Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

loses internet connection randomly?


  • This topic is locked This topic is locked
27 replies to this topic

#1 M Tuggle

M Tuggle

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 19 December 2014 - 07:42 AM

Need some help!
Computer has been acting strange for a while now…. it has started turning itself off when left over night (has never done this before), it also loses internet connection randomly. When I start it up in the mornings I can log on to the internet I leave for work and my wife tries to get on and it won’t work. I’ll unplug the wireless router and plug it back in (this works sometimes) other times I have to restart the computer and then it will work again (sometimes) there are times I have to do this or both things multiple times to get it to work again. I also don’t think it is the wireless router because my iphone works fine when using it. I have a Dell XPS 8300, windows 7
DDS Logs attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by Tuggle at 6:44:04 on 2014-12-19
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6553 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = <local>;*.local
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: DisableLockWorkstation = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: DisableRegistryTools = dword:0
LSP: %SystemRoot%\system32\mswsock.dll
Trusted Zone: dell.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/PURCHASE/WebResource.axd?d=PO7P-LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=634921243110000000
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{749C1F97-F711-48C2-9116-993E402349C3} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{E6871D12-7F5D-40A7-84C1-D3E97A641417} : DHCPNameServer = 192.168.15.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages = msv1_0
LSA: Notification Packages = scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{BC455173-F501-4356-804F-571FAFB6EA9A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tuggle\AppData\Roaming\Mozilla\Firefox\Profiles\ubte6nkl.default-1379588736101\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tuggle\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - ExtSQL: 2013-07-25 08:25; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-09-17 06:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF - ExtSQL: 2013-09-18 00:00; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-09-19 06:16; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF - ExtSQL: !HIDDEN! 2013-07-25 08:25; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2013-1-27 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2013-1-27 27008]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-11-13 458712]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2013-1-27 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-10 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2013-1-27 14720]
R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2011-6-18 437272]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2014-5-14 95680]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2014-11-12 155064]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2013-1-27 94592]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2013-1-28 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2013-1-25 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2013-1-27 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-18 55856]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2013-1-27 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1506000.020\symds64.sys [2014-9-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1506000.020\symefa64.sys [2014-9-23 1148120]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2014-6-11 1903552]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2013-1-27 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2013-1-27 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2013-1-27 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2013-10-10 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2014-7-9 497152]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-10 1587416]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1506000.020\ccsetx64.sys [2014-9-23 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07060.00F\ccsetx64.sys [2014-8-7 162392]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2013-1-27 147456]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2013-1-27 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 eeCtrl;Symantec Eraser Control driver;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-4-13 487216]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20141218.001\IDSviA64.sys [2014-12-18 637656]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2013-1-27 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2013-1-27 131584]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-8-3 32912]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2013-1-27 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64;C:\Windows\System32\drivers\NAVx64\1506000.020\srtspx64.sys [2014-9-23 37592]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys [2014-9-23 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\symnets.sys [2014-9-23 593112]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2014-12-10 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2013-1-27 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2013-1-27 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R1 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-9-12 64704]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-7 60744]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 Bonjour Service;Bonjour Service;C:\Program Files\Bonjour\mDNSResponder.exe [2011-8-30 462184]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2014-5-14 31232]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2014-11-27 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-11-27 135824]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-18 13336]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-9-5 4700872]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe [2014-9-23 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe [2014-8-7 130104]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-8-3 82160]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2014-10-15 663552]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2014-5-14 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2013-1-25 559104]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2013-1-28 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-9-21 2286976]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2013-1-27 1525248]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2013-1-25 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-11-10 325632]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-18 115216]
R3 BCM43XX;DW WLAN Card Driver;C:\Windows\System32\drivers\BCMWL664.SYS [2011-6-18 3058168]
R3 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-6-18 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2013-1-27 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2014-8-13 985536]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-1-27 42856]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2014-5-19 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2013-1-27 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2013-1-27 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2013-1-27 753664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2011-6-18 2399848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-18 317440]
R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2013-1-27 33280]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2014-5-14 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2013-1-25 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2013-1-25 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2013-1-25 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NAVENG;NAVENG;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20141218.020\eng64.sys [2014-12-19 129752]
R3 NAVEX15;NAVEX15;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20141218.020\ex64.sys [2014-12-19 2137304]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2013-1-27 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2013-1-27 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2013-1-27 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2014-4-8 1684928]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2013-1-27 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2013-1-27 129536]
R3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
R3 SRTSP;Symantec Real Time Storage Protection x64;C:\Windows\System32\drivers\NAVx64\1506000.020\srtsp64.sys [2014-9-23 876248]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2013-1-25 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2013-1-25 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2013-1-25 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 SymEvent;SymEvent;C:\Windows\System32\drivers\SYMEVENT64x86.SYS [2014-4-13 177752]
R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2013-1-27 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2013-1-27 48640]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2014-1-15 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2014-1-15 53248]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2014-1-15 343040]
R3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
R3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2013-10-10 42496]
R3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2013-1-27 91648]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2013-1-26 87040]
R3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2013-1-26 198656]
R3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2013-1-27 328192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2013-1-27 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2013-1-27 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2013-1-27 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-1-24 267440]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2013-1-27 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2014-10-15 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-9-11 51808]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 BridgeMP;MAC Bridge Miniport;C:\Windows\System32\drivers\bridge.sys [2009-7-13 95232]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 Compbatt;Compbatt;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Dot4;MS IEEE-1284.4 Driver;C:\Windows\System32\drivers\Dot4.sys [2009-7-13 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\Windows\System32\drivers\Dot4Prt.sys [2013-1-27 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter;C:\Windows\System32\drivers\Dot4usb.sys [2009-7-13 43008]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2013-1-27 696832]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2013-1-27 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-6-18 1045256]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2013-1-27 78720]
S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2013-1-27 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2014-8-14 859280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2011-6-18 12252192]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-18 158976]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2013-1-27 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2013-1-27 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2014-4-8 274880]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-6-18 406056]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-9-3 114800]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2013-1-27 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2013-10-10 140800]
S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2013-1-27 31104]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2013-1-27 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2013-1-27 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2013-1-27 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2013-1-27 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2013-1-27 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 ose;Office Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\Windows\System32\drivers\LV302V64.SYS [2008-7-26 2624408]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2013-7-19 31152]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2014-10-15 212480]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2013-1-27 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2013-1-27 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2013-1-27 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\Windows\System32\drivers\sscdbus.sys [2010-11-11 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\Windows\System32\drivers\sscdmdfl.sys [2010-11-11 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\Windows\System32\drivers\sscdmdm.sys [2010-11-11 172104]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\sscdserd.sys [2010-11-11 141384]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2014-6-11 1903552]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2013-1-24 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2013-1-27 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2014-10-15 39936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-27 59392]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2013-10-10 109824]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2013-10-10 100864]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2014-1-15 25600]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2014-1-15 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2013-1-27 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2013-1-27 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2013-1-27 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2013-1-27 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-26 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2013-1-27 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2013-1-27 41984]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-19 204288]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2014-8-14 67224]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-14 90776]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-3-20 107912]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-3-20 107912]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 stllssvr;stllssvr;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-11-8 74392]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-2 4153184]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: firefox.exe: open="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: Illustrator.exe: open="C:\Program Files\Adobe\Adobe Illustrator CC (64 Bit)\Support Files\Contents\Windows\Illustrator.exe" "%1"
ShellExec: ImgBurn.exe: open="C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /SOURCE "%1"
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: lightroom.exe: open="C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.3\lightroom.exe" "%1"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: OIS.EXE: Edit=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellEdit "%1"
ShellExec: OIS.EXE: Open=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
ShellExec: OIS.EXE: Preview=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellPreview "%1"
ShellExec: Photoshop.exe: edit="C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe" "%1"
ShellExec: Photoshop.exe: open="C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: WINWORD.EXE: edit="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2014-12-18 11:42:20 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 11:42:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-14 22:08:13 -------- d-----w- C:\Windows\Sun
2014-12-13 01:37:19 -------- d-----w- C:\$RECYCLE.BIN
2014-12-13 01:27:19 98816 ----a-w- C:\Windows\sed.exe
2014-12-13 01:27:19 80412 ----a-w- C:\Windows\grep.exe
2014-12-13 01:27:19 68096 ----a-w- C:\Windows\zip.exe
2014-12-13 01:27:19 60416 ----a-w- C:\Windows\NIRCMD.exe
2014-12-13 01:27:19 518144 ----a-w- C:\Windows\SWREG.exe
2014-12-13 01:27:19 406528 ----a-w- C:\Windows\SWSC.exe
2014-12-13 01:27:19 256000 ----a-w- C:\Windows\PEV.exe
2014-12-13 01:27:19 208896 ----a-w- C:\Windows\MBR.exe
2014-12-13 01:27:08 -------- d-----w- C:\Qoobox
2014-12-11 08:37:04 -------- d-----w- C:\Windows\System32\appraiser
2014-12-11 08:08:02 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-11 08:08:01 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 17:48:18 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-12-10 17:48:18 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-12-10 17:48:18 30720 ----a-w- C:\Windows\SysWow64\iernonce.dll
2014-12-10 17:48:18 276480 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-12-10 17:48:18 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-12-10 17:48:17 49664 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-12-10 17:48:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-10 17:48:15 76288 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-12-10 17:48:15 718848 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-12-10 17:48:15 688640 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-12-10 17:48:15 666624 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-12-10 17:48:15 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-10 17:48:15 579584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
2014-12-10 17:48:15 34304 ----a-w- C:\Windows\System32\iernonce.dll
2014-12-10 17:48:15 342200 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2014-12-10 17:48:15 285696 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-12-10 17:48:15 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-12-10 17:48:15 243712 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsTap.dll
2014-12-10 17:48:15 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-12-10 17:48:15 19749376 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-12-10 17:48:15 174080 ----a-w- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll
2014-12-10 17:48:15 171008 ----a-w- C:\Program Files\Internet Explorer\Timeline_is.dll
2014-12-10 17:48:15 1307136 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-12-10 17:48:14 710144 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2014-12-10 17:48:14 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-12-10 17:48:14 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-12-10 17:48:14 389296 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-12-10 17:48:14 287232 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-12-10 17:48:14 285696 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-12-10 17:48:14 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-12-10 17:48:14 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-10 17:48:14 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-12-10 17:48:14 1548288 ----a-w- C:\Windows\System32\urlmon.dll
2014-12-10 17:48:13 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 17:48:13 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-12-10 17:48:13 800768 ----a-w- C:\Windows\System32\msfeeds.dll
2014-12-10 17:48:13 628736 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll
2014-12-10 17:48:13 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-12-10 17:48:13 478208 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-12-10 17:48:13 47104 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-12-10 17:48:13 418304 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-12-10 17:48:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-12-10 17:48:13 372224 ----a-w- C:\Program Files\Internet Explorer\F12Tools.dll
2014-12-10 17:48:13 316928 ----a-w- C:\Windows\System32\dxtrans.dll
2014-12-10 17:48:13 255488 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-12-10 17:48:13 2277888 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-12-10 17:48:13 219136 ----a-w- C:\Program Files\Internet Explorer\Timeline.dll
2014-12-10 17:48:13 1075200 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-12-10 17:48:12 800768 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-12-10 17:48:12 742400 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-12-10 17:48:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-12-10 17:48:12 12836864 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-12-10 17:48:11 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-12-10 17:48:11 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-10 17:48:11 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-12-10 17:48:11 2885120 ----a-w- C:\Windows\System32\iertutil.dll
2014-12-10 17:48:11 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-12-10 17:48:11 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-12-10 17:48:10 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-12-10 17:48:10 772608 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2014-12-10 17:48:10 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-12-10 17:48:10 633856 ----a-w- C:\Windows\System32\ieui.dll
2014-12-10 17:48:10 54784 ----a-w- C:\Windows\System32\jsproxy.dll
2014-12-10 17:48:10 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-12-10 17:48:10 490496 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-12-10 17:48:10 235176 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-12-10 17:48:10 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-12-10 17:48:10 1862144 ----a-w- C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-12-10 17:48:10 168960 ----a-w- C:\Windows\SysWow64\msrating.dll
2014-12-10 17:48:10 1421312 ----a-w- C:\Program Files\Internet Explorer\F12.dll
2014-12-10 17:48:10 1217024 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2014-12-10 17:48:09 92160 ----a-w- C:\Windows\System32\mshtmled.dll
2014-12-10 17:48:09 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-12-10 17:48:09 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-12-10 17:48:09 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-12-10 17:48:09 14412800 ----a-w- C:\Windows\System32\ieframe.dll
2014-12-10 17:48:09 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-12-10 17:48:08 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-12-10 17:48:08 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-12-10 17:48:08 382976 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-12-10 17:48:08 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-12-10 17:48:08 25059840 ----a-w- C:\Windows\System32\mshtml.dll
2014-12-10 17:48:08 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-12-10 17:48:08 199680 ----a-w- C:\Windows\System32\msrating.dll
2014-12-10 17:48:08 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-12-10 17:48:07 10949120 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-12-10 17:47:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-10 17:47:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-10 17:47:26 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 17:47:26 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 17:47:26 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 17:47:26 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 17:47:26 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 17:47:25 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 17:47:25 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 17:47:25 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 17:47:19 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 17:47:19 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-10 17:47:19 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 17:47:19 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 17:47:19 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-10 17:47:19 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-12-10 17:47:19 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 17:47:19 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-12-10 17:47:19 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-12-10 17:47:19 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-12-10 17:46:12 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-10 17:46:11 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-12-10 16:49:07 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-10 16:49:07 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 16:48:19 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-06 15:36:38 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-12-05 10:56:22 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-11-27 23:10:15 -------- d-----w- C:\Program Files (x86)\LTCM Client
2014-11-27 23:09:36 -------- d-----w- C:\Users\Tuggle\AppData\Local\ABBYY
2014-11-27 23:09:18 -------- d-----w- C:\ProgramData\ABBYY
2014-11-27 23:09:18 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2014-11-27 23:09:18 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-11-27 23:08:16 -------- d-----w- C:\Users\Tuggle\AppData\Roaming\Epson
2014-11-27 23:06:36 466432 ----a-w- C:\Windows\System32\esxw2ud.dll
2014-11-27 23:06:36 135824 ----a-w- C:\Windows\System32\escsvc64.exe
2014-11-27 23:06:36 -------- d-----w- C:\Program Files (x86)\epson
2014-11-27 23:05:32 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2014-11-27 23:05:27 558080 ----a-w- C:\Windows\System32\ensppmon.dll
2014-11-27 23:05:27 558080 ----a-w- C:\Windows\System32\enppmon.dll
2014-11-27 23:05:27 535040 ----a-w- C:\Windows\System32\ensppui.dll
2014-11-27 23:05:27 535040 ----a-w- C:\Windows\System32\enppui.dll
2014-11-27 23:05:27 250880 ----a-w- C:\Windows\System32\enspres.dll
2014-11-27 23:05:27 250880 ----a-w- C:\Windows\System32\enpres.dll
2014-11-27 23:05:27 -------- d-----w- C:\Program Files\EpsonNet
2014-11-27 23:05:18 -------- d-----w- C:\Program Files\EPSON
2014-11-27 23:05:10 -------- d-----w- C:\Program Files (x86)\EPSON Software
2014-11-27 23:02:40 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-11-27 23:02:38 -------- d-----w- C:\ProgramData\EPSON
2014-11-27 23:02:29 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2014-11-27 23:02:28 83968 ----a-w- C:\Windows\System32\E_YD4BIUE.DLL
2014-11-27 23:02:28 120320 ----a-w- C:\Windows\System32\E_YLMIUE.DLL
2014-11-25 23:11:20 -------- d-----w- C:\Users\Tuggle\.WHCCROES
2014-11-25 23:11:18 -------- d-----w- C:\Users\Tuggle\.roescache
2014-11-25 18:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-19 11:26:25 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 11:26:25 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 11:26:23 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 11:26:23 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-15 14:52:43 -------- d-----w- C:\Users\Tuggle\AppData\Local\Hewlett-Packard
2014-11-15 14:52:31 -------- d-----w- C:\Program Files (x86)\Hewlett-Packard
2014-11-14 01:10:28 -------- d-sh--w- C:\Users\Tuggle\AppData\Local\EmieBrowserModeList
2014-11-12 16:28:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 16:28:06 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 16:28:06 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 16:28:06 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 16:28:06 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-12 16:28:06 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 16:28:06 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 16:28:05 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-12 16:28:05 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-12 16:27:31 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-12 16:27:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-12 16:27:31 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-12 16:27:31 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-11-12 16:27:30 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-12 16:27:30 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-12 16:27:30 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-12 16:27:30 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-12 16:27:30 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-12 16:27:30 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-12 16:27:30 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-12 16:27:30 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-12 16:27:30 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-12 16:27:30 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-11-12 16:27:28 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-11-12 16:27:28 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-11-12 16:27:23 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-11-12 16:27:22 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-12 16:27:22 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-11-12 16:27:22 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-11-12 16:27:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-11-12 16:27:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-11-12 16:27:22 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-11-12 16:27:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-11-12 16:27:22 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-11-12 16:27:22 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-11-12 16:27:11 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 16:27:11 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 16:27:11 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 16:27:07 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 16:27:04 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 16:27:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 16:27:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-11 10:24:18 195272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\LICLUA.EXE
2014-11-10 15:49:42 94320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-11-10 15:49:42 92784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2014-11-10 15:49:42 91032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-11-10 15:49:42 904104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2014-11-10 15:49:42 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2014-11-10 15:49:42 413296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2014-11-10 15:49:42 273008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2014-11-10 15:49:42 25759344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-11-10 15:49:42 243312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2014-11-10 15:49:42 220784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-11-10 15:49:42 1575536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
2014-11-10 15:49:42 150128 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2014-11-10 15:49:42 127600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-11-10 15:49:41 833648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2014-11-10 15:49:41 800368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-11-10 15:49:41 74864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-11-10 15:49:41 5099120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2014-11-10 15:49:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2014-11-10 15:49:41 39024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2014-11-10 15:49:41 3758192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-10 15:49:41 337520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2014-11-10 15:49:41 331376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2014-11-10 15:49:41 3231832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-11-10 15:49:41 260208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-11-10 15:49:41 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-11-10 15:49:41 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-11-10 15:49:41 19568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2014-11-10 15:49:41 185432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-11-10 15:49:41 140400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2014-11-10 15:49:41 114800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2014-11-10 15:49:41 10397296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-11-10 15:49:41 1023600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-11-10 15:49:41 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox
2014-11-05 11:38:18 2502840 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
.
==================== Find6M ====================
.
2014-12-11 08:14:08 112710672 ----a-w- C:\Windows\System32\MRT.exe
2014-12-10 18:13:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 18:13:12 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-05 10:55:56 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-05 10:55:56 272296 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-12-05 10:55:56 176552 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-12-05 10:55:56 176552 ----a-w- C:\Windows\SysWow64\java.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-13 03:57:18 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2014-08-13 03:57:10 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2014-08-13 03:41:20 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2014-08-13 03:41:18 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2014-08-06 19:48:16 266968 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys
2014-08-03 14:58:48 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-28 18:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 18:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 02:07:58 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-07-17 02:07:39 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-07-17 02:07:37 3722240 ----a-w- C:\Windows\System32\mstscax.dll
2014-07-17 02:07:24 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-07-17 02:07:08 1118720 ----a-w- C:\Windows\System32\mstsc.exe
2014-07-17 01:40:03 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-07-17 01:39:42 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-07-17 01:39:30 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-07-17 01:39:08 1051136 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-07-17 01:21:54 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-07-17 01:21:27 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-07-16 18:46:38 32912 ----a-w- C:\Windows\System32\drivers\rawdsk3.sys
2014-07-16 18:44:06 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2014-07-16 18:44:06 69000 ----a-w- C:\Windows\System32\offreg.dll
2014-07-16 18:44:06 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDTAT.DLL
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDRU1.DLL
2014-07-09 02:03:23 6656 ----a-w- C:\Windows\System32\KBDRU.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDTAT.DLL
2014-07-09 01:31:42 6656 ----a-w- C:\Windows\SysWow64\KBDRU1.DLL
2014-07-09 01:31:42 6656 ----a-w- C:\Windows\SysWow64\KBDRU.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-07 02:07:00 782848 ----a-w- C:\Windows\System32\wmdrmsdk.dll
2014-07-07 02:07:00 229376 ----a-w- C:\Windows\System32\wintrust.dll
2014-07-07 02:07:00 14632960 ----a-w- C:\Windows\System32\wmp.dll
2014-07-07 02:05:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-07-07 02:02:55 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-07-07 01:52:41 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2014-07-07 01:39:50 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-07-07 01:39:49 3970488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-07-07 01:39:49 3914680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-07-07 01:39:42 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-07-07 01:39:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-07-07 01:37:00 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-28 00:21:17 457400 ----a-w- C:\Windows\System32\ci.dll
2014-06-28 00:21:16 532176 ----a-w- C:\Windows\System32\winresume.exe
2014-06-28 00:21:15 619056 ----a-w- C:\Windows\System32\winload.exe
2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-06-25 02:05:42 14175744 ----a-w- C:\Windows\System32\shell32.dll
2014-06-25 01:41:30 12874240 ----a-w- C:\Windows\SysWow64\shell32.dll
2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
============= FINISH: 6:44:32.61 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/24/2013 9:11:26 PM
System Uptime: 12/18/2014 9:52:19 PM (9 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 701 GiB total, 401.763 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 684 GiB total, 684.005 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 0.019 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP391: 12/19/2014 3:02:04 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe After Effects CC
Adobe Creative Cloud
Adobe Flash Player 15 Plugin
Adobe Flash Player 16 ActiveX
Adobe Illustrator CC
Adobe Photoshop CC
Adobe Photoshop Lightroom 4.3 64-bit
Adobe Reader XI (11.0.09)
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Cloud Player
Amazon MP3 Downloader 1.0.18
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AVG PC TuneUp 2014 (en-US)
Best Buy pc app
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell System Detect
Dell System Detect Bootstrapper
Dell VideoStage
DirectX 9 Runtime
DW WLAN Card
EPSON Connect version 1.0
Epson Customer Participation
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WF-2540 Series Printer Uninstall
EpsonNet Print
Free MP3 Converter 7.6.0.a
Google Chrome
Google Earth
Google Update Helper
HP Support Solutions Framework
HPDiagnosticAlert
ImgBurn
Intel® Rapid Storage Technology
iolo technologies' System Mechanic
iTunes
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LTCM Client
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
My Dell
NirSoft BlueScreenView
Norton AntiVirus
Norton Bootable Recovery Tool Wizard
Norton Identity Safe
PDF Settings CC
PhotoShowExpress
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars
Skype™ 6.11
Software Updater
Sonic CinePlayer Decoder Pack
TeamViewer 8
THX TruStudio PC
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/17/2014 6:30:54 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{749C1F97-F711-48C2-9116-993E402349C3} because another computer on the network has the same name. The server could not start.
12/16/2014 10:13:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/15/2014 7:44:26 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/13/2014 10:13:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E6871D12-7F5D-40A7-84C1-D3E97A641417} because another computer on the network has the same name. The server could not start.
12/12/2014 8:35:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/12/2014 8:35:17 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/12/2014 8:07:20 PM, Error: Service Control Manager [7034] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s).
12/12/2014 5:39:43 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
12/12/2014 5:39:42 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 5:39:42 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 5:39:42 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 5:39:42 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
12/12/2014 5:39:42 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 5:39:42 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 5:39:42 PM, Error: BROWSER [8017] - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status Meaning 1 Service Stopped 2 Start Pending 3 Stop Pending 4 Running 5 Continue Pending 6 Pause Pending 7 Paused
.
==== End Of File ===========================

Edited by Oh My!, 28 December 2014 - 05:19 PM.
Posted logs


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 24 December 2014 - 07:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560356 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,453 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 28 December 2014 - 05:18 PM

Greetings Mike and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox report
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 08:55 AM

Hey Gary!
 
Hope things are going well for you!
 
 
It would not let me paste the info for some reason? I have attached the info/files.
 
also wanted to let you know while I have been waiting for a help I ran Autoruns and found something that did not look right to me. so I unchecked the items to get them to stop auto running and the computer is no longer turning itself off now....
 
maxed out the attachment limit size i'll send it in another post/reply.
 
Thanks again for your help!!!!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Tuggle (administrator) on TUGGLE-PC on 29-12-2014 08:23:31
Running from C:\Users\Tuggle\Desktop
Loaded Profile: Tuggle (Available profiles: Tuggle)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/PURCHASE/WebResource.axd?d=PO7P-LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=634921243110000000
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\Tuggle\AppData\Roaming\Mozilla\Firefox\Profiles\ubte6nkl.default-1379588736101
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1615391796-1494840162-2331002001-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tuggle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1615391796-1494840162-2331002001-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Tuggle\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-12-25]

Chrome:
=======
CHR Profile: C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Google Search) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-05-02]
CHR Extension: (Gmail) - C:\Users\Tuggle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20141226.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20141228.022\ENG64.SYS [129752 2014-11-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20141228.022\EX64.SYS [2137304 2014-11-22] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-07-19] ()
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S4 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 08:23 - 2014-12-29 08:23 - 00020301 _____ () C:\Users\Tuggle\Desktop\FRST.txt
2014-12-29 08:22 - 2014-12-29 08:23 - 00000000 ____D () C:\FRST
2014-12-29 08:22 - 2014-12-29 08:22 - 02123264 _____ (Farbar) C:\Users\Tuggle\Desktop\FRST64.exe
2014-12-24 08:06 - 2014-12-24 08:06 - 00511633 _____ () C:\Users\Tuggle\Desktop\Autoruns.zip
2014-12-24 08:06 - 2014-12-24 08:06 - 00000000 ____D () C:\Users\Tuggle\Desktop\Autoruns
2014-12-24 07:06 - 2014-12-24 07:06 - 731149585 _____ () C:\Windows\MEMORY.DMP
2014-12-24 07:06 - 2014-12-24 07:06 - 00275088 _____ () C:\Windows\Minidump\122414-29156-01.dmp
2014-12-21 09:14 - 2014-12-21 09:15 - 00000000 ____D () C:\Users\Tuggle\Desktop\repair 12.14
2014-12-21 07:21 - 2014-12-29 08:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 07:21 - 2014-12-21 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 07:20 - 2014-12-26 07:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 07:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 07:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 07:19 - 2014-12-21 07:21 - 00000000 ____D () C:\Users\Tuggle\AppData\Roaming\Malwarebytes
2014-12-21 07:19 - 2014-12-21 07:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 07:19 - 2014-12-21 07:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-21 07:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 06:42 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 06:42 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 06:35 - 2014-12-17 06:35 - 68774218 _____ () C:\Users\Tuggle\Desktop\Card 14 resized.psd
2014-12-14 17:35 - 2014-12-14 17:35 - 01080608 _____ (Unity Technologies ApS) C:\Users\Tuggle\Downloads\UnityWebPlayer(2).exe
2014-12-14 17:35 - 2014-12-14 17:35 - 01080608 _____ (Unity Technologies ApS) C:\Users\Tuggle\Downloads\UnityWebPlayer(1).exe
2014-12-14 17:30 - 2014-12-26 15:44 - 01080608 _____ (Unity Technologies ApS) C:\Users\Tuggle\Downloads\UnityWebPlayer (1).exe
2014-12-14 17:12 - 2014-12-14 17:12 - 01080608 _____ (Unity Technologies ApS) C:\Users\Tuggle\Downloads\UnityWebPlayer.exe
2014-12-14 17:08 - 2014-12-14 17:08 - 00000000 ____D () C:\Windows\Sun
2014-12-12 20:41 - 2014-12-12 20:41 - 00029351 _____ () C:\ComboFix.txt
2014-12-12 20:27 - 2014-12-12 20:41 - 00000000 ____D () C:\Qoobox
2014-12-12 20:27 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 20:27 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 20:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 20:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 20:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 20:27 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 20:27 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 20:27 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 17:46 - 2014-12-12 17:46 - 00000000 _____ () C:\Users\Tuggle\Sti_Trace.log
2014-12-11 20:07 - 2014-12-11 20:07 - 00010413 _____ () C:\Users\Tuggle\Documents\grass.xlsx
2014-12-11 03:37 - 2014-12-11 03:37 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:08 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:08 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 12:48 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 12:48 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 12:48 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 12:48 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 12:48 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 12:48 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 12:48 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 12:48 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 12:48 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 12:48 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 12:48 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 12:48 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 12:48 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 12:48 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 12:48 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 12:48 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 12:48 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 12:48 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 12:48 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 12:48 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 12:48 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 12:48 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 12:48 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 12:48 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 12:48 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 12:48 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 12:48 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 12:48 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 12:48 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 12:48 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 12:48 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 12:48 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 12:48 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 12:48 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 12:48 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 12:48 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 12:48 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 12:48 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 12:48 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 12:48 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 12:48 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 12:48 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 12:48 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 12:48 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 12:48 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 12:48 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 12:48 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 12:48 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 12:48 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 12:48 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 12:48 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 12:48 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 12:48 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 12:48 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 12:47 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 12:47 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 12:47 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 12:47 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 12:47 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 12:47 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 12:47 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 12:47 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 12:47 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 12:47 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 12:47 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 12:47 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 12:47 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 12:47 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 12:47 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 12:46 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 12:46 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 11:49 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:49 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 11:48 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-08 21:08 - 2014-12-08 21:08 - 00010765 _____ () C:\Users\Tuggle\Documents\Donation Chart.xlsx
2014-12-06 10:36 - 2014-12-06 10:36 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-06 10:35 - 2014-12-06 10:35 - 00244104 _____ () C:\Users\Tuggle\Downloads\Firefox Setup Stub 34.0.5.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 08:13 - 2013-01-24 20:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 08:10 - 2013-02-12 07:42 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B65A615-3DBF-46BA-89D4-FC9437798FDA}
2014-12-29 07:44 - 2009-07-14 00:10 - 01250370 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 07:43 - 2013-03-20 16:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 07:42 - 2013-03-20 16:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 02:00 - 2013-01-25 14:33 - 00000000 ____D () C:\Users\Tuggle\AppData\Local\Adobe
2014-12-27 09:43 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 22:02 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 22:02 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 21:53 - 2013-10-17 09:13 - 00034571 _____ () C:\Windows\setupact.log
2014-12-25 21:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 09:41 - 2011-06-18 07:28 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-24 09:37 - 2014-03-23 14:16 - 00002962 _____ () C:\Windows\System32\Tasks\{E6CBC980-2736-4F17-A383-1BEFED49C873}
2014-12-24 09:37 - 2013-07-22 17:08 - 00003038 _____ () C:\Windows\System32\Tasks\{70551426-C226-472F-8B7C-3E371052C9F0}
2014-12-24 08:51 - 2013-11-16 15:59 - 00741468 _____ () C:\Windows\PFRO.log
2014-12-24 08:50 - 2013-02-06 19:49 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-12-24 07:06 - 2014-06-14 08:09 - 00000000 ____D () C:\Windows\Minidump
2014-12-21 11:54 - 2013-01-27 12:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-21 08:41 - 2013-01-24 21:15 - 00000000 ____D () C:\Users\Tuggle\AppData\Local\Apps\2.0
2014-12-21 07:52 - 2013-01-25 06:06 - 07733248 _____ () C:\Users\Tuggle\Documents\My Money.mny
2014-12-21 07:35 - 2013-02-15 06:50 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-20 17:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 13:09 - 2013-01-25 06:49 - 00000000 ____D () C:\Users\Tuggle\Documents\Outlook Files
2014-12-17 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-17 08:13 - 2013-01-25 16:20 - 00002066 ____H () C:\Users\Tuggle\Documents\Default.rdp
2014-12-15 07:08 - 2013-02-04 06:57 - 00000000 ____D () C:\Users\Tuggle\AppData\Local\CrashDumps
2014-12-14 17:28 - 2013-01-27 19:31 - 00000000 ____D () C:\Users\Tuggle\AppData\Local\Unity
2014-12-12 20:57 - 2014-01-24 06:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-12 20:41 - 2014-04-22 15:01 - 00000000 ____D () C:\Users\dub_cm_auto
2014-12-12 20:37 - 2013-08-30 18:24 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 20:37 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 18:50 - 2014-06-28 07:24 - 00000000 ____D () C:\Users\Tuggle\Desktop\repair
2014-12-12 17:46 - 2013-01-24 21:11 - 00000000 ____D () C:\Users\Tuggle
2014-12-11 03:37 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:21 - 2013-01-25 06:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:20 - 2013-07-12 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:14 - 2013-01-28 06:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:13 - 2013-01-24 20:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 13:13 - 2013-01-24 20:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 13:13 - 2013-01-24 20:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 07:38 - 2014-11-27 18:08 - 00000000 ____D () C:\Users\Tuggle\AppData\Roaming\Epson
2014-12-09 07:36 - 2014-11-10 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 07:36 - 2013-09-03 06:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 10:36 - 2013-09-03 06:52 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 05:57 - 2013-12-08 10:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-05 05:56 - 2014-11-25 18:11 - 00002481 _____ () C:\Users\Tuggle\Desktop\WHCC ROES.lnk
2014-12-05 05:56 - 2013-01-24 21:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-05 05:55 - 2014-08-19 17:06 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-05 05:55 - 2014-08-19 17:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-05 05:55 - 2014-08-19 17:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-05 05:55 - 2014-08-19 17:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-01 15:07 - 2014-02-09 10:14 - 00000000 ____D () C:\Users\Tuggle\Downloads\Digital Scrapbooking Supplies
2014-12-01 15:07 - 2014-02-09 10:11 - 00000000 ____D () C:\Users\Tuggle\Downloads\LLL Birth Announcement Photos
2014-12-01 06:32 - 2014-11-27 18:02 - 00000000 ____D () C:\ProgramData\EPSON
2014-12-01 06:30 - 2014-11-27 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-12-01 06:30 - 2014-11-27 18:05 - 00000000 ____D () C:\Program Files (x86)\EPSON Software

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 00:02

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Tuggle at 2014-12-29 08:23:54
Running from C:\Users\Tuggle\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Cloud Player (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51208 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.380 - AVG) Hidden
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell System Detect (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\9204f5692a8faf3b) (Version: 5.1.0.41 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Free MP3 Converter 7.6.0.a (HKLM-x32\...\F20FBDC1-C2A3-4EE3-9ED5-970D979F8FE7_is1) (Version: - Accmeware Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Unity Web Player (HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

21-12-2014 19:24:54 Windows Backup
28-12-2014 19:00:11 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-12 20:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00AB6EEC-10C4-4211-A9F4-A55D460DC87F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {02DAC665-595C-406C-9DC7-E103E503B6C4} - System32\Tasks\{0C48CD2D-09DD-461B-95C5-2031BDFD2BEB} => pcalua.exe -a C:\Users\Tuggle\Desktop\smartdraw_11E_8IX3T_setup.exe -d C:\Users\Tuggle\Desktop
Task: {045E82D9-B51E-4BBF-84CA-659E0F1EDA90} - System32\Tasks\{532805FC-454C-4BD5-9AE2-6BB54FBF9CD0} => pcalua.exe -a "C:\Users\Tuggle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GVMQ95F\D_Bean.exe" -d C:\Users\Tuggle\Desktop
Task: {1BBB50DE-3A1C-4B47-9E10-B1B331FEB5C0} - System32\Tasks\{70551426-C226-472F-8B7C-3E371052C9F0} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {24F78EC7-5B67-47F8-B370-72905FA1C23A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {45C20FDF-88BA-4982-BB26-B6F6E52CAAC0} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5255DE0F-357B-4C41-9054-C9D60A56EA10} - System32\Tasks\{E6CBC980-2736-4F17-A383-1BEFED49C873} => C:\Users\Tuggle\Downloads\RealPlayerCloud.exe
Task: {632DA7C3-E095-41F6-9830-EC8A986AB9DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91EF3C8F-1A7D-410A-A9EA-B1A6BD1574B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {B620DC39-2BC5-413B-81FE-0ED9D65F9B7C} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B6BDFF1B-5D67-46D8-B5B6-099C487DD32C} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C2DE993E-CCB2-480F-8D58-8F25661A7630} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {DB7BEFF3-2789-4FA1-8DE2-8E0FC9FFAC56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {E3FCC813-B50A-4755-840B-4A2185847A10} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F21B37D6-BFCF-49FD-94AE-1863DD521B45} - System32\Tasks\AdobeAAMUpdater-1.0-Tuggle-PC-Tuggle => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-23 01:10 - 2014-05-23 01:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-04-19 21:16 - 2011-04-19 21:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 13:21 - 2011-03-14 13:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-16 02:51 - 2014-10-16 02:51 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-06-18 07:07 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Tuggle\Cookies:sojfiL7OA8kKw7GE0notRuJjA
AlternateDataStreams: C:\Users\Tuggle\Local Settings:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Application Data:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Temporary Internet Files:jOyrd5uUReEZRWSvWzK6LNHQ

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Tuggle\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

========================= Accounts: ==========================

Administrator (S-1-5-21-1615391796-1494840162-2331002001-500 - Administrator - Disabled)
Guest (S-1-5-21-1615391796-1494840162-2331002001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1615391796-1494840162-2331002001-1002 - Limited - Enabled)
Tuggle (S-1-5-21-1615391796-1494840162-2331002001-1001 - Administrator - Enabled) => C:\Users\Tuggle

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 07:06:35 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19937

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19937

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9953

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/28/2014 09:25:18 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.102 with the system
having network hardware address B0-E8-92-64-31-48. Network operations on this system may
be disrupted as a result.

Error: (12/28/2014 08:25:07 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.102 with the system
having network hardware address B0-E8-92-64-31-48. Network operations on this system may
be disrupted as a result.

Error: (12/24/2014 06:25:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/24/2014 08:49:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iolo System Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/24/2014 07:06:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff88001b27c1d, 0xfffff8800d8c9930, 0x0000000000000000)C:\Windows\MEMORY.DMP122414-29156-01

Error: (12/24/2014 07:06:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:54 AM on ‎12/‎24/‎2014 was unexpected.

Error: (12/23/2014 06:19:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (12/23/2014 06:19:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/23/2014 07:39:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (12/22/2014 08:10:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}


Microsoft Office Sessions:
=========================
Error: (12/28/2014 07:06:35 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (12/23/2014 07:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19937

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19937

Error: (12/23/2014 03:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9953

Error: (12/23/2014 03:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2014-12-12 20:35:17.420
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-12 20:35:17.374
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 07:49:40.766
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 07:49:40.674
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 07:49:40.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 07:49:40.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-14 11:32:33.100
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-14 11:32:33.022
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-14 11:32:32.929
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-14 11:32:32.835
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8174.45 MB
Available physical RAM: 5511.71 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13492.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:700.79 GB) (Free:395.47 GB) NTFS
Drive d: (Jan 06 2013) (CDROM) (Total:0.69 GB) (Free:0.43 GB) UDF
Drive e: (Data) (Fixed) (Total:684.19 GB) (Free:684 GB) NTFS
Drive j: (Elements) (Fixed) (Total:465.76 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: C891C383)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=700.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=684.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 000252CE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My!, 29 December 2014 - 09:29 AM.


#5 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 09:10 AM

Here is the Autorun log file, Well....... even zipped its to large.... any suggestions?

 

here are a few...

Autorun Entry

rdcilp,

\{70551426-C226-472F-8...

\{E6CBC980-2736-4F17-A...

catchme

EraserUtilDrv11311

TuneUpUtiliiesDrv

"+"

"ll"

"autocheck autoch *"

"Volume label is OS."

"x KB in x files."

.

5%

and there are three others that look like chinese writing

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,453 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 29 December 2014 - 09:33 AM

Good morning Mike, nice to spend some time with you again.

While I start to review your logs here is what you can do to try to get the other information to me.

===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K
If you still can't attach the file to the Post you can upload it here and I will be automatically notified when it arives.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,453 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 29 December 2014 - 10:16 AM

Greetings Mike,

Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S4 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
AlternateDataStreams: C:\Users\Tuggle\Cookies:sojfiL7OA8kKw7GE0notRuJjA
AlternateDataStreams: C:\Users\Tuggle\Local Settings:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Application Data:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Temporary Internet Files:jOyrd5uUReEZRWSvWzK6LNHQ
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • What symptoms remain?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 11:39 AM

awesome! here is the autorun log



#9 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 11:44 AM

ok here you go...



#10 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 11:45 AM

here you go!

 

when I try to paste the log, nothing shows up on my side?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Tuggle at 2014-12-29 11:42:58 Run:1
Running from C:\Users\Tuggle\Desktop
Loaded Profile: Tuggle (Available profiles: Tuggle)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-1615391796-1494840162-2331002001-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S4 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
AlternateDataStreams: C:\Users\Tuggle\Cookies:sojfiL7OA8kKw7GE0notRuJjA
AlternateDataStreams: C:\Users\Tuggle\Local Settings:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Application Data:9iAKK6Un2C2LJPBti2F
AlternateDataStreams: C:\Users\Tuggle\AppData\Local\Temporary Internet Files:jOyrd5uUReEZRWSvWzK6LNHQ
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
"HKU\S-1-5-21-1615391796-1494840162-2331002001-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
catchme => Service deleted successfully.
EraserUtilDrv11311 => Service deleted successfully.
TuneUpUtilitiesDrv => Service deleted successfully.
"C:\Users\Tuggle\Cookies" => ":sojfiL7OA8kKw7GE0notRuJjA" ADS not found.
"C:\Users\Tuggle\Local Settings" => ":9iAKK6Un2C2LJPBti2F" ADS not found.
C:\Users\Tuggle\AppData\Local => ":9iAKK6Un2C2LJPBti2F" ADS removed successfully.
"C:\Users\Tuggle\AppData\Local\Application Data" => ":9iAKK6Un2C2LJPBti2F" ADS not found.
"C:\Users\Tuggle\AppData\Local\Temporary Internet Files" => ":jOyrd5uUReEZRWSvWzK6LNHQ" ADS not found.

==== End of Fixlog 11:42:58 ====


Edited by Oh My!, 29 December 2014 - 03:23 PM.
Posted log


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,453 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 29 December 2014 - 03:34 PM

Thanks Mike.

Run Autoruns again, right click on every yellow entry and select Delete.

Were you not able to run MiniToolBox?

Please run this next.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete Autoruns entries?
  • MiniToolBox report
  • Combofix log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 05:29 PM

i'll get to work on these things, looks like I attached the wrong log. should have been the minitoolbox. see attached

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Tuggle (administrator) on 29-12-2014 at 08:33:39
Running from "C:\Users\Tuggle\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tuggle-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Tuggle

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : C0-F8-DA-79-BF-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Tuggle
   Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : C0-F8-DA-79-BF-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4cde:334:d98a:13e5%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 29, 2014 7:44:07 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 31, 2014 7:44:06 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 230750426
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8E-64-2B-78-2B-CB-9C-E0-69
   DNS Servers . . . . . . . . . . . : 192.168.15.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Tuggle
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 78-2B-CB-9C-E0-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c93c:2475:ec49:187e%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 29, 2014 7:43:32 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 31, 2014 7:43:31 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 242756555
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8E-64-2B-78-2B-CB-9C-E0-69
   DNS Servers . . . . . . . . . . . : 192.168.15.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Tuggle:

   Connection-specific DNS Suffix  . : Tuggle
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.100%18(Preferred)
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.103%18(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.15.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{749C1F97-F711-48C2-9116-993E402349C3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:83c:a8b:b44a:b1d8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::83c:a8b:b44a:b1d8%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  mygateway1.Motorola
Address:  192.168.15.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2607:f8b0:4002:801::1002
      74.125.21.100
      74.125.21.139
      74.125.21.102
      74.125.21.101
      74.125.21.138
      74.125.21.113


Pinging google.com [74.125.21.100] with 32 bytes of data:
Reply from 74.125.21.100: bytes=32 time=30ms TTL=41
Reply from 74.125.21.100: bytes=32 time=27ms TTL=41

Ping statistics for 74.125.21.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 30ms, Average = 28ms
Server:  mygateway1.Motorola
Address:  192.168.15.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=37ms TTL=48
Reply from 98.139.183.24: bytes=32 time=39ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 39ms, Average = 38ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...c0 f8 da 79 bf ce ......Microsoft Virtual WiFi Miniport Adapter
 11...c0 f8 da 79 bf ce ......DW1501 Wireless-N WLAN Half-Mini Card
 10...78 2b cb 9c e0 69 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6abd:83c:a8b:b44a:b1d8/128
                                    On-link
 10    276 fe80::/64                On-link
 11    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 18    281 fe80::5efe:192.168.1.100/128
                                    On-link
 18    281 fe80::5efe:192.168.1.103/128
                                    On-link
 13    306 fe80::83c:a8b:b44a:b1d8/128
                                    On-link
 11    281 fe80::4cde:334:d98a:13e5/128
                                    On-link
 10    276 fe80::c93c:2475:ec49:187e/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****
 


Edited by Oh My!, 29 December 2014 - 05:53 PM.
Posted log


#13 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 05:38 PM

ok, I got some of the yellow files deleted. these files it would not let me delete. i'll let you know how the other stuff goes.

 

Thanks again for your help with this stuff!

 

 



#14 M Tuggle

M Tuggle
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 December 2014 - 05:51 PM

here is the combofix log

(still can paste in the log?)

 

everything seems ok so far....

 

ComboFix 14-12-25.01 - Tuggle 12/29/2014  17:42:20.6.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5574 [GMT -5:00]
Running from: c:\users\Tuggle\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-28 to 2014-12-29  )))))))))))))))))))))))))))))))
.
.
2014-12-29 22:47 . 2014-12-29 22:47    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-12-29 22:47 . 2014-12-29 22:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-29 13:22 . 2014-12-29 16:42    --------    d-----w-    C:\FRST
2014-12-21 12:21 . 2014-12-29 21:58    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-21 12:20 . 2014-11-21 11:14    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-12-21 12:20 . 2014-11-21 11:14    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-12-21 12:20 . 2014-12-26 12:23    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-21 12:19 . 2014-12-21 12:21    --------    d-----w-    c:\users\Tuggle\AppData\Roaming\Malwarebytes
2014-12-21 12:19 . 2014-12-21 12:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-12-21 12:19 . 2014-12-21 12:20    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-12-21 12:19 . 2014-11-21 11:14    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-12-18 11:42 . 2014-12-13 05:09    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-18 11:42 . 2014-12-13 03:33    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-12-14 22:08 . 2014-12-14 22:08    --------    d-----w-    c:\windows\Sun
2014-12-11 08:37 . 2014-12-11 08:37    --------    d-----w-    c:\windows\system32\appraiser
2014-12-11 08:08 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2014-12-11 08:08 . 2014-10-18 02:05    4121600    ----a-w-    c:\windows\system32\mf.dll
2014-12-10 17:47 . 2014-11-08 03:16    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-12-10 17:46 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2014-12-10 17:46 . 2014-10-30 01:45    155136    ----a-w-    c:\windows\SysWow64\charmap.exe
2014-12-10 16:49 . 2014-11-11 03:09    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:49 . 2014-11-11 02:44    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 16:48 . 2014-11-11 01:46    119296    ----a-w-    c:\windows\system32\drivers\tdx.sys
2014-12-06 15:36 . 2014-11-26 16:41    48240    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-12-05 10:56 . 2014-12-05 10:56    --------    d-----w-    c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 08:14 . 2013-01-28 11:40    112710672    ----a-w-    c:\windows\system32\MRT.exe
2014-12-10 18:13 . 2013-01-25 01:52    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 18:13 . 2013-01-25 01:52    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-05 10:55 . 2014-08-19 22:06    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-19 09:31 . 2014-11-19 09:31    1217192    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-11-19 11:26    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 11:26    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 11:26    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 11:26    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-12 16:27    77824    ----a-w-    c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 16:27    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 16:27    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 16:27    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 16:28    155064    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 16:28    683520    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 16:27    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 16:28    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 16:28    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 16:28    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 16:28    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 16:27    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 16:28    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 16:28    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 16:28    681984    ----a-w-    c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 16:27    3198976    ----a-w-    c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 16:27    500224    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 16:27    284672    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 16:27    680960    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 16:27    440832    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 16:27    296448    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 16:27    442880    ----a-w-    c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 16:27    374784    ----a-w-    c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 16:27    195584    ----a-w-    c:\windows\SysWow64\AudioSes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20141209.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 22:27    1087816    ----a-w-    c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 18:13]
.
2014-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 21:29]
.
2014-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 21:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-05-23 06:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-05-23 06:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-05-23 06:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-04 417304]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?gws_rd=ssl
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.15.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/PURCHASE/WebResource.axd?d=PO7P-LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=634921243110000000
FF - ProfilePath - c:\users\Tuggle\AppData\Roaming\Mozilla\Firefox\Profiles\ubte6nkl.default-1379588736101\
FF - ExtSQL: !HIDDEN! 2013-07-25 08:25; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32;c:\program files (x86)\Norton AntiVirus\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-29  17:48:32
ComboFix-quarantined-files.txt  2014-12-29 22:48
ComboFix2.txt  2014-12-13 01:41
.
Pre-Run: 424,355,880,960 bytes free
Post-Run: 424,300,273,664 bytes free
.
- - End Of File - - B3B521762DF5E7627DB4AB03EC2B012B
 


Edited by Oh My!, 29 December 2014 - 05:57 PM.
Posted log


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,453 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 29 December 2014 - 06:02 PM

Greetings Mike,

 

At one time did you have McAfee installed?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users