Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91703 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Zbot issues [Solved]


  • This topic is locked This topic is locked
36 replies to this topic

#1 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 21 November 2013 - 06:02 PM

Norton Antivirus reported that my system was infected with Trojan.Zbot, and cleaned the infection.  The source of the infection was a zip file attached to an email that was in the Recycle Bin of the drive that the email client runs on.  I did nothing to execute the zip file or its contents, so I am puzzled as to how Zbot's installer got to run.

 

About two weeks later, the same thing re-occurred.  The source was again a zip file attached to an email stored in the Recycle Bin.  This time after NAV finished its cleanup, I did some further steps to ensure there wasn't something resident on my computer causing the re-infection.  I manually inspected all known areas I could find that Zbot touches.  I downloaded and ran a second antivirus program (Trend Micro House Call), and it reported no issues with my computer.

 

So I don't know how my computer is getting reinfected.  As one possible bandaid, I've (temporarily) disabled the Recycle Bin on the drive where the email client lives so that the infector file won't have a place to hang around in.  Thank you very much for any insight.

 

Attached are the requested reports.  I tried to copy and paste per the directions, but the forum software says my post is too long that way.  Except for the hijackthis.log, which won't attach, so here it is:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:40:38 PM, on 11/21/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)

FIREFOX: 25.0.1 (en-US)
Boot mode: Normal

Running processes:
d:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\howard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\howard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Users\howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtect.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\howard\AppData\Local\Temp\HouseCall32\housecall.bin
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\download\OTL\OTL.exe
E:\download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - d:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O3 - Toolbar: Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - d:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Display] D:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "d:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Virtual Account Numbers] d:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\howard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\howard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7520 Series" /EF "HKCU"
O4 - HKCU\..\Run: [Uploader] D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D4CC22675B6FF4FC4494C2E6BCC40F7B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\RunOnce: [VEDIT_Cleanup] cmd /y /q /c "C:\Users\howard\AppData\Local\Temp\vedit-cleanup.bat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: APC UPS Status.lnk = D:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Startup: Dropbox.lnk = howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: JBidwatcher 2.5.lnk = D:\Program Files (x86)\CyberFOX Software\JBidwatcher2\JBidwatcher-2.5.3pre3.exe
O4 - Startup: Microsoft Office.lnk = D:\Program Files (x86)\Microsoft Office XP\Office10\OSA.EXE
O4 - Startup: Stoic Joker's T-Clock 2010 x64.lnk = D:\Program Files\tclock\Clock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = D:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{87B5A09D-6598-4C72-BB86-92031C073353}: NameServer = 192.1.1.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sci1.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sci1.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sci1.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - D:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - D:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\ASTSRV.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - d:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - d:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: Seagate Drive Settings Service (FreeAgentGoFlex Service) - Seagate Technology LLC - D:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - D:\Program Files (x86)\Sync\FreeAgentService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - D:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Norton Zone (NZ) - Symantec Corporation - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pyTivo - Unknown owner - D:\Python27\lib\site-packages\win32\PythonService.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - d:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: ShadowStream Service (ShadowProtect ShadowStream) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowStream\ShadowStreamServerSvc.exe
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StorageCraft ImageManager - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
O23 - Service: StorageCraft ImageReady - Unknown owner - C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - d:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - d:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21578 bytes

Attached File  DDS.txt   38.25KB   183 downloadsAttached File  DDS-Attach.txt   11.95KB   325 downloadsAttached File  OTL.Txt   260.68KB   176 downloadsAttached File  OTL-Extras.Txt   99.74KB   159 downloads


Edited by hspindel, 21 November 2013 - 06:06 PM.

    Advertisements

Register to Remove


#2 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 November 2013 - 02:46 AM

Found a new clue: Happened to be in front of the computer when this happened.  When the infected email attachment got scanned by a virus scanner (either NAV or MWB), the Zbot Trojan got installed.  Anybody seen this behavior?

 

If this is the cause, then disabling the Recycle Bin should prevent the infected attachments from hanging around to get scanned.



#3 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 04:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 

#4 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 November 2013 - 05:10 PM

Thank you for looking at this.  I ran the Malwarebytes scan you requested a couple days ago.  No malware was found.



#5 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 26 November 2013 - 08:45 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#6 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 November 2013 - 04:50 PM

Thank you for your response.

 

Absent a proven problem, I am very reluctant to run any programs that make changes to my system.  Do you see anything in the logs submitted so far that suggest a problem? 



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 27 November 2013 - 04:39 AM

You have issues regarding the Zbot trojan, your event log shows several errors that may come from malware activity and adware is running on the system.

 

Yes, I think we should do something...


Proud Member of UNITE & TB
 

#8 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 27 November 2013 - 05:48 PM

Thank you for your reply.

 

Can you please explain what specifically you see in the log related to Zbot issues, and what other issues you see?  I need to evaluate for myself whether or not something needs to be done.

 

I have no current operational issues.  As I previously mentioned, I got a Zbot reinfection when an email attachment was scanned, but once that infection was cleared I've seen no further issues.

 

I am a programmer with 30+ years experience, and I am very reluctant to run a tool like Combofix that is potentially going to make changes to my system without notifying me (and giving me choices) about what changes to make.  My system does contain certain programs that some security software considers "potentially undesirable."  These are present after an evaluation that they were needed, are not related to Zbot, and would cause problems if they were automatically cleaned.



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 28 November 2013 - 02:15 PM

what kind of "certain programs" are you talking about?

 

On the other side, if you have an email attachement that contains Zbot, why not just delete the email? The behaviour of this malware is well analyzed, only the ways it spreads are changing.

 

But okay - we´ll do something else:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 

#10 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 29 November 2013 - 03:46 AM

To answer your questions:  Here is the PUP that Malwarebytes finds:

 

Files Detected: 1
D:\Program Files\Nirsoft\wirelessnetview\WirelessNetView.exe (PUP.WirelessNetworkTool) -> No action taken.

 

This isn't related to Zbot,  and it doesn't  concern me.

 

As to why don't I just delete the email with the infected attachment?  Yes, of course I do that.  The problem has been that the deleted email sits in the Recycle Bin for the drive.  When it is scanned by an antivirus program in the Recycle Bin (either Norton Antivirus or Malwarebytes), it triggers the infecting program to run.  This is behavior that I don't understand, but I watched it happen.  I was hoping by posting on the forum to find someone who could explain that behavior.  As I mentioned above, to at least temporarily address this issue I disabled the Recycle Bin on the drive that the email client runs on.  With Recycle Bin disabled for the last week I have seen no reinfections.

 

Now that I answered your questions, will you please answer mine?  What specifically did you see in my logs that causes you to think I may have an ongoing problem?

 

Thank you.


Edited by hspindel, 29 November 2013 - 04:15 AM.

    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 29 November 2013 - 06:45 AM

You told us that you have problems with malware hiding within recycle bin - that could be part of other infections. For example, the Zero Access rootkit hides there sometimes.

 

Your event log shows the following errors:

 

 

 5:58:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
9:26:35 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.

 

These may be part of infections as well.

 

 

Also, there are some files on your hard drive, that have random names and aren´t belonging to any known software, for example:

 

 

C:\ProgramData\zmlomobd.kxh

 

 

Finally, there is evidence of installed malware on your system:

 

 

FF - prefs.js..browser.search.defaultenginename: "InternetHelper3.1 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "InternetHelper3.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search. conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN15171913752729131&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "InternetHelper3.1 Customized Web Search"

These entries are part of the conduit engine, an advertising platform that collects behaviour data...


Proud Member of UNITE & TB
 

#12 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 29 November 2013 - 06:38 PM

Thank you for the helpful response.

 

I have cleared all of problematic browser preference entries.  Likely they are the remnants of some drive-by toolbar install that I previously removed.  The zmlomobd.kxh is something associated with HP's Application Assistant, and I don't think it's malware.

 

The Lanman Server issue may be a transient.  I run fairly complicated networking here, and I don't see any issues with it.  Don't see anything in my logs to indicate there is a persistent error.

 

None of these issues was related to Zbot.  I am still looking for an answer to the question:  How can an antivirus program cause a Zbot infection just by scanning an infected file?



#13 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 01 December 2013 - 01:34 AM

Following is the FRST scan you requested.  I went through it, and found a couple more references to conduit.com search and removed them.

 

I looked at "Files to move or delete" and all except one of them have to do with the UPS software.  I don't know what ResourceReader.dll does, but Googling it says it's not harmful.

 

The files giiynunu.mau and zmlomobd.kxh are puzzling.  I deleted them, but they came back.  Neither Norton nor MalwareBytes thinks they are harmful.  Can't find any information about them by Googling.

 

-----------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by howard (administrator) on QUAD64 on 30-11-2013 22:38:43
Running from E:\download\Farbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Symantec Corporation) D:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(FileZilla Project) D:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Seagate Technology LLC) D:\Program Files (x86)\Sync\FreeAgentService.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() D:\Python27\Lib\site-packages\win32\pythonservice.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() D:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Symantec Corporation) D:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe
() C:\Users\howard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\howard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHDA.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Mozy, Inc.) D:\Program Files\MozyHome\mozystat.exe
(Adobe Sytems Incorporated) D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dropbox, Inc.) C:\Users\howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\javaw.exe
(Stoic Joker's Network) D:\Program Files\tclock\Clock.exe
(FileZilla Project) D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Orbiscom Ltd. All rights reserved.) D:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowStream\ShadowStreamServerSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) D:\Program Files\MozyHome\mozybackup.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozy, Inc.) D:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Intel Scheduler2 Service] - C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe [404384 2013-03-11] (Intel)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [SkyDrive] - C:\Users\howard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-13] (Microsoft Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHDA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Google Update] - C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-19] (Google Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-10-19] (Siber Systems)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Version Cue CS2] - D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Display] - D:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [FileZilla Server Interface] - D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Virtual Account Numbers] - D:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2013-10-09] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [DataMigrationSoftwareMonitor.exe] - "D:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe"
HKU\StandardUser\...\Run: [QuickTime Task] - D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> D:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\howard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JBidwatcher 2.5.lnk
ShortcutTarget: JBidwatcher 2.5.lnk -> D:\Program Files (x86)\CyberFOX Software\JBidwatcher2\JBidwatcher-2.5.3pre3.exe ()
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> D:\Program Files (x86)\Microsoft Office XP\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> D:\Program Files\tclock\Clock.exe (Stoic Joker's Network)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {D2593565-CC6B-430E-8F11-C38F6F84C6EE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {92C7AD02-E1BE-4C52-8BF2-20590FA6838C} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D2593565-CC6B-430E-8F11-C38F6F84C6EE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {92C7AD02-E1BE-4C52-8BF2-20590FA6838C} URL = http://search.condui...2368384306&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKCU - {92C7AD02-E1BE-4C52-8BF2-20590FA6838C} URL = http://search.condui...2368384306&UM=2
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {D2593565-CC6B-430E-8F11-C38F6F84C6EE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - D:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - D:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll [86016 2006-08-17] (Qualcomm Inc.)
Tcpip\..\Interfaces\{87B5A09D-6598-4C72-BB86-92031C073353}: [NameServer]192.1.1.8

FireFox:
========
FF ProfilePath: C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN15171913752729131&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\howard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\howard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\howard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\howard\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\howard\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Autocopy - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF Extension: HP Detect - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: ViewSourceWith - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
FF Extension: adblockpopups - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: anticontainer - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\anticontainer@downthemall.net.xpi
FF Extension: lazarus - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\lazarus@interclue.com.xpi
FF Extension: status4evar - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: flashgot - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: tinythaturl - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{2de9b308-a84e-45ee-82e7-b48e5fe44258}.xpi
FF Extension: No Name - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{3d2ee42e-a6d9-4888-bd17-2148dc7928d7}.xpi
FF Extension: gadrm - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: Adblock Plus - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: tabmix - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: dta - C:\Users\howard\AppData\Roaming\Mozilla\Firefox\Profiles\fy3cpfvy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - d:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - d:\Program Files (x86)\Virtual Account Numbers
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Hangouts) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1106.433.2_0
CHR Extension: (Google Wallet) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-07-15] (Adobe Systems)
R2 Adobe Version Cue CS2; D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
R2 APC Data Service; D:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; D:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-08-11] (Nalpeiron Ltd.)
R2 DiskDoctorService; d:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 EaseUS Agent; d:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2013-10-11] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FileZilla Server; d:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
R2 FreeAgentGoFlex Service; D:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
R2 FreeAgentGoNext Service; D:\Program Files (x86)\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Guard Agent; d:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IntSch2Svc; C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [1127944 2013-03-11] (Intel)
R2 mozybackup; D:\Program Files\MozyHome\mozybackup.exe [55112 2013-09-18] (Mozy, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-05] (Nitro PDF Software)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe [143856 2013-11-10] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
R2 pyTivo; D:\Python27\lib\site-packages\win32\PythonService.exe [12800 2012-10-27] ()
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Seagate Dashboard Services; d:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
R2 ShadowProtect ShadowStream; C:\Program Files (x86)\StorageCraft\ShadowStream\ShadowStreamServerSvc.exe [544768 2012-03-29] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4631816 2013-07-18] (StorageCraft Technology Corporation)
S4 SpeedDiskService; d:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
R2 StorageCraft ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [1649928 2013-04-01] (StorageCraft Technology Corporation)
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4409760 2013-07-18] ()
S3 SystemExplorerHelpService; d:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R2 TeamViewer8; d:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5087584 2013-10-01] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2013-07-18] (StorageCraft Technology Corporation)

==================== Drivers (Whitelisted) ====================

S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] ()
S3 ampa; C:\Windows\SysWow64\ampa.sys [12728 2011-12-26] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\01000F0.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpuz136; d:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-09-30] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-09-18] (Mozy, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131130.007\ENG64.SYS [126040 2013-10-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131130.007\EX64.SYS [2099288 2013-10-20] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2013-07-18] (StorageCraft Technology Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2013-07-18] (StorageCraft Technology Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-11] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\SysWow64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-11-26] (Acronis)
S3 WIMMount; d:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
U4 Wlantccasp; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
U4 Wlantccasp; C:\Windows\SysWow64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
U5 UnlockerDriver5; d:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-30 22:38 - 2013-11-30 22:38 - 00000000 ____D C:\FRST
2013-11-30 21:41 - 2013-11-30 21:41 - 00000173 _____ C:\Users\howard\Desktop\tdaxfer.txt
2013-11-30 15:46 - 2013-11-30 15:46 - 00004897 _____ C:\ProgramData\giiynunu.mau
2013-11-30 15:46 - 2013-11-30 15:46 - 00004867 _____ C:\ProgramData\zmlomobd.kxh
2013-11-29 17:05 - 2013-11-29 17:05 - 00008830 _____ C:\ProgramData\RemovedByHS.7z
2013-11-29 02:11 - 2013-11-29 02:11 - 00001100 _____ C:\Users\howard\Desktop\▶ Remove Ransomware with Farbar Recovery Scan Tool by Britec - YouTube.URL
2013-11-28 14:12 - 2013-11-28 14:12 - 00000000 _____ C:\Windows\install71642.log
2013-11-28 14:11 - 2013-11-30 15:46 - 00011620 _____ C:\Windows\setupact.log
2013-11-28 14:11 - 2013-11-28 14:11 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 02:35 - 2013-11-28 02:35 - 00000043 _____ C:\Windows\gswin64.ini
2013-11-28 02:34 - 2013-11-28 02:34 - 00000000 _____ C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
2013-11-28 00:56 - 2013-11-28 00:56 - 00000319 _____ C:\Users\howard\Desktop\Amazon.com Canon PowerShot SX50 HS 12MP Digital Camera with 2.8-Inch LCD (Black) CANON Camera & Photo.URL
2013-11-27 00:30 - 2013-11-27 00:30 - 00000000 ____D C:\Program Files\Intel
2013-11-27 00:20 - 2013-11-27 00:20 - 00000861 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-26 23:57 - 2013-11-26 23:57 - 00791608 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2013-11-26 23:57 - 2013-11-26 23:57 - 00358456 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2013-11-26 23:57 - 2013-11-26 23:57 - 00000000 ____D C:\Users\howard\AppData\Roaming\WinBatch
2013-11-26 23:55 - 2013-11-26 23:55 - 00000000 ____D C:\ProgramData\Ralink
2013-11-26 00:37 - 2013-11-26 00:37 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2013-11-26 00:37 - 2013-11-26 00:37 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys
2013-11-26 00:37 - 2013-11-26 00:37 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys
2013-11-25 22:51 - 2013-04-27 17:07 - 01647544 _____ C:\Windows\ampa.exe
2013-11-25 22:51 - 2011-12-26 15:27 - 00015288 _____ C:\Windows\system32\ampa.sys
2013-11-25 22:51 - 2011-12-26 15:27 - 00012728 _____ C:\Windows\SysWOW64\ampa.sys
2013-11-25 21:51 - 2013-11-25 21:51 - 00002270 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\Documents\Media Share
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\Documents\Bluetooth Exchange Folder
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Logitech
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Epson
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Local\Broadcom
2013-11-25 21:49 - 2013-11-25 21:49 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-11-24 02:12 - 2013-11-24 02:12 - 00004096 ___SH C:\VSM000.IDX
2013-11-22 00:52 - 2013-09-04 11:24 - 00189000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2013-11-22 00:52 - 2013-09-04 11:24 - 00061000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2013-11-22 00:52 - 2013-09-04 11:24 - 00048200 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2013-11-22 00:52 - 2013-09-04 11:24 - 00018504 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2013-11-22 00:50 - 2013-09-04 11:32 - 00024136 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2013-11-22 00:31 - 2013-11-22 00:31 - 00000239 _____ C:\Users\howard\Desktop\Intel® High Performance Solid-State Drive — How to check if TRIM is enabled.URL
2013-11-21 23:39 - 2013-11-21 23:39 - 00000000 _RSHD C:\acroldr
2013-11-21 23:30 - 2013-11-21 23:30 - 00003864 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2013-11-21 23:30 - 2013-11-21 23:30 - 00003616 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2013-11-21 23:30 - 2013-11-21 23:30 - 00001282 _____ C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
2013-11-21 23:30 - 2013-11-21 23:30 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2013-11-21 23:28 - 2013-11-21 23:28 - 00000000 ____D C:\Users\howard\AppData\Roaming\Intel
2013-11-21 23:27 - 2013-11-26 00:37 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2013-11-21 23:27 - 2013-11-21 23:27 - 00155272 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
2013-11-21 17:07 - 2013-11-28 02:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-21 17:05 - 2013-11-28 02:19 - 00000000 ____D C:\Users\howard\Desktop\mbar
2013-11-21 17:05 - 2013-11-28 02:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-21 16:11 - 2013-11-21 16:11 - 00000000 ____D C:\Users\howard\AppData\Roaming\Malwarebytes
2013-11-21 16:11 - 2013-11-21 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 16:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-21 15:34 - 2013-11-21 16:08 - 00000000 ____D C:\Users\howard\Desktop\virus
2013-11-21 08:39 - 2013-11-21 08:39 - 40151293 _____ C:\Users\howard\AppData\Local\census.cache
2013-11-21 08:28 - 2013-11-21 18:58 - 00000000 _____ C:\Users\howard\AppData\Local\ars.cache
2013-11-19 22:32 - 2013-11-19 22:32 - 00000036 _____ C:\Users\howard\AppData\Local\housecall.guid.cache
2013-11-19 19:11 - 2013-11-19 19:11 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-17 23:00 - 2013-11-17 23:00 - 00000293 _____ C:\Users\howard\Desktop\NGC Registry US Sets.URL
2013-11-15 01:30 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-15 01:30 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-15 01:30 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-15 01:30 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-15 01:30 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-15 01:30 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-15 01:30 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-15 01:30 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-15 01:30 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-15 01:30 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-15 01:30 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-15 01:30 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-15 01:30 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-15 01:30 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-15 01:30 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-15 01:30 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-15 01:30 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-15 01:30 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-15 01:23 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 01:23 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 01:23 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 01:23 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 01:23 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 01:23 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 01:23 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 01:23 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 01:23 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 01:23 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 01:23 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-15 01:23 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 01:23 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 01:23 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 01:23 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 01:23 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 01:23 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 01:23 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 01:23 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-15 01:23 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 01:23 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 01:23 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 01:23 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 01:23 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 01:22 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 01:22 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 01:22 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 01:22 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 01:22 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 01:22 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 01:22 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 01:22 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-11 22:52 - 2013-11-11 22:52 - 00001415 _____ C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 22:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-11 22:21 - 2013-11-11 22:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 22:21 - 2013-11-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 22:21 - 2013-11-11 22:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 22:21 - 2013-11-11 22:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 22:21 - 2013-11-11 22:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 22:21 - 2013-11-11 22:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 22:21 - 2013-11-11 22:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 22:21 - 2013-11-11 22:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 22:21 - 2013-11-11 22:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 22:21 - 2013-11-11 22:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 22:21 - 2013-11-11 22:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-10 22:59 - 2012-02-14 12:49 - 00114176 _____ (CPUID) C:\Windows\SysWOW64\PCWizard.cpl
2013-11-09 14:23 - 2013-11-09 14:23 - 00000262 _____ C:\Users\howard\Desktop\Apple Inc. (AAPL) An Apple Story Alpha, Algos And A Poorman - Seeking Alpha.URL
2013-11-08 16:23 - 2013-11-08 18:21 - 00000000 ____D C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-11-08 16:19 - 2013-11-08 16:19 - 00000000 ____D C:\Users\howard\Documents\Bluetooth Exchange Folder
2013-11-08 16:19 - 2013-11-08 16:19 - 00000000 ____D C:\Users\howard\AppData\Local\Broadcom
2013-11-08 16:19 - 2012-03-31 19:52 - 00594472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2013-11-08 16:15 - 2012-03-31 19:52 - 00184872 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2013-11-08 16:15 - 2012-03-31 19:52 - 00163368 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2013-11-08 16:15 - 2012-03-05 04:29 - 00210984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2013-11-08 16:15 - 2012-03-05 04:29 - 00056738 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.0449.0515.hex
2013-11-08 16:15 - 2012-03-05 04:29 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2013-11-08 16:15 - 2011-09-16 17:38 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2013-11-08 16:14 - 2013-11-08 16:14 - 00000000 ____D C:\Program Files\WIDCOMM
2013-11-07 17:45 - 2013-11-07 17:45 - 00000235 _____ C:\Users\howard\Desktop\Help! I'm still getting Pop-ups - The solution • mozillaZine Forums.URL
2013-11-07 01:59 - 2013-11-07 02:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 01:59 - 2013-11-07 02:00 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 01:59 - 2013-11-07 02:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 01:59 - 2013-11-07 01:59 - 00000000 ____D C:\Program Files\iPod
2013-11-06 00:15 - 2013-11-06 00:15 - 00000240 _____ C:\Users\howard\Desktop\1868 5C Shield Nickels Inv #800053614 Heritage Auctions.URL
2013-11-05 23:53 - 2013-11-05 23:53 - 00000251 _____ C:\Users\howard\Desktop\18832 5C MS67 NGC. CAC. FS-304. The Shield nickel series is LotID #3041 Heritage Auctions.URL
2013-11-05 23:52 - 2013-11-05 23:52 - 00000237 _____ C:\Users\howard\Desktop\18832 5C XF45 PCGS. FS-302. The jagged crack through the ball and LotID #1541 Heritage Auctions.URL
2013-11-05 23:52 - 2013-11-05 23:52 - 00000237 _____ C:\Users\howard\Desktop\18832 5C XF40 PCGS. FS-302. Several obverse die cracks aid the LotID #1540 Heritage Auctions.URL
2013-11-01 17:49 - 2013-11-17 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-01 17:49 - 2013-11-01 17:49 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-31 15:36 - 2013-10-31 15:36 - 00000252 _____ C:\Users\howard\Desktop\Collectors Universe Forums - OT eBay Trick Best Offer Completed Items -- How To See The Selling Price.URL

==================== One Month Modified Files and Folders =======

2013-11-30 22:38 - 2013-11-30 22:38 - 00000000 ____D C:\FRST
2013-11-30 22:36 - 2013-07-21 17:00 - 00000000 ____D C:\Users\howard\.jbidwatcher
2013-11-30 22:26 - 2013-10-19 18:21 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000UA.job
2013-11-30 22:05 - 2013-07-17 23:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 22:02 - 2013-07-22 01:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 21:41 - 2013-11-30 21:41 - 00000173 _____ C:\Users\howard\Desktop\tdaxfer.txt
2013-11-30 19:26 - 2013-10-19 18:21 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000Core.job
2013-11-30 18:48 - 2013-07-11 01:00 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8335AFDB-13C8-49BF-B9E7-67FE6B40E0D7}
2013-11-30 17:05 - 2013-07-17 23:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-30 16:35 - 2013-07-11 00:58 - 01793648 _____ C:\Windows\WindowsUpdate.log
2013-11-30 15:53 - 2009-07-13 20:45 - 00024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 15:53 - 2009-07-13 20:45 - 00024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-30 15:51 - 2009-07-13 21:13 - 00783862 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 15:46 - 2013-11-30 15:46 - 00004897 _____ C:\ProgramData\giiynunu.mau
2013-11-30 15:46 - 2013-11-30 15:46 - 00004867 _____ C:\ProgramData\zmlomobd.kxh
2013-11-30 15:46 - 2013-11-28 14:11 - 00011620 _____ C:\Windows\setupact.log
2013-11-30 15:46 - 2013-07-02 00:57 - 00000000 ____D C:\ProgramData\PDFC
2013-11-30 15:45 - 2013-07-19 08:27 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForhoward.job
2013-11-30 15:45 - 2013-07-17 23:48 - 00000000 ____D C:\Users\howard\AppData\Roaming\Dropbox
2013-11-30 15:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-30 04:14 - 2013-09-18 20:49 - 00012824 _____ C:\Windows\mozy.blk
2013-11-30 04:14 - 2013-09-18 20:49 - 00002518 _____ C:\Windows\mozy.flt
2013-11-29 17:05 - 2013-11-29 17:05 - 00008830 _____ C:\ProgramData\RemovedByHS.7z
2013-11-29 09:38 - 2013-07-26 08:15 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 09:38 - 2013-07-19 08:27 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForhoward
2013-11-29 09:38 - 2013-07-12 15:11 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-29 09:37 - 2013-07-12 15:06 - 00000000 ____D C:\Users\howard\AppData\Roaming\HP Support Assistant
2013-11-29 09:37 - 2013-07-12 01:25 - 00000000 ____D C:\Users\howard\AppData\Roaming\HpUpdate
2013-11-29 02:11 - 2013-11-29 02:11 - 00001100 _____ C:\Users\howard\Desktop\▶ Remove Ransomware with Farbar Recovery Scan Tool by Britec - YouTube.URL
2013-11-28 22:45 - 2013-07-11 02:26 - 00000000 ____D C:\Users\howard\.VirtualBox
2013-11-28 22:06 - 2013-07-20 20:29 - 00000000 ____D C:\Users\howard\AppData\Roaming\Nitro PDF
2013-11-28 14:12 - 2013-11-28 14:12 - 00000000 _____ C:\Windows\install71642.log
2013-11-28 14:11 - 2013-11-28 14:11 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 02:35 - 2013-11-28 02:35 - 00000043 _____ C:\Windows\gswin64.ini
2013-11-28 02:34 - 2013-11-28 02:34 - 00000000 _____ C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
2013-11-28 02:20 - 2013-07-30 22:15 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-28 02:19 - 2013-11-21 17:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 02:19 - 2013-11-21 17:05 - 00000000 ____D C:\Users\howard\Desktop\mbar
2013-11-28 02:12 - 2013-11-21 17:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-28 00:56 - 2013-11-28 00:56 - 00000319 _____ C:\Users\howard\Desktop\Amazon.com Canon PowerShot SX50 HS 12MP Digital Camera with 2.8-Inch LCD (Black) CANON Camera & Photo.URL
2013-11-27 16:33 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-27 00:39 - 2009-07-13 21:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-27 00:30 - 2013-11-27 00:30 - 00000000 ____D C:\Program Files\Intel
2013-11-27 00:21 - 2013-07-21 22:44 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-27 00:20 - 2013-11-27 00:20 - 00000861 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-27 00:10 - 2011-02-11 09:15 - 00775984 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 23:57 - 2013-11-26 23:57 - 00791608 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2013-11-26 23:57 - 2013-11-26 23:57 - 00358456 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2013-11-26 23:57 - 2013-11-26 23:57 - 00000000 ____D C:\Users\howard\AppData\Roaming\WinBatch
2013-11-26 23:57 - 2013-07-02 00:47 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2013-11-26 23:57 - 2011-02-11 08:32 - 00000000 ____D C:\SWSETUP
2013-11-26 23:55 - 2013-11-26 23:55 - 00000000 ____D C:\ProgramData\Ralink
2013-11-26 23:55 - 2013-07-02 00:48 - 00012358 _____ C:\Windows\system32\RaCoInst.log
2013-11-26 23:54 - 2013-07-02 00:48 - 00000000 ____D C:\Windows\system32\RaLanguages
2013-11-26 00:37 - 2013-11-26 00:37 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2013-11-26 00:37 - 2013-11-26 00:37 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys
2013-11-26 00:37 - 2013-11-26 00:37 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys
2013-11-26 00:37 - 2013-11-21 23:27 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2013-11-25 21:51 - 2013-11-25 21:51 - 00002270 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\Documents\Media Share
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\Documents\Bluetooth Exchange Folder
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Logitech
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Epson
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-11-25 21:51 - 2013-11-25 21:51 - 00000000 ____D C:\Users\admin\AppData\Local\Broadcom
2013-11-25 21:51 - 2013-07-13 03:08 - 00143944 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 21:51 - 2013-07-13 03:06 - 00001415 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 21:51 - 2013-07-13 03:05 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 21:51 - 2013-07-13 03:05 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-25 21:49 - 2013-11-25 21:49 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-11-24 02:12 - 2013-11-24 02:12 - 00004096 ___SH C:\VSM000.IDX
2013-11-22 00:31 - 2013-11-22 00:31 - 00000239 _____ C:\Users\howard\Desktop\Intel® High Performance Solid-State Drive — How to check if TRIM is enabled.URL
2013-11-21 23:47 - 2013-07-02 00:47 - 00000000 ____D C:\ProgramData\Intel
2013-11-21 23:39 - 2013-11-21 23:39 - 00000000 _RSHD C:\acroldr
2013-11-21 23:30 - 2013-11-21 23:30 - 00003864 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2013-11-21 23:30 - 2013-11-21 23:30 - 00003616 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2013-11-21 23:30 - 2013-11-21 23:30 - 00001282 _____ C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
2013-11-21 23:30 - 2013-11-21 23:30 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2013-11-21 23:30 - 2013-07-02 00:47 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-21 23:28 - 2013-11-21 23:28 - 00000000 ____D C:\Users\howard\AppData\Roaming\Intel
2013-11-21 23:27 - 2013-11-21 23:27 - 00155272 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
2013-11-21 18:58 - 2013-11-21 08:28 - 00000000 _____ C:\Users\howard\AppData\Local\ars.cache
2013-11-21 16:22 - 2013-09-24 15:11 - 00000000 ____D C:\ProgramData\Conduit
2013-11-21 16:11 - 2013-11-21 16:11 - 00000000 ____D C:\Users\howard\AppData\Roaming\Malwarebytes
2013-11-21 16:11 - 2013-11-21 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 16:08 - 2013-11-21 15:34 - 00000000 ____D C:\Users\howard\Desktop\virus
2013-11-21 08:39 - 2013-11-21 08:39 - 40151293 _____ C:\Users\howard\AppData\Local\census.cache
2013-11-19 22:32 - 2013-11-19 22:32 - 00000036 _____ C:\Users\howard\AppData\Local\housecall.guid.cache
2013-11-19 19:52 - 2013-07-17 22:10 - 00000000 ____D C:\Users\howard\AppData\Local\Adobe
2013-11-19 19:50 - 2013-07-22 01:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-19 19:50 - 2013-07-02 00:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-19 19:50 - 2013-07-02 00:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-19 19:36 - 2013-07-02 00:59 - 00000000 ____D C:\ProgramData\Norton
2013-11-19 19:11 - 2013-11-19 19:11 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-17 23:00 - 2013-11-17 23:00 - 00000293 _____ C:\Users\howard\Desktop\NGC Registry US Sets.URL
2013-11-17 15:58 - 2013-07-26 14:49 - 00000000 ____D C:\Users\howard\AppData\Roaming\FileZilla
2013-11-17 15:56 - 2013-07-11 01:00 - 00000000 ____D C:\Users\howard\AppData\Local\PDFC
2013-11-17 01:54 - 2013-07-24 00:31 - 00000000 ____D C:\Users\howard\AppData\Roaming\vlc
2013-11-17 01:14 - 2013-07-17 23:28 - 00000000 ____D C:\Users\howard\AppData\Roaming\Apple Computer
2013-11-17 01:11 - 2013-07-17 23:28 - 00000000 ____D C:\Users\howard\AppData\Local\Apple Computer
2013-11-17 01:08 - 2013-11-01 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 00:46 - 2013-07-17 23:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-17 00:19 - 2013-07-13 02:48 - 00000000 ____D C:\Users\howard\AppData\Local\CrashDumps
2013-11-17 00:19 - 2011-02-11 09:00 - 00000000 ____D C:\Windows\Panther
2013-11-15 04:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 01:29 - 2013-07-11 16:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 01:26 - 2013-07-11 15:37 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 15:50 - 2013-07-25 12:57 - 00000000 ____D C:\Windows\System32\Tasks\Norton Zone
2013-11-13 15:50 - 2013-07-25 12:56 - 00000000 ____D C:\Windows\system32\Drivers\NZx64
2013-11-11 22:52 - 2013-11-11 22:52 - 00001415 _____ C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 22:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-11 22:21 - 2013-11-11 22:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 22:21 - 2013-11-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 22:21 - 2013-11-11 22:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 22:21 - 2013-11-11 22:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 22:21 - 2013-11-11 22:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 22:21 - 2013-11-11 22:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 22:21 - 2013-11-11 22:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 22:21 - 2013-11-11 22:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 22:21 - 2013-11-11 22:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 22:21 - 2013-11-11 22:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 22:21 - 2013-11-11 22:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 22:21 - 2013-11-11 22:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 22:21 - 2013-11-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 22:14 - 2013-08-25 21:21 - 00000000 ____D C:\Users\howard\Desktop\dl
2013-11-09 14:23 - 2013-11-09 14:23 - 00000262 _____ C:\Users\howard\Desktop\Apple Inc. (AAPL) An Apple Story Alpha, Algos And A Poorman - Seeking Alpha.URL
2013-11-08 23:30 - 2013-07-13 03:24 - 00000000 ____D C:\Users\howard\AppData\Roaming\Mozilla
2013-11-08 18:21 - 2013-11-08 16:23 - 00000000 ____D C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-11-08 16:19 - 2013-11-08 16:19 - 00000000 ____D C:\Users\howard\Documents\Bluetooth Exchange Folder
2013-11-08 16:19 - 2013-11-08 16:19 - 00000000 ____D C:\Users\howard\AppData\Local\Broadcom
2013-11-08 16:14 - 2013-11-08 16:14 - 00000000 ____D C:\Program Files\WIDCOMM
2013-11-07 17:45 - 2013-11-07 17:45 - 00000235 _____ C:\Users\howard\Desktop\Help! I'm still getting Pop-ups - The solution • mozillaZine Forums.URL
2013-11-07 03:04 - 2013-10-22 14:28 - 00000000 ____D C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-07 03:04 - 2013-07-11 01:00 - 00000000 ___RD C:\Users\howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 02:47 - 2013-07-13 03:04 - 00000000 ____D C:\Users\admin
2013-11-07 02:25 - 2013-07-21 19:35 - 00000000 ____D C:\Users\howard\AppData\Local\Eclipse
2013-11-07 02:11 - 2013-08-26 21:37 - 00002602 _____ C:\Users\howard\.kdiff3rc
2013-11-07 02:08 - 2013-10-02 00:53 - 00000043 _____ C:\Windows\gswin32.ini
2013-11-07 02:00 - 2013-11-07 01:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 02:00 - 2013-11-07 01:59 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 02:00 - 2013-11-07 01:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 01:59 - 2013-11-07 01:59 - 00000000 ____D C:\Program Files\iPod
2013-11-06 00:15 - 2013-11-06 00:15 - 00000240 _____ C:\Users\howard\Desktop\1868 5C Shield Nickels Inv #800053614 Heritage Auctions.URL
2013-11-05 23:53 - 2013-11-05 23:53 - 00000251 _____ C:\Users\howard\Desktop\18832 5C MS67 NGC. CAC. FS-304. The Shield nickel series is LotID #3041 Heritage Auctions.URL
2013-11-05 23:52 - 2013-11-05 23:52 - 00000237 _____ C:\Users\howard\Desktop\18832 5C XF45 PCGS. FS-302. The jagged crack through the ball and LotID #1541 Heritage Auctions.URL
2013-11-05 23:52 - 2013-11-05 23:52 - 00000237 _____ C:\Users\howard\Desktop\18832 5C XF40 PCGS. FS-302. Several obverse die cracks aid the LotID #1540 Heritage Auctions.URL
2013-11-01 17:49 - 2013-11-01 17:49 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-01 17:47 - 2013-07-13 03:24 - 00000000 ____D C:\Users\howard\AppData\Local\Mozilla
2013-10-31 22:33 - 2013-07-02 00:57 - 00000000 ____D C:\ProgramData\Skype
2013-10-31 15:36 - 2013-10-31 15:36 - 00000252 _____ C:\Users\howard\Desktop\Collectors Universe Forums - OT eBay Trick Best Offer Completed Items -- How To See The Selling Price.URL

Files to move or delete:
====================
C:\Users\howard\en_res.dll
C:\Users\howard\es_res.dll
C:\Users\howard\fr_res.dll
C:\Users\howard\grm_res.dll
C:\Users\howard\it_res.dll
C:\Users\howard\jp_res.dll
C:\Users\howard\mfc80u.dll
C:\Users\howard\msvcr80.dll
C:\Users\howard\PCPE Setup.exe
C:\Users\howard\pt_res.dll
C:\Users\howard\ResourceReader.dll
C:\Users\howard\ru_res.dll
C:\Users\howard\zh_res.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 01:57

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by howard at 2013-11-30 22:40:03
Running from E:\download\Farbar
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Active@ ISO Burner (x32 Version: 2.5.1)
Adobe Bridge 1.0 (x32 Version: 001.000.000)
Adobe Common File Installer (x32 Version: 1.00.0000)
Adobe Creative Suite 2 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Center 1.0 (x32 Version: 001.000.000)
Adobe Illustrator CS2 (x32 Version: 12.000.000)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000)
Adobe SVG Viewer 3.0 (x32 Version:  3.0)
Adobe Version Cue CS2 (x32 Version: 2.0)
Amazon Cloud Player (HKCU Version: 1.1.0.337)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AOMEI Partition Assistant Standard Edition 5.2 (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Assessment and Deployment Kit (x32 Version: 8.59.25584)
Audacity 2.0.5 (x32 Version: 2.0.5)
Bejeweled 3 (x32 Version: 2.2.0.98)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blio (x32 Version: 3.0.9482)
Bonjour (Version: 3.0.0.10)
Bubble Wrap (x32 Version: 1.0.0.0)
BufferChm (x32 Version: 140.0.298.000)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon MG5200 series MP Drivers
Canon MP Navigator EX 4.0 (x32)
Canon My Printer (x32 Version: 3.1.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0408.604.8899)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0408.604.8899)
Catalyst Control Center InstallProxy (x32 Version: 2012.0408.604.8899)
Catalyst Control Center Localization All (x32 Version: 2012.0408.604.8899)
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0408.604.8899)
CCC Help Chinese Standard (x32 Version: 2012.0408.0603.8899)
CCC Help Chinese Traditional (x32 Version: 2012.0408.0603.8899)
CCC Help Czech (x32 Version: 2012.0408.0603.8899)
CCC Help Danish (x32 Version: 2012.0408.0603.8899)
CCC Help Dutch (x32 Version: 2012.0408.0603.8899)
CCC Help English (x32 Version: 2012.0408.0603.8899)
CCC Help Finnish (x32 Version: 2012.0408.0603.8899)
CCC Help French (x32 Version: 2012.0408.0603.8899)
CCC Help German (x32 Version: 2012.0408.0603.8899)
CCC Help Greek (x32 Version: 2012.0408.0603.8899)
CCC Help Hungarian (x32 Version: 2012.0408.0603.8899)
CCC Help Italian (x32 Version: 2012.0408.0603.8899)
CCC Help Japanese (x32 Version: 2012.0408.0603.8899)
CCC Help Korean (x32 Version: 2012.0408.0603.8899)
CCC Help Norwegian (x32 Version: 2012.0408.0603.8899)
CCC Help Polish (x32 Version: 2012.0408.0603.8899)
CCC Help Portuguese (x32 Version: 2012.0408.0603.8899)
CCC Help Russian (x32 Version: 2012.0408.0603.8899)
CCC Help Spanish (x32 Version: 2012.0408.0603.8899)
CCC Help Swedish (x32 Version: 2012.0408.0603.8899)
CCC Help Thai (x32 Version: 2012.0408.0603.8899)
CCC Help Turkish (x32 Version: 2012.0408.0603.8899)
ccc-utility64 (Version: 2012.0408.604.8899)
CCleaner (Version: 4.08)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CrystalDiskInfo 5.6.2 (x32 Version: 5.6.2)
CrystalDiskMark 3.0.2f (Version: 3.0.2f)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.0.0)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DocProc (x32 Version: 140.0.185.000)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.4.6)
EaseUS Todo Backup Free 6.1 (x32 Version: 6.1)
Epson Connect (x32)
Epson Customer Participation (Version: 1.0.0.0)
Epson Event Manager (x32 Version: 2.50.0000)
Epson E-Web Print (x32 Version: 1.17.0000)
Epson FAX Utility (x32 Version: 1.31.00)
Epson PC-FAX Driver (x32)
EPSON Scan (x32)
EPSON WF-7520 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
Escape the Emerald Star (x32 Version: 2.2.0.98)
Eudora (x32 Version: 7.0)
Facebook (x32 Version: 1.1.0004)
Family Tree Maker 2011 (x32 Version: 20.0.379)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.97)
FATE (x32 Version: 2.2.0.97)
FileMenu Tools (Version: 6.6)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
FileZilla Server (x32 Version: beta 0.9.41)
Final Drive Fury (x32 Version: 2.2.0.95)
Finale NotePad 2012 (x32 Version: 2012..r1.5)
Free Launch Bar 64-bit Edition (Version: 2.0.0.0)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.21.165)
GPL Ghostscript (Version: 9.10)
GPL Ghostscript Fonts (x32)
guitone 1.0rc5 (x32 Version: 1.0rc5)
HD Tune 2.55 (x32)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Application Assistant (Version: 1.1.466.3970)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (x32 Version: 5.1.4245.23508)
HP Clock (x32 Version: 5.1.4281.27332)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Games (x32 Version: 1.0.2.5)
HP IDF Software (x32 Version: 11.15.1000)
HP Imaging Device Functions 14.5 (Version: 14.5)
HP LinkUp (x32 Version: 2.01.029)
HP Magic Canvas (x32 Version: 5.1.15.0)
HP Magic Canvas Tutorials (x32 Version: 6.0.0.0)
HP Notes (x32 Version: 5.1.4274.30382)
HP Odometer (x32 Version: 2.10.0000)
HP RSS (x32 Version: 5.1.4289.23799)
HP Scanjet G4010 (Version: 14.5)
HP Setup (x32 Version: 9.1.15430.4033)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 11.00.0001)
HP TouchSmart Background - Beats (x32 Version: 1.0.1.0)
HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730)
HP Update (x32 Version: 5.005.000.002)
HP Weather (x32 Version: 5.1.4245.22595)
hpg4010 (x32 Version: 140.000.000.000)
HWiNFO64 Version 4.26 (Version: 4.26)
HydraVision (x32 Version: 4.2.236.0)
iCloud (Version: 3.0.2.163)
ImageMagick 6.8.7-7 Q16 (64-bit) (2013-12-01) (Version: 6.8.7)
Inno Script Studio version 2.1.0.20 (x32 Version: 2.1.0.20)
Inno Setup QuickStart Pack version 5.5.4 (x32 Version: 5.5.4)
Intel® Management Engine Components (x32 Version: 8.0.0.1351)
Intel® Processor ID Utility (x32 Version: 4.75.0000)
Intel® Rapid Storage Technology (Version: 12.8.0.1016)
Intel® Update Manager (x32 Version: 1.6.3.70)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.6.245)
Intel® Data Migration Software (x32 Version: 15.0.15056)
Intel® SSD Toolbox (x32 Version: 3.1.9.400)
IrfanView (remove only) (x32 Version: 4.36)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.1.3.8)
IZArc 4.1.6 (x32 Version: 4.1.6)
IZArc Command Line Add-On 1.1 (x32 Version: 1.1 (Build 140))
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450)
JBidwatcher 2.5.3pre3 (x32 Version: 2.5.3pre3)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
JSmooth 0.9.9-7 (x32)
JTroll 1.2 (x32)
KDiff3 (remove only) (x32)
KeyTweak - Keyboard Remapper (remove only) (x32)
Kits Configuration Installer (x32 Version: 8.59.25584)
LabelPrint (x32 Version: 2.5.4507)
LibreOffice 4.1 Help Pack (English (United States)) (x32 Version: 4.1.3.2)
LibreOffice 4.1.3.2 (x32 Version: 4.1.3.2)
Logitech SetPoint 6.61 (Version: 6.61.15)
Luxor HD (x32 Version: 2.2.0.98)
Macromedia Dreamweaver 4 (x32 Version: 4.0)
Macromedia Extension Manager (x32 Version: 1.2)
Macromedia Fireworks 4 (x32 Version: 4)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metric Converter (x32 Version: 1.0.0.0)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft Office 2000 SR-1 Disc 2 (x32 Version: 9.00.9327)
Microsoft Office 2000 SR-1 Professional (x32 Version: 9.00.9327)
Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Outlook 2002 (x32 Version: 10.0.6626.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
monotone 1.0 (x32 Version: 1.0)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MozyHome (Version: 2.24.0.355)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
My Farm Life 2 (x32 Version: 2.2.0.98)
Nero 11 (x32 Version: 11.2.01000)
Nero 2014 (x32 Version: 15.0.02200)
Nero 2014 Content Pack (x32 Version: 15.0.00200)
Nero Abstract Themes (x32 Version: 12.0.11500)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp 11 (x32 Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Backup Drivers (Version: 12.0.4000)
Nero Blu-ray Player (x32 Version: 12.0.20064)
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015)
Nero Burning Core (x32 Version: 15.0.25001)
Nero Burning ROM (x32 Version: 15.0.25001)
Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021)
Nero Cliparts (x32 Version: 12.0.11500)
Nero ControlCenter (x32 Version: 11.0.16700)
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015)
Nero Core Components (x32 Version: 11.0.22900)
Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Disc Menus 1 (x32 Version: 12.0.11500)
Nero Disc Menus 2 (x32 Version: 12.0.11500)
Nero Disc Menus 3 (x32 Version: 12.0.11500)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Disc to Device (x32 Version: 15.0.12010)
Nero Effects Basic (x32 Version: 15.0.10011)
Nero Express (x32 Version: 15.0.25001)
Nero Express 11 (x32 Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Express Help (CHM) (x32 Version: 15.0.00021)
Nero Family and Events Themes (x32 Version: 12.0.11500)
Nero Football (Soccer) Themes (x32 Version: 12.0.11500)
Nero Holiday and Sports Themes (x32 Version: 12.0.11500)
Nero Image Samples (x32 Version: 15.0.10008)
Nero Info (x32 Version: 15.1.0030)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero Launcher (x32 Version: 15.0.12000)
Nero MediaHome (x32 Version: 1.22.3400)
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021)
Nero PiP Effects 1 (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 15.0.10008)
Nero Platinum Effects 12 (x32 Version: 15.0.10011)
Nero Recode (x32 Version: 15.0.14000)
Nero Recode 11 (x32 Version: 5.2.11300.0.0)
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10500)
Nero Recode Help (CHM) (x32 Version: 15.0.00018)
Nero RescueAgent (x32 Version: 15.0.2000)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015)
Nero Retro Film Themes (x32 Version: 12.0.11700)
Nero SharedVideoCodecs (x32 Version: 1.0.15005)
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.13300.42.0)
Nero Video (x32 Version: 15.0.13000)
Nero Video 11 (x32 Version: 8.2.16000.4.100)
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Video Help (CHM) (x32 Version: 15.0.00018)
Nero Video Samples (x32 Version: 12.0.11500)
Nero Video Transitions 1 (x32 Version: 12.0.11500)
Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400)
nero.prerequisites.msi (x32 Version: 11.0.20010)
neroxml (x32 Version: 1.0.0)
Neuratron AudioScore Lite (x32 Version: 6.5.0)
Neuratron PhotoScore Lite (x32 Version: 6.0.0)
Nitro Pro 7 (Version: 7.5.0.29)
Norton Internet Security (x32 Version: 20.4.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
Norton Utilities 15 (x32 Version: 15.0)
Norton Zone (x32 Version: 1.0.15.13)
OCR Software by I.R.I.S. 14.5 (Version: 14.5)
opensource (x32 Version: 1.0.14960.3876)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
PC Wizard 2013.2.12 (x32)
PDF Complete Corporate Edition (x32 Version: 4.0.95)
Penguins! (x32 Version: 2.2.0.98)
Photo Gallery (x32 Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Power2Go (x32 Version: 6.1.6207)
PowerChute Personal Edition 3.0.2 (x32 Version: 3.0.2)
Prerequisite installer (x32 Version: 15.0.0005)
Process Lasso (x32 Version: 6.7.0.0)
Python 2.7 pywin32-218
Python 2.7.5 (64-bit) (Version: 2.7.5150)
Quicken 2012 (x32 Version: 21.1.7.18)
QuickTime (x32 Version: 7.74.80.86)
Ralink 802.11n Wireless LAN Card (x32 Version: 5.0.25.0)
Recovery Manager (x32 Version: 5.5.0.5119)
Remote Graphics Receiver (x32 Version: 5.4.5)
Roads of Rome 3 (x32 Version: 2.2.0.98)
RoboForm 7-9-2-5 (All Users) (x32 Version: 7-9-2-5)
Scan (x32 Version: 14.0.1.0)
Seagate Dashboard 2.0 (x32 Version: 2.2.29.0)
Seagate Drive Settings Installer (x32 Version: 1.00.0000)
Seagate Manager Installer (x32 Version: 2.01.0600)
SeaTools for Windows (x32)
Sibelius 6.2.0.88 (x32)
Sibelius Scorch (all browsers) (x32 Version: 6.2.0)
Sibelius Sounds Essentials for Sibelius 6 (x32 Version: 1.1.0)
SiteSearch Indexer 3.0.2 (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
SNV Demo (x32)
SNV4 (x32)
Software Updater (x32 Version: 4.1.7)
Spot (x32 Version: 1.0.0.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StorageCraft ImageManager (x32 Version: 6.0.1)
StorageCraft Recovery Environment Builder (x32 Version: 1.0.0.28744)
StorageCraft ShadowProtect (x32 Version: 5.0.4.27363)
StorageCraft ShadowStream (x32 Version: 1.0.0)
Suite Specific (x32 Version: 2.0.0)
System Explorer 4.2.2 (x32)
System Requirements Lab for Intel (x32 Version: 4.5.15.0)
Tales of Lagoona (x32 Version: 2.2.0.98)
Tap Tap Bear (x32 Version: 1.0.0.0)
TeamViewer 8 (x32 Version: 8.0.22298)
Toolkit Documentation (x32 Version: 8.59.25584)
Torchlight (x32 Version: 2.2.0.98)
TrueCrypt (x32 Version: 7.1a)
TSHostedAppLauncher (x32 Version: 5.1.15.0)
Unlocker 1.9.2 (Version: 1.9.2)
Update Installer for WildTangent Games App (x32)
VEDIT 6.2 (x32)
Virtual Account Numbers (x32 Version: 1.0.6.0)
Virtual Account Numbers (x32 Version: 4.0.0.2248)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
VLC media player 2.1.1 (x32 Version: 2.1.1)
WebReg (x32 Version: 140.0.297.017)
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0)
WIDCOMM Bluetooth Software (Version: 6.5.1.2700)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.20)
Windows Deployment Customizations (x32 Version: 8.59.25584)
Windows Deployment Tools (x32 Version: 8.59.25584)
Windows Installer Clean Up (x32 Version: 3.00.00.0000)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Windows PE x86 x64 (x32 Version: 8.59.25584)
Windows PE x86 x64 wims (x32 Version: 8.59.25584)
Windows System Image Manager on amd64 (x32 Version: 8.59.25584)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.10.3 (64-bit) (x32 Version: 1.10.3)
XXConsole: Super Console Generator  ver 0.96 (x32 Version: 0.96)
Youda Fisherman (x32 Version: 2.2.0.98)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

26-11-2013 08:36:36 Installed Acronis True Image
26-11-2013 08:40:39 Removed Acronis True Image HD
27-11-2013 07:47:13 HPSF Applying updates
27-11-2013 07:53:27 Installed Ralink Wireless LAN
27-11-2013 08:05:15 Windows Update
27-11-2013 08:29:08 IIF_MSI

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B321E6D-958F-4A16-828E-7CB554102F5D} - System32\Tasks\{08D97148-27B8-4117-A781-4840BF31B94A} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {129BB02A-E115-4854-9DCA-0F81C2C36CA1} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {182CDE8B-B9AF-4F9A-9D66-37C430ADA043} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2013-10-19] (Siber Systems)
Task: {1B812DE5-2D93-4BA3-93C7-7ADECDD8EF04} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000UA => C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {1B8EC4BB-F747-4E90-B0CA-DD3E27A6386C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {1BB9FC0C-E0E3-4CBA-A633-572B17FD5966} - System32\Tasks\HPCeeScheduleForhoward => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2BBE5D02-2FB1-44B2-ADD2-495CAD1E5359} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {372875A8-99A5-4A32-B2E9-B9C2826DD569} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {3B75DD77-782F-41BD-837D-A17A84466CE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43E84772-E458-482B-92BA-E7A4D4CAAFDE} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {48DAA36A-695F-449D-98A4-EA45570FFD08} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-11-11] (Microsoft Corporation)
Task: {53336A6E-A3AD-4F26-BC48-9268F01123D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {5D8B1C26-67E9-477E-B28A-C7F8A0AA7A7D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {71B4E941-7450-4409-9DF0-4C7835B9CC89} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {77AA80C0-8716-4ECA-9E58-CAA702E6E019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {895996BB-1978-46A5-9E80-B92581AC9E39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {8B000B9A-F07D-433E-B1F9-7127BA008A94} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {9F503984-AB7B-47BA-96CA-CD0A63E59ED6} - System32\Tasks\Seagate_Install_Launch => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)
Task: {B5A7C01D-0CE6-43FA-8A3A-88FAB40EC232} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {B5BE2A97-FC0B-48D9-95A6-82A11C070C40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000Core => C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {D005AA1B-9494-4C47-A9CC-5AB4D5694628} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D44596BE-B93B-490F-B6C6-5F71F050F68E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19] (Adobe Systems Incorporated)
Task: {E681B297-DA42-4CBC-B34A-F4E2E467DD2A} - System32\Tasks\Amazon Music Helper => C:\Users\howard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-07-21] ()
Task: {F30A7034-72F7-4E58-BF47-7AF2DC14D9C7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {FCDD1FE4-FF25-4992-B03E-7EF3A426CF80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000Core.job => C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1892172013-294500974-376536990-1000UA.job => C:\Users\howard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForhoward.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 06:42 - 2010-01-02 06:42 - 00098304 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-04-08 04:59 - 2012-04-08 04:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-03-12 14:01 - 2012-03-12 14:01 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-12 14:01 - 2012-03-12 14:01 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2010-07-14 20:44 - 2010-07-14 20:44 - 00020032 _____ () d:\Program Files\Unlocker\UnlockerCOM.dll
2012-09-05 15:54 - 2012-09-05 15:54 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2013-07-11 02:37 - 2011-02-28 07:39 - 00211456 _____ () d:\Program Files (x86)\IZArc\IZArcCM64.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00028791 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00057453 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00102515 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00053364 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00057455 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00032880 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00434255 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 01019904 _____ () D:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00098888 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2013-11-22 00:50 - 2013-11-14 14:59 - 00031304 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00029768 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2013-11-22 00:50 - 2008-11-25 17:18 - 01291264 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2013-11-22 00:50 - 2004-10-05 03:08 - 00055808 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00050248 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2013-11-22 00:50 - 2013-10-24 17:46 - 00106568 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00030280 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00293960 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00578632 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00468040 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00192072 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00068680 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00069192 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00022600 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00115784 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00192584 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00135752 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2013-11-22 00:50 - 2013-10-22 17:31 - 00037960 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00135240 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00249928 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2013-11-22 00:50 - 2013-09-04 11:19 - 00096840 _____ () d:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2013-08-07 11:25 - 2013-08-07 11:25 - 00093696 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-11 03:35 - 2012-05-29 22:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
1996-11-16 23:00 - 1996-11-16 23:00 - 00022016 _____ () C:\Windows\SysWow64\docobj.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\howard\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-20 21:08 - 2013-10-07 12:31 - 00039424 _____ () D:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
2013-11-30 15:45 - 2013-11-30 15:45 - 00098816 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32api.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00110080 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\pywintypes27.dll
2013-11-30 15:45 - 2013-11-30 15:45 - 00364544 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\pythoncom27.dll
2013-11-30 15:45 - 2013-11-30 15:45 - 00044032 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_socket.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 01153024 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_ssl.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00320512 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32com.shell.shell.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00711680 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_hashlib.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 01175040 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._core_.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00805888 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._gdi_.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00811008 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._windows_.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 01062400 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._controls_.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00735232 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._misc_.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00128512 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_elementtree.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00127488 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\pyexpat.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00557056 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\pysqlite2._sqlite.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00087040 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_ctypes.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00119808 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32file.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00108544 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32security.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00018432 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32event.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00038912 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32inet.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00122368 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._wizard.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00686080 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\unicodedata.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00026624 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00070656 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\wx._html2.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00010240 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\select.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00025600 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32pdh.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00504832 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\windows._cacheinvalidation.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00011264 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32crypt.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00035840 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32process.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00017408 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32profile.pyd
2013-11-30 15:45 - 2013-11-30 15:45 - 00022528 _____ () C:\Users\howard\AppData\Local\Temp\_MEI48162\win32ts.pyd
2012-01-25 17:33 - 2012-01-25 17:33 - 00614400 _____ () C:\Program Files (x86)\StorageCraft\ShadowStream\QtSql4.dll
2012-01-25 17:33 - 2012-01-25 17:33 - 02363392 _____ () C:\Program Files (x86)\StorageCraft\ShadowStream\QtCore4.dll
2012-01-25 17:33 - 2012-01-25 17:33 - 00884736 _____ () C:\Program Files (x86)\StorageCraft\ShadowStream\QtNetwork4.dll
2009-07-13 13:03 - 2009-07-13 17:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-11-30 15:46 - 2013-11-30 15:46 - 00098816 _____ () C:\Windows\TEMP\_MEI73722\win32api.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00110080 _____ () C:\Windows\TEMP\_MEI73722\pywintypes27.dll
2013-11-30 15:46 - 2013-11-30 15:46 - 00358912 _____ () C:\Windows\TEMP\_MEI73722\pythoncom27.dll
2013-11-30 15:46 - 2013-11-30 15:46 - 00042496 _____ () C:\Windows\TEMP\_MEI73722\win32service.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00027648 _____ () C:\Windows\TEMP\_MEI73722\servicemanager.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00018432 _____ () C:\Windows\TEMP\_MEI73722\win32event.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00040960 _____ () C:\Windows\TEMP\_MEI73722\_socket.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00721920 _____ () C:\Windows\TEMP\_MEI73722\_ssl.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00009728 _____ () C:\Windows\TEMP\_MEI73722\select.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00074240 _____ () C:\Windows\TEMP\_MEI73722\_ctypes.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00285184 _____ () C:\Windows\TEMP\_MEI73722\_hashlib.pyd
2013-11-30 15:46 - 2013-11-30 15:46 - 00103424 _____ () C:\Windows\TEMP\_MEI73722\pyexpat.pyd
2013-10-20 21:08 - 2013-10-07 12:31 - 00039424 _____ () d:\Program Files (x86)\Virtual Account Numbers\VANRes.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: WPD FileSystem Volume Driver
Description: WPD FileSystem Volume Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 231.234.254.169.in-addr.arpa. PTR Quad64.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.234.231:5353   16 231.234.254.169.in-addr.arpa. PTR Quad64-2.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 12.1.1.192.in-addr.arpa. PTR Quad64.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.1.1.12:5353   16 12.1.1.192.in-addr.arpa. PTR Quad64-2.local.

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


System errors:
=============
Error: (11/30/2013 03:46:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/30/2013 03:45:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:44:19 PM on ‎11/‎30/‎2013 was unexpected.

Error: (11/30/2013 03:42:22 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:38:24 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:34:26 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:30:28 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:26:30 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:15:56 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:11:46 PM) (Source: DCOM) (User: )
Description: 192.1.1.29

Error: (11/30/2013 03:01:12 PM) (Source: DCOM) (User: )
Description: 192.1.1.29


Microsoft Office Sessions:
=========================
Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 231.234.254.169.in-addr.arpa. PTR Quad64.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.234.231:5353   16 231.234.254.169.in-addr.arpa. PTR Quad64-2.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 12.1.1.192.in-addr.arpa. PTR Quad64.local.

Error: (11/30/2013 03:45:45 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.1.1.12:5353   16 12.1.1.192.in-addr.arpa. PTR Quad64-2.local.

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (11/30/2013 00:30:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 10197.41 MB
Available physical RAM: 7099.73 MB
Total Pagefile: 20393 MB
Available Pagefile: 17096.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:223.35 GB) (Free:141.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DDrive) (Fixed) (Total:117.19 GB) (Free:95.83 GB) NTFS
Drive e: (EDrive) (Fixed) (Total:292.97 GB) (Free:183.85 GB) NTFS
Drive f: (FDrive) (Fixed) (Total:97.66 GB) (Free:79.29 GB) NTFS
Drive g: (GDrive) (Fixed) (Total:292.97 GB) (Free:260.19 GB) NTFS
Drive h: (GoFlex DriveH) (Fixed) (Total:1863.01 GB) (Free:460.35 GB) NTFS
Drive i: (GoFlex DriveI) (Fixed) (Total:1863.01 GB) (Free:460.48 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:372.61 GB) (Free:184.11 GB) NTFS
Drive q: (CDrive-Original) (Fixed) (Total:116.48 GB) (Free:43.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive r: (Temp) (Fixed) (Total:1953.12 GB) (Free:1377.38 GB) NTFS
Drive s: (server-howardshome) (Network) (Total:410.93 GB) (Free:380.91 GB) NTFS
Drive t: (HP_RECOVERY) (Fixed) (Total:16.11 GB) (Free:1.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 224 GB) (Disk ID: 5295B881)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 250 GB) (Disk ID: D0EB4C9A)

Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7202 GB) (Disk ID: 1A4936BA)

Partition: GPT Partition Type
========================================================
Disk: 7 (Size: 373 GB) (Disk ID: ABB4BBB4)
Partition 1: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (Size: 1863 GB) (Disk ID: 5D83857D)
Partition 1: (Not Active) - (Size=-198626934272) - (Type=07 NTFS)

========================================================
Disk: 9 (Size: 1863 GB) (Disk ID: 8ABC87BA)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================



#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 02 December 2013 - 02:57 AM

When an antivirus program scans a file it is accessed on file system stage. If the infection routine is really triggered by that the program isn´t working right - otherwise it would have prevented the bot from being installed.

 

Finding this within your log

 

 

C:\Users\howard\Desktop\▶ Remove Ransomware with Farbar Recovery Scan Tool by Britec - YouTube.URL

 

I want to repeat: Don´t do any scans or fixes I didn´t recommend. If you aren´t doing what I´ve adviced, we can stop here right now as it makes no sense to get logs from a system that is changed immediately after the logs are created.

 

 

C:\Users\howard\en_res.dll
C:\Users\howard\es_res.dll
C:\Users\howard\fr_res.dll
C:\Users\howard\grm_res.dll
C:\Users\howard\it_res.dll
C:\Users\howard\jp_res.dll
C:\Users\howard\mfc80u.dll
C:\Users\howard\msvcr80.dll
C:\Users\howard\PCPE Setup.exe
C:\Users\howard\pt_res.dll
C:\Users\howard\ResourceReader.dll
C:\Users\howard\ru_res.dll
C:\Users\howard\zh_res.dll

These files are marked for deletion because now files should be saved to the root of your user profile directly.

 

Respawning files with random names are always a sign of malware that may be running.

Please upload

 

 

C:\ProgramData\giiynunu.mau
C:\ProgramData\zmlomobd.kxh
C:\Windows\System32\url.dll

 

here: http://www.bleepingc...php?channel=156


Proud Member of UNITE & TB
 

#15 hspindel

hspindel

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 02 December 2013 - 03:28 AM

Thank you for the response.

 

The line you noticed:

C:\Users\howard\Desktop\▶ Remove Ransomware with Farbar Recovery Scan Tool by Britec - YouTube.URL

 

means only that I watched a YouTube video about FRST and copied a link to the video to my desktop.  Doesn't mean anything about scanning my system.  I performed only the scans you suggested.

 

I will upload the three files you asked for.

 

It does not appear to me that the files you said are marked for deletion are actually marked for deletion (or at least, whatever is supposed to be deleting files marked for deletion is not deleting these).  They date from 7/21/2013, and have survived dozens of reboots.

 

The two files that are respawned don't have random names - they always have the same name.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users