW64\certcli.dll 2014-11-11 20:07:35 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2014-11-11 20:07:35 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2014-11-11 20:07:35 ----A---- C:\Windows\system32\certcli.dll 2014-11-11 20:07:35 ----A---- C:\Windows\system32\adtschema.dll 2014-11-11 20:07:34 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2014-11-11 20:07:34 ----A---- C:\Windows\system32\rfxvmt.dll 2014-11-11 20:07:34 ----A---- C:\Windows\system32\rdpudd.dll 2014-11-11 20:07:34 ----A---- C:\Windows\system32\msaudite.dll 2014-11-11 20:07:34 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys 2014-11-11 20:06:54 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2014-11-11 20:06:54 ----A---- C:\Windows\system32\msxml3.dll 2014-11-11 20:06:14 ----A---- C:\Windows\system32\audiosrv.dll 2014-11-11 20:06:14 ----A---- C:\Windows\system32\AudioSes.dll 2014-11-11 20:06:14 ----A---- C:\Windows\system32\AUDIOKSE.dll 2014-11-11 20:06:13 ----A---- C:\Windows\SYSWOW64\AudioSes.dll 2014-11-11 20:06:13 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll 2014-11-11 20:06:13 ----A---- C:\Windows\system32\AudioEng.dll 2014-11-11 20:06:13 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 20:06:13 ----A---- C:\Windows\system32\audiodg.exe 2014-11-11 20:06:12 ----A---- C:\Windows\SYSWOW64\AudioEng.dll 2014-11-11 20:06:12 ----A---- C:\Windows\system32\EncDump.dll 2014-11-11 20:03:43 ----A---- C:\Windows\system32\win32k.sys 2014-11-11 20:03:41 ----A---- C:\Windows\SYSWOW64\packager.dll 2014-11-11 20:03:41 ----A---- C:\Windows\system32\packager.dll 2014-11-11 20:01:38 ----A---- C:\Windows\SYSWOW64\oleaut32.dll 2014-11-11 20:01:38 ----A---- C:\Windows\system32\oleaut32.dll 2014-11-11 20:00:25 ----A---- C:\Windows\system32\wuaueng.dll 2014-11-11 20:00:16 ----A---- C:\Windows\system32\wuapi.dll 2014-11-11 20:00:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2014-11-11 20:00:13 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2014-11-11 20:00:13 ----A---- C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 20:00:13 ----A---- C:\Windows\system32\wucltux.dll 2014-11-11 20:00:12 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2014-11-11 20:00:11 ----A---- C:\Windows\system32\wuwebv.dll 2014-11-11 20:00:11 ----A---- C:\Windows\system32\wudriver.dll 2014-11-11 20:00:10 ----A---- C:\Windows\system32\wups.dll 2014-11-11 20:00:09 ----A---- C:\Windows\system32\wuauclt.exe 2014-11-11 20:00:08 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2014-11-11 20:00:06 ----A---- C:\Windows\system32\wups2.dll 2014-11-11 20:00:05 ----A---- C:\Windows\SYSWOW64\wups.dll 2014-11-11 19:59:59 ----A---- C:\Windows\system32\wuapp.exe 2014-11-11 19:59:55 ----A---- C:\Windows\system32\wuaext.dll 2014-11-02 15:22:47 ----D---- C:\Program Files\iPod 2014-11-02 15:22:43 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-02 15:22:43 ----D---- C:\Program Files\iTunes 2014-11-02 15:22:43 ----D---- C:\Program Files (x86)\iTunes ======List of files/folders modified in the last 1 month====== 2014-11-26 13:47:16 ----D---- C:\Windows\System32 2014-11-26 13:47:16 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-11-26 13:47:15 ----D---- C:\Windows\Inf 2014-11-26 13:47:13 ----D---- C:\Windows\Prefetch 2014-11-26 13:47:06 ----RD---- C:\Program Files 2014-11-26 13:44:48 ----D---- C:\Windows\Temp 2014-11-26 13:44:03 ----D---- C:\Program Files (x86)\Dell Backup and Recovery 2014-11-26 13:43:34 ----D---- C:\Users\Caroline\AppData\Roaming\Dropbox 2014-11-26 13:40:22 ----D---- C:\Windows\Minidump 2014-11-26 13:40:16 ----D---- C:\Windows 2014-11-26 02:02:00 ----D---- C:\Windows\system32\sru 2014-11-25 20:24:03 ----D---- C:\Windows\system32\config 2014-11-25 20:22:03 ----D---- C:\Windows\CbsTemp 2014-11-25 20:08:15 ----D---- C:\Program Files (x86)\SafeConnect 2014-11-25 15:04:34 ----D---- C:\Windows\AppReadiness 2014-11-25 15:04:33 ----HD---- C:\Program Files\WindowsApps 2014-11-25 01:42:13 ----HD---- C:\ProgramData 2014-11-25 01:42:13 ----D---- C:\Program Files (x86)\Common Files 2014-11-22 23:02:54 ----D---- C:\Windows\system32\drivers 2014-11-22 19:15:10 ----SHD---- C:\Windows\Installer 2014-11-22 19:15:10 ----HD---- C:\Config.msi 2014-11-22 19:15:10 ----D---- C:\ProgramData\regid.1991-06.com.microsoft 2014-11-22 19:13:56 ----D---- C:\Windows\Microsoft.NET 2014-11-22 19:11:25 ----RSD---- C:\Windows\assembly 2014-11-22 19:10:13 ----D---- C:\ProgramData\Microsoft Help 2014-11-22 18:12:04 ----D---- C:\Program Files (x86)\Steam 2014-11-22 17:44:31 ----RSD---- C:\Windows\Fonts 2014-11-21 18:37:32 ----SD---- C:\Users\Caroline\AppData\Roaming\Microsoft 2014-11-19 16:27:29 ----D---- C:\Windows\system32\DriverStore 2014-11-19 11:21:05 ----D---- C:\Windows\system32\drivers\etc 2014-11-19 10:39:45 ----D---- C:\Windows\WinSxS 2014-11-19 10:37:27 ----D---- C:\Windows\SysWOW64 2014-11-19 10:37:27 ----D---- C:\Program Files\Windows Defender 2014-11-19 10:37:27 ----D---- C:\Program Files (x86)\Windows Defender 2014-11-19 09:56:43 ----D---- C:\ProgramData\AVAST Software 2014-11-18 20:06:48 ----D---- C:\Windows\system32\Tasks 2014-11-18 18:52:21 ----D---- C:\Windows\Logs 2014-11-18 16:56:44 ----RD---- C:\Program Files (x86) 2014-11-18 16:53:22 ----SHD---- C:\System Volume Information 2014-11-17 19:00:05 ----SD---- C:\ProgramData\Microsoft 2014-11-15 02:26:35 ----D---- C:\Windows\system32\catroot2 2014-11-14 00:15:41 ----D---- C:\Windows\system32\wbem 2014-11-14 00:15:40 ----D---- C:\Windows\SYSWOW64\en-US 2014-11-14 00:15:36 ----D---- C:\Windows\system32\en-US 2014-11-14 00:15:35 ----D---- C:\Windows\SYSWOW64\migration 2014-11-14 00:15:35 ----D---- C:\Program Files (x86)\Internet Explorer 2014-11-14 00:15:34 ----D---- C:\Windows\system32\migration 2014-11-14 00:15:33 ----D---- C:\Program Files\Internet Explorer 2014-11-14 00:15:31 ----RD---- C:\Windows\ToastData 2014-11-14 00:15:29 ----RD---- C:\Windows\ImmersiveControlPanel 2014-11-14 00:15:29 ----D---- C:\Windows\apppatch 2014-11-14 00:15:09 ----D---- C:\Windows\system32\MRT 2014-11-14 00:03:33 ----A---- C:\Windows\system32\MRT.exe 2014-11-11 19:34:32 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-03 21:32:48 ----D---- C:\Windows\system32\NDF 2014-11-02 15:22:45 ----D---- C:\Program Files\Common Files\Apple 2014-11-02 15:22:30 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-29 19:55:02 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amdkmpfd;@oem186.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2013-05-22 36096] R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-08-02 644968] R0 KmxAMRT;KmxAMRT; C:\Windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352] R0 KmxFw;KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [2011-09-06 143824] R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2013-03-05 91712] R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2011-10-26 113744] R1 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2011-09-06 365136] R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2011-09-06 87120] R1 KmxFilter;@oem195.inf,%CAFLTR_Desc%;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2011-09-06 99024] R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2011-09-06 201936] R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2011-09-06 81488] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-08-20 12521472] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-08-20 617472] R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-08-22 53248] R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304] R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272] R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-01-31 81920] R3 btmaux;@oem189.inf,%BTMAUX.ServiceDesc%;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2013-07-22 140600] R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2013-09-05 1390904] R3 DellRbtn;@oem55.inf,%DellRbtn%;Airplane Mode Switch; C:\Windows\System32\drivers\DellRbtn.sys [2013-01-24 10752] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 ibtusb;@oem190.inf,%ibtusb.SVCDESC_IBT%;Intel® Wireless Bluetooth® 4.0 + HS Adapter; C:\Windows\system32\DRIVERS\ibtusb.sys [2013-10-15 119240] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-10-01 4185600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000] R3 iwdbus;@oem185.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-09-26 27032] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-10-01 25816] R3 MEIx64;@oem203.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverx64.sys [2013-12-11 100312] R3 NETwNb64;@oem56.inf,___ %NIC_Service_DispName_WINB_64%;___ Intel® Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\Windows\system32\DRIVERS\NETwbw02.sys [2013-10-14 3607520] R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2014-01-27 167424] R3 RSUSBVSTOR;@oem181.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2013-11-01 330456] R3 RTL8168;@oem60.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-21 816344] R3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-09-06 34544] R3 SynTP;@oem54.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\System32\drivers\SynTP.sys [2013-09-06 531184] R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224] S3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-06-18 3680256] S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-07-24 1200640] S3 dc3d;@oem82.inf,%dc3d.SvcDesc%;MS Hardware Device Detection Driver (USB); C:\Windows\System32\drivers\dc3d.sys [2014-03-19 76496] S3 dot4;@oem114.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968] S3 Dot4Print;@oem117.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040] S3 dot4usb;@oem114.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056] S3 hidkmdf;@oem197.inf,%hidkmdf.SVCDESC%;KMDF Driver; C:\Windows\System32\drivers\hidkmdf.sys [2013-04-30 14136] S3 intaud_WaveExtensible;@oem184.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-09-26 39320] S3 IntcDAud;@oem182.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-10-01 449528] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 129752] S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-10-01 64216] S3 OATool;OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [] S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-09-06 30448] S3 USBAAPL64;@oem201.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2013-03-18 54784] S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-12-13 121088] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-08-20 239616] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744] R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-08-26 1137016] R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-08-26 1157496] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 CAAMSvc;Total Defense Anti-Malware Service; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe [2013-12-11 314064] R2 CAISafe;Total Defense ISafe Service; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [2014-03-31 314888] R2 ccSchedulerSVC;Total Defense Common Scheduler Service; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2014-03-31 288776] R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-10-30 2443960] R2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-04-10 202248] R2 DellUpdate;Dell Update Service; C:\Program Files (x86)\Dell Update\DellUpService.exe [2014-09-09 150224] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-10-11 631024] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-08-07 15720] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520] R2 Intel® Wireless Bluetooth® 4.0 Radio Management;Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-10-15 157128] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2013-12-11 169432] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2013-12-11 390616] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-10-11 154864] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2013-07-30 253776] R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-06-18 246488] R2 SCManager;SafeConnect Manager; C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520] R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-11-21 1915920] R2 UmxEngine;TM Engine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656] R3 CaCCProvSP;CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [2014-03-31 367112] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12 116648] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504] S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-05 279024] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12 116648] S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-10-11 284912] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728] S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [] -----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 01 December 2014 - 12:20 PM

Greetings cgccook9 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 01 December 2014 - 07:17 PM

Hi Gary, my name is Caroline :)Thank you so much for helping me! I really appreciate it. Ok, so I downloaded the 64 bit version of FRST. I scanned my computer with it and an error message showed up that said : AutoIt Error, Line 6692 (File "C:\Users\Caroline\Desktop\FRST64.exe"): Error: Variable used without being declared. I'm not really sure what that means. However, it also left a log on my desktop so maybe it did successfully run. So I'll post the log in my next reply
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014 Ran by Caroline (administrator) on CAROLINECOOK on 01-12-2014 19:10:04 Running from C:\Users\Caroline\Desktop Loaded Profile: Caroline (Available profiles: Caroline) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe (Computer Associates International, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe (Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys (CA) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe () C:\Windows\SysWOW64\cfgmig32.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Total Defense Online Backup) C:\Program Files (x86)\Total Defense\Online Backup\SUpdateNotifier.exe (Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccevtmgr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe (Google Inc.) C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe (Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SCClient.exe (Dropbox, Inc.) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Total Defense Online Backup) C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2737160 2014-03-31] (Total Defense, Inc.) HKLM\...\Run: [TotalDefenseOnRun] => C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\caaphupd.exe [270344 2014-03-31] (Total Defense, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Total Defense\Online Backup\sosuploadagent.exe [41552 2012-10-05] (Total Defense Online Backup) HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe [55376 2012-10-05] (Total Defense Online Backup) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\PFW-x32: UmxWnp.Dll [X] HKU\S-1-5-21-640993062-139156411-246660031-1001\...\Run: [uTorrent] => "C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-640993062-139156411-246660031-1001\...\Run: [Google Update] => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-12] (Google Inc.) AppInit_DLLs: UmxSbxExA64.dll => C:\Windows\system32\UmxSbxExA64.dll [171600 2011-02-28] (CA) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC) Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-640993062-139156411-246660031-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A313D154281CF01 HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/ HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aquinas.edu/ https://www.gmail.com/intl/en/mail/help/about.html#inbox https://www.pandora.com/ https://www.gmail.com/intl/en/mail/help/about.html#inbox https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/render?pli%3D1&followup=https://www.google.com/calendar&scc=1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> DefaultScope {C8F47CFB-F396-4654-82B6-7EC6BD9F7F88} URL = http://www.bing.com/search?FORM=U281DF&PC=U281&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> {9EB1529D-3F88-4ADF-8EBE-B58431E2C356} URL = SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> {C8F47CFB-F396-4654-82B6-7EC6BD9F7F88} URL = http://www.bing.com/search?FORM=U281DF&PC=U281&q={searchTerms}&src=IE-SearchBox BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File Toolbar: HKLM-x32 - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File Toolbar: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @talk.google.com/O1DPlugin -> C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Users\Caroline\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Caroline\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2014-06-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default

#4 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 01 December 2014 - 07:37 PM

Hi Gary, here's the system file

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 09:13 AM

Hi Caroline,

Sorry about the delay. The formatting of your report isn't coming out correctly. Could you please attach the report instead? In addition, the System Summary report is not attached. Here are instructions regarding attaching a file.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 02 December 2014 - 11:38 AM

Sorry about the for the formatting in the report. Also I did attach the system file report so I'm not sure why it didn't show up

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 12:23 PM

Can you attempt to attach both files again?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 07:09 PM

It looks like the formatting issue may have been a problem because someone else went through the same thing. They can post now so can you try to copy and paste the 2 FRST logs again?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 02 December 2014 - 07:22 PM

Ok, I have attached both the FRST Text document and the system files zip

Attached Files


Edited by cgccook9, 02 December 2014 - 07:22 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 07:35 PM

Thanks, looks like we didn't get the entire FRST.txt document. Do you also have an Addition.txt document on your desktop? I would like to review both of the documents. If you want, you can rerun FRST making sure there is a check mark in Addition.txt.

Sorry this has been a bit cumbersome. I just want to make sure we get the whole picture so we can get your computer cleaned.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 02 December 2014 - 07:37 PM

Oh it's completely fine, I want to make sure that I'm doing it right too. There wasn't an Addition.txt document, I did make sure that I checked the addition box too so I'm not sure why it didn't show up. Does it have anything to do with that error message? Oh and I think that I should add that everytime I try to run the FRST Scanner, my Total Defense freaks out and it blocks the program (it says that it wants access to create folder: C:\Windows\System32\catroot and catroot(2)) The scan doesn't go anywhere unless I click allow like 1000 times.

Edited by cgccook9, 02 December 2014 - 07:50 PM.


#12 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 02 December 2014 - 08:06 PM

Ok, scan finished, this time the Addition.txt was saved.

Attached Files


Edited by cgccook9, 02 December 2014 - 08:07 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 08:07 PM

You can try to disable Total Defense. If you still have trouble you can run FRST in Safe Mode.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 02 December 2014 - 08:08 PM

Thanks, I still need the new FRST.txt information as well since the last post didn't have all the information.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 cgccook9

cgccook9
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:06:59 AM

Posted 02 December 2014 - 08:10 PM

Oh really? That's strange. I didn't do anything to it, I just attached it. Try, try again haha

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Caroline (administrator) on CAROLINECOOK on 02-12-2014 19:38:01
Running from C:\Users\Caroline\Desktop\Anitvirus Stuff
Loaded Profile: Caroline (Available profiles: Caroline)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe
(Computer Associates International, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(CA) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
() C:\Windows\SysWOW64\cfgmig32.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccevtmgr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\casc.exe
(Google Inc.) C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SCClient.exe
(Dropbox, Inc.) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Total Defense Online Backup) C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2737160 2014-03-31] (Total Defense, Inc.)
HKLM\...\Run: [TotalDefenseOnRun] => C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\caaphupd.exe [270344 2014-03-31] (Total Defense, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Total Defense\Online Backup\sosuploadagent.exe [41552 2012-10-05] (Total Defense Online Backup)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Total Defense\Online Backup\SMessaging.exe [55376 2012-10-05] (Total Defense Online Backup)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
HKU\S-1-5-21-640993062-139156411-246660031-1001\...\Run: [uTorrent] => "C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-640993062-139156411-246660031-1001\...\Run: [Google Update] => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-12] (Google Inc.)
AppInit_DLLs: UmxSbxExA64.dll => C:\Windows\system32\UmxSbxExA64.dll [171600 2011-02-28] (CA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)
Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-640993062-139156411-246660031-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A313D154281CF01
HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/
HKU\S-1-5-21-640993062-139156411-246660031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aquinas.edu/
https://www.gmail.com/intl/en/mail/help/about.html#inbox
https://www.pandora.com/
https://www.gmail.com/intl/en/mail/help/about.html#inbox
https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/render?pli%3D1&followup=https://www.google.com/calendar&scc=1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> DefaultScope {C8F47CFB-F396-4654-82B6-7EC6BD9F7F88} URL = http://www.bing.com/search?FORM=U281DF&PC=U281&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> {9EB1529D-3F88-4ADF-8EBE-B58431E2C356} URL =
SearchScopes: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> {C8F47CFB-F396-4654-82B6-7EC6BD9F7F88} URL = http://www.bing.com/search?FORM=U281DF&PC=U281&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKLM-x32 - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-640993062-139156411-246660031-1001 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\3667362u.default
FF Homepage: https://www.bing.com/|hxxp://www.aquinas.edu/|https://www.gmail.com/intl/en/mail/help/about.html#inbox|https://www.pandora.com/|https://www.gmail.com/intl/en/mail/help/about.html#inbox|https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/render?pli%3D1&followup=https://www.google.com/calendar&scc=1
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @talk.google.com/O1DPlugin -> C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-640993062-139156411-246660031-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Caroline\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Caroline\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2014-06-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CAAMSvc; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe [314064 2013-12-11] (Total Defense, Inc.)
R3 CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [367112 2014-03-31] (Total Defense, Inc.)
R2 CAISafe; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [314888 2014-03-31] (Computer Associates International, Inc.)
R2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288776 2014-03-31] (Total Defense, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [150224 2014-09-09] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
R2 UmxEngine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [920656 2011-04-04] (CA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WinSvchostManagerSrv; C:\Windows\SysWOW64\cfgmig32.exe [265736 2014-02-10] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [119240 2013-10-15] (Intel Corporation)
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [113744 2011-10-26] (CA)
R0 KmxAMRT; C:\Windows\System32\DRIVERS\KmxAMRT.sys [182352 2011-10-27] (Total Defense)
R2 KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [201936 2011-09-06] (CA)
R1 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [365136 2011-09-06] (CA)
R1 KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [87120 2011-09-06] (CA)
R1 KmxFilter; C:\Windows\system32\DRIVERS\KmxFilter.sys [99024 2011-09-06] (CA)
R0 KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [143824 2011-09-06] (CA)
R2 KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [81488 2011-09-06] (CA)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 23:28 - 2014-12-01 23:31 - 00687656 _____ () C:\Windows\Minidump\120114-31593-01.dmp
2014-12-01 19:49 - 2014-12-01 19:49 - 00000000 ____D () C:\Users\Caroline\AppData\Local\Mozilla
2014-12-01 19:48 - 2014-12-01 19:48 - 00244104 _____ () C:\Users\Caroline\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-01 19:48 - 2014-12-01 19:48 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-01 19:48 - 2014-12-01 19:48 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-01 19:48 - 2014-12-01 19:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-01 19:48 - 2014-12-01 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-01 19:48 - 2014-12-01 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 19:04 - 2014-12-01 19:05 - 00634096 _____ () C:\Windows\Minidump\120114-29843-01.dmp
2014-12-01 18:24 - 2014-12-02 19:38 - 00000000 ____D () C:\FRST
2014-11-30 20:37 - 2014-11-30 20:40 - 00660992 _____ () C:\Windows\Minidump\113014-25828-01.dmp
2014-11-26 13:47 - 2014-11-26 13:47 - 00000000 ____D () C:\rsit
2014-11-26 13:47 - 2014-11-26 13:47 - 00000000 ____D () C:\Program Files\trend micro
2014-11-26 13:40 - 2014-11-26 13:42 - 00634120 _____ () C:\Windows\Minidump\112614-26265-01.dmp
2014-11-26 01:09 - 2014-11-26 01:11 - 00633232 _____ () C:\Windows\Minidump\112614-26828-01.dmp
2014-11-25 20:05 - 2014-11-25 20:11 - 00636048 _____ () C:\Windows\Minidump\112514-23906-01.dmp
2014-11-25 10:23 - 2014-11-25 10:26 - 00689352 _____ () C:\Windows\Minidump\112514-50218-01.dmp
2014-11-25 09:07 - 2014-11-25 09:07 - 00034915 _____ () C:\Users\Caroline\Downloads\BC4F.tmp
2014-11-25 09:06 - 2014-11-25 09:06 - 00448512 _____ (OldTimer Tools) C:\Users\Caroline\Downloads\TFC.exe
2014-11-22 19:07 - 2014-11-22 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-22 17:44 - 2014-11-22 17:45 - 00662160 _____ () C:\Windows\Minidump\112214-29968-01.dmp
2014-11-21 20:17 - 2014-11-21 20:18 - 00661752 _____ () C:\Windows\Minidump\112114-29250-01.dmp
2014-11-21 00:14 - 2014-11-21 00:15 - 00662928 _____ () C:\Windows\Minidump\112114-28859-01.dmp
2014-11-19 10:22 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:22 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:22 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:22 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:57 - 2014-11-18 18:59 - 00853808 _____ () C:\Windows\Minidump\111814-32625-01.dmp
2014-11-18 18:53 - 2014-11-18 18:53 - 00000000 _____ () C:\Recovery.txt
2014-11-18 18:09 - 2014-11-19 15:20 - 00000000 ____D () C:\Users\Caroline\AppData\Roaming\PCDr
2014-11-18 18:06 - 2014-11-18 18:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-18 17:40 - 2014-11-18 17:41 - 00347816 _____ (Microsoft Corporation) C:\Users\Caroline\Downloads\MicrosoftFixit.Aero.Run.exe
2014-11-18 16:56 - 2014-11-18 16:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-18 16:22 - 2014-11-18 16:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 14:19 - 2014-11-18 14:19 - 00000000 ____D () C:\Users\Caroline\AppData\Local\Adobe
2014-11-18 14:19 - 2014-11-18 14:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-18 14:18 - 2014-11-18 15:40 - 00000000 ____D () C:\Users\Caroline\AppData\Roaming\Adobe
2014-11-18 13:42 - 2014-11-18 13:42 - 00291872 _____ () C:\Windows\Minidump\111814-21781-01.dmp
2014-11-18 13:29 - 2014-11-18 16:27 - 00000000 ____D () C:\AdwCleaner
2014-11-18 13:02 - 2014-11-18 13:02 - 00000000 __SHD () C:\Users\Caroline\AppData\Local\EmieBrowserModeList
2014-11-17 21:34 - 2014-11-17 21:34 - 01057976 _____ (Microsoft Corporation) C:\Users\Caroline\Downloads\Setup.X86.en-us_O365ProPlusRetail_6eee390d-9944-485e-b9b4-d20a3d362cbb_TX_PR_ (1).exe
2014-11-17 21:23 - 2014-11-17 21:25 - 07219063 _____ () C:\Users\Caroline\Downloads\MushroomsEdianAnnink.themepack
2014-11-17 21:23 - 2014-11-17 21:23 - 16877897 _____ () C:\Users\Caroline\Downloads\Forests.themepack
2014-11-17 21:22 - 2014-11-17 21:23 - 08099167 _____ () C:\Users\Caroline\Downloads\TheForestFloorBojanSeguljev.themepack
2014-11-17 21:22 - 2014-11-17 21:22 - 11278409 _____ () C:\Users\Caroline\Downloads\Reflections.themepack
2014-11-17 20:21 - 2014-11-17 20:21 - 00692008 _____ () C:\Windows\Minidump\111714-26031-01.dmp
2014-11-17 19:59 - 2014-11-17 20:00 - 00666888 _____ () C:\Windows\Minidump\111714-40171-01.dmp
2014-11-17 18:48 - 2014-11-17 18:51 - 00000000 ____D () C:\Users\Caroline\Desktop\Microsoft Office 2013
2014-11-17 18:47 - 2014-11-22 19:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-17 18:47 - 2014-11-17 18:47 - 01057976 _____ (Microsoft Corporation) C:\Users\Caroline\Downloads\Setup.X86.en-us_O365ProPlusRetail_6eee390d-9944-485e-b9b4-d20a3d362cbb_TX_PR_.exe
2014-11-15 21:41 - 2014-11-15 21:41 - 00291944 _____ () C:\Windows\Minidump\111514-29796-01.dmp
2014-11-15 00:13 - 2014-11-15 00:13 - 00664368 _____ () C:\Windows\Minidump\111514-27703-01.dmp
2014-11-12 23:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 23:59 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 23:59 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 23:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 23:59 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 23:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 23:59 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 23:59 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 23:59 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 23:59 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 23:59 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 23:59 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 23:59 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 23:59 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 23:59 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 23:25 - 2014-11-12 23:26 - 00692696 _____ () C:\Windows\Minidump\111214-27968-01.dmp
2014-11-12 22:26 - 2014-11-12 22:26 - 00694832 _____ () C:\Windows\Minidump\111214-31875-01.dmp
2014-11-11 20:26 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 20:26 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 20:25 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 20:25 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 20:25 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 20:19 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 20:18 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 20:18 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 20:18 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 20:18 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 20:18 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 20:18 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-11 20:18 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 20:18 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 20:18 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-11 20:18 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 20:18 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 20:18 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 20:18 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 20:18 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 20:18 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 20:18 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-11 20:18 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 20:18 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 20:18 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 20:15 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 20:14 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-11 20:14 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 20:14 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-11 20:14 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-11 20:14 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 20:14 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 20:14 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 20:14 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 20:14 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-11 20:14 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 20:14 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 20:14 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 20:14 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-11 20:14 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-11 20:14 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 20:14 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 20:14 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-11 20:14 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 20:14 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 20:14 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 20:14 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-11 20:14 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-11 20:14 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 20:14 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 20:14 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 20:14 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-11 20:14 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 20:14 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-11 20:14 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-11 20:14 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 20:14 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 20:14 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 20:14 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-11 20:14 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-11 20:14 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 20:14 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-11 20:14 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-11 20:14 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 20:14 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 20:14 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 20:14 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-11 20:14 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 20:14 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 20:14 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 20:14 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 20:14 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 20:14 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-11 20:14 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-11 20:14 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 20:14 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-11 20:14 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 20:14 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 20:14 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-11 20:14 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 20:14 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-11 20:14 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 20:14 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 20:14 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 20:14 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-11 20:14 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 20:14 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-11 20:14 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-11 20:14 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 20:14 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-11 20:14 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-11 20:14 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 20:13 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-11 20:13 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-11 20:13 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:13 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-11 20:13 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 20:12 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-11 20:11 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-11 20:08 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-11 20:08 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-11 20:08 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-11 20:08 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-11 20:08 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-11 20:08 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-11 20:08 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-11 20:08 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-11 20:08 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-11 20:08 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-11 20:08 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-11 20:08 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-11 20:08 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-11 20:08 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-11 20:08 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-11 20:08 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-11 20:08 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-11 20:08 - 2014-08-27 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\PJLMON.DLL
2014-11-11 20:08 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-11 20:08 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-11 20:08 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-11 20:08 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-11 20:08 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-11 20:08 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-11 20:08 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 20:07 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:07 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-11 20:07 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-11 20:07 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:07 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:07 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-11 20:07 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-11 20:07 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-11 20:07 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:07 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 20:07 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-11 20:07 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:07 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 20:06 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:06 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:06 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:06 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-11 20:06 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:06 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 20:06 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 20:06 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 20:06 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 20:06 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:06 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:06 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:03 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:03 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 20:03 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:01 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:01 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:00 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-11 20:00 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-11 20:00 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-11 20:00 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-11 20:00 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-11 20:00 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-11 20:00 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-11 20:00 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-11 20:00 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-11 20:00 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-11 20:00 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-11 20:00 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-11 20:00 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-11 20:00 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-11 19:59 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-11 19:59 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-11 19:07 - 2014-11-11 19:08 - 00664152 _____ () C:\Windows\Minidump\111114-28390-01.dmp
2014-11-08 18:25 - 2014-11-08 18:25 - 00049894 _____ () C:\Users\Caroline\Downloads\1244323_1_2_fighting_jpgfd95f518d47310fbeb4c0ca7ed745b46 (1)
2014-11-08 18:25 - 2014-11-08 18:25 - 00049894 _____ () C:\Users\Caroline\Downloads\1244323_1_2_fighting_jpgfd95f518d47310fbeb4c0ca7ed745b46
2014-11-03 21:36 - 2014-11-03 21:36 - 00000219 _____ () C:\WirelessDiagLog.csv
2014-11-02 15:24 - 2014-11-02 15:24 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-02 15:24 - 2014-11-02 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-02 15:22 - 2014-11-02 15:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-02 15:22 - 2014-11-02 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-11-02 15:22 - 2014-11-02 15:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-02 15:22 - 2014-11-02 15:22 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-02 19:45 - 2014-02-21 22:02 - 01076874 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 19:38 - 2014-09-09 09:55 - 00000000 ____D () C:\Users\Caroline\Desktop\Anitvirus Stuff
2014-12-02 19:32 - 2014-06-04 18:58 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-640993062-139156411-246660031-1001
2014-12-02 19:27 - 2014-06-05 10:52 - 00000494 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job
2014-12-02 19:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-02 19:18 - 2014-09-08 20:54 - 00000000 ___RD () C:\Users\Caroline\Dropbox
2014-12-02 19:18 - 2014-09-08 20:51 - 00000000 ____D () C:\Users\Caroline\AppData\Roaming\Dropbox
2014-12-02 19:18 - 2014-09-02 07:55 - 00000000 ____D () C:\Program Files (x86)\SafeConnect
2014-12-02 19:18 - 2014-06-05 11:32 - 00000000 ___DO () C:\Users\Caroline\SkyDrive
2014-12-02 19:17 - 2014-06-04 18:52 - 00000000 ____D () C:\Users\Caroline
2014-12-01 23:31 - 2014-02-21 22:15 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-12-01 23:28 - 2014-06-08 22:30 - 937244501 _____ () C:\Windows\MEMORY.DMP
2014-12-01 23:28 - 2014-06-08 22:30 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 23:28 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 22:17 - 2014-06-04 19:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5100571D-3172-40D8-AF90-BA0BCC543CE6}
2014-12-01 21:26 - 2014-02-21 02:58 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 19:49 - 2014-10-24 20:13 - 00000000 ____D () C:\Users\Caroline\AppData\Roaming\Mozilla
2014-12-01 19:26 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-01 19:26 - 2014-06-04 21:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 19:23 - 2014-07-12 19:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-01 19:22 - 2014-09-21 21:02 - 00000000 ____D () C:\Program Files\Autodesk
2014-12-01 19:22 - 2014-07-12 19:12 - 00000000 ____D () C:\Users\Caroline\AppData\Local\Google
2014-12-01 19:21 - 2014-09-21 21:14 - 00000000 ____D () C:\ProgramData\Autodesk
2014-11-30 14:00 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 20:13 - 2014-06-05 11:24 - 04966003 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k0
2014-11-25 20:13 - 2014-06-05 11:24 - 00428412 _____ () C:\Windows\system32\Drivers\KmxAgent.asc
2014-11-25 20:13 - 2014-06-05 11:24 - 00000411 _____ () C:\Windows\system32\Drivers\kmxzone.u2k0
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k7
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k6
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k5
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k4
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k3
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k2
2014-11-25 20:13 - 2014-06-05 11:24 - 00000085 _____ () C:\Windows\system32\Drivers\kmxcfg.u2k1
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k7
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k6
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k5
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k4
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k3
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k2
2014-11-25 20:13 - 2014-06-05 11:24 - 00000049 _____ () C:\Windows\system32\Drivers\kmxzone.u2k1
2014-11-25 20:13 - 2013-08-22 08:25 - 01048576 ___SH () C:\Windows\system32\config\BBI
2014-11-25 10:23 - 2013-08-22 09:44 - 00499368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 10:22 - 2014-02-21 02:48 - 00722374 _____ () C:\Windows\PFRO.log
2014-11-25 08:40 - 2014-09-07 14:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 22:44 - 2013-08-22 09:46 - 00028625 _____ () C:\Windows\setupact.log
2014-11-22 19:10 - 2014-06-06 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-22 16:09 - 2014-06-08 23:10 - 00168448 ___SH () C:\Users\Caroline\Downloads\Thumbs.db
2014-11-21 18:39 - 2014-06-04 18:52 - 00000000 ____D () C:\Users\Caroline\AppData\Local\Packages
2014-11-20 15:51 - 2014-07-11 23:04 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2014-07-11 23:04 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 10:37 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-19 10:37 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-19 10:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-19 10:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-19 09:56 - 2014-09-08 20:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-17 23:27 - 2014-08-09 19:47 - 00000000 ____D () C:\Users\Caroline\Desktop\Games
2014-11-16 00:25 - 2014-06-05 23:49 - 00000000 ____D () C:\Users\Caroline\Documents\Photoshop
2014-11-14 00:15 - 2014-06-06 16:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 00:15 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 00:15 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-14 00:03 - 2014-06-06 16:31 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 19:34 - 2014-09-07 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 19:34 - 2014-09-07 14:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-07 21:40 - 2014-09-05 21:02 - 00000000 ____D () C:\Users\Caroline\Documents\School
2014-11-03 21:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 15:22 - 2014-09-16 13:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-02 15:22 - 2014-06-04 22:43 - 00000000 ____D () C:\Program Files\Common Files\Apple

Some content of TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_xxlyw.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-24 23:22

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by Caroline at 2014-12-02 20:04:07
Running from C:\Users\Caroline\Desktop\Anitvirus Stuff
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total Defense Anti-Virus (Enabled - Up to date) {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
AS: Total Defense Anti-Virus (Enabled - Up to date) {ECD425A9-8C8F-D447-4EAB-6F599E267857}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall (Disabled) {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-640993062-139156411-246660031-1001\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe Illustrator CC 2014 18.0.0 (HKLM-x32\...\Adobe Illustrator CC 2014 18.0.0) (Version:  - )
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{34397444-D51C-ADCC-799D-82361E573488}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anti-Virus (Version: 3.2.0.142 - Total Defense, Inc.) Hidden
APH placeholder (Version:  - ) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{7E07B3E7-9A66-41F3-A91D-EC2CCE14E5B9}) (Version: 1.1.1072.0 - Dell Inc.)
DNAMigrator (x32 Version: 14.2.0.141 - Total Defense, Inc.) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKU\S-1-5-21-640993062-139156411-246660031-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
HIPS (Version: 13.2.0.140 - Total Defense, Inc.) Hidden
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.1) (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-640993062-139156411-246660031-1001\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Meshmixer (HKLM\...\Meshmixer_x64) (Version:  - )
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SafeConnect (HKLM-x32\...\SafeConnect) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Total Defense Internet Security Suite (HKLM\...\eTrust Suite Personal) (Version: 9.0.0.141 - Total Defense, Inc.)
Total Defense Online Backup (HKLM-x32\...\{D7F96939-DBF2-40FC-9CB0-7DB1E3FAE7D6}) (Version: 4.7.1.380 - Total Defense Online Backup)
Total Defense Online Backup (HKLM-x32\...\{DEF7F6B6-3FC2-47FF-B807-0A13A34B1540}) (Version: 5.4.0.16 - Total Defense Online Backup)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Caroline\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-640993062-139156411-246660031-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-10-2014 23:25:48 Installed DirectX
13-11-2014 05:25:35 Windows Update
18-11-2014 21:51:28 Windows Update
30-11-2014 18:58:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-19 11:20 - 2014-11-19 11:20 - 00000831 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {104BAE29-2331-4690-893B-E4EB81EE59E8} - System32\Tasks\Total Defense Online Backup - carolinegcook29 => C:\Program Files (x86)\Total Defense\Total Defense Online Backup\sosuploadagent.exe [2011-12-05] (Total Defense Online Backup)
Task: {10E95867-1FAD-4320-AF45-F551821F2FA6} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Total Defense\Online Backup\SUpdateNotifier.exe [2012-10-05] (Total Defense Online Backup)
Task: {183BEA6F-21D3-411D-99C4-B586EAE38580} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001Core => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-12] (Google Inc.)
Task: {4321B50F-35A2-4690-9401-DD12B9A909FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001UA => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-12] (Google Inc.)
Task: {4D028659-3DBF-44DF-9552-F60DE11C4450} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {5AB05AD1-91C3-431F-BDD1-95D0644F41CB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6E214985-6D58-4B62-B0CA-5896C1B58C4F} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {73FAC7F8-B7D7-437F-81E6-EB7E8C65C7A9} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {84057ADC-72CD-4A1B-90CD-B7DDAB1152BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-06] (Synaptics Incorporated)
Task: {B0A40CF2-3536-4421-AE60-BC6BB2A50D8C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {BE6A6A17-8517-414D-AFCD-326B4232C73E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {C9F78DE8-E07C-42F3-B0A4-B0871F6DDADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D8769923-186D-4FD0-8ACB-D1F35AC3EB1A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-21] (Microsoft Corporation)
Task: {E58DBEE7-CD19-4321-9132-C85418FBC59F} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {E8ACBF49-1BE9-4FA2-B82B-DEF66145E44F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-21] (Microsoft Corporation)
Task: {EDED1CA4-67C2-4BBB-8649-9AF87D14C09B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {F11DA230-0B45-4847-B172-15CDBB6FF188} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-21] (Microsoft Corporation)
Task: {F2C32FAE-A50C-4090-8C45-1A7D484EF3EF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001Core.job => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640993062-139156411-246660031-1001UA.job => C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\Total Defense\Online Backup\SUpdateNotifier.exe
Task: C:\Windows\Tasks\Total Defense Online Backup - carolinegcook29.job => C:\Program Files (x86)\Total Defense\Total Defense Online Backup\sosuploadagent.exe

==================== Loaded Modules (whitelisted) =============

2014-06-05 11:04 - 2014-03-05 03:11 - 01128448 _____ () C:\Program Files\Total Defense\Internet Security Suite\log4cplusU.dll
2014-11-22 19:03 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-02-24 14:36 - 2011-02-24 14:36 - 01041488 _____ () C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll
2014-06-04 21:10 - 2014-02-10 22:35 - 00265736 ____R () C:\Windows\SysWOW64\cfgmig32.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-11-21 18:50 - 2014-11-21 18:50 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-21 22:16 - 2013-08-19 12:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-02-21 22:16 - 2013-08-19 12:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-02-21 22:16 - 2013-08-19 12:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-06-05 11:04 - 2014-03-31 12:14 - 01139208 _____ () C:\Program Files\Total Defense\Internet Security Suite\SQLite3.dll
2014-06-04 21:57 - 2013-05-02 13:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-10 15:30 - 2014-04-10 15:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-08-09 19:34 - 2013-12-11 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-02 19:17 - 2014-12-02 19:17 - 00043008 _____ () c:\users\caroline\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_xxlyw.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Caroline\AppData\Roaming\Dropbox\bin\libcef.dll
2014-12-01 19:48 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-21 18:51 - 2014-11-21 18:51 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-02-21 22:08 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-21 18:31 - 2014-11-21 18:31 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Caroline\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-640993062-139156411-246660031-1001\...\StartupApproved\Run: => "uTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-640993062-139156411-246660031-500 - Administrator - Disabled)
Caroline (S-1-5-21-640993062-139156411-246660031-1001 - Administrator - Enabled) => C:\Users\Caroline
Guest (S-1-5-21-640993062-139156411-246660031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-640993062-139156411-246660031-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2014 07:31:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/02/2014 07:16:40 PM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at DellUpdate.WindowsService.Controller.ResetWcfConnections()
   at DellUpdate.WindowsService.UpdateService.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (12/02/2014 02:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10805609

Error: (12/02/2014 02:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10805609

Error: (12/02/2014 02:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2014 10:53:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 276844

Error: (12/01/2014 10:53:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 276844

Error: (12/01/2014 10:53:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2014 10:53:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 261219

Error: (12/01/2014 10:53:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 261219


System errors:
=============
Error: (12/02/2014 07:34:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/01/2014 11:31:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe0014edf4060, 0xfffff800ccef6960, 0xffffe00162655010)C:\Windows\MEMORY.DMP120114-31593-01

Error: (12/01/2014 11:28:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:30:46 PM on ‎12/‎1/‎2014 was unexpected.

Error: (12/01/2014 10:26:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 10.

Error: (12/01/2014 10:22:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 10.

Error: (12/01/2014 10:19:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 10.

Error: (12/01/2014 10:15:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 10.

Error: (12/01/2014 09:29:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/01/2014 09:29:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/01/2014 07:28:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 14%
Total physical RAM: 16264.96 MB
Available physical RAM: 13953.41 MB
Total Pagefile: 32648.96 MB
Available Pagefile: 30280.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.62 GB) (Free:682.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5F3991D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   59.34KB   4 downloads

Edited by Oh My!, 02 December 2014 - 09:12 PM.
Posted logs





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users