Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IDMcache.exe error? [Solved]


  • This topic is locked This topic is locked

#16
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=def35069f02a994c957a0040747b98e9
# engine=16652
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-15 01:59:53
# local_time=2014-01-15 01:59:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 90 585308 152347778 0 0
# compatibility_mode=5893 16776574 100 94 5724429 12610682 0 0
# scanned=337540
# found=6
# cleaned=0
# scan_time=16197
sh=DBBD7D2174C8D2C796AD3C916749EE88A5F3EDBE ft=1 fh=c40e13c23c391efa vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files\JDAST\DataSendAdmin.exe"
sh=BECEDE738D0FA9E9A144B1B0EB0FBA6820E86A3A ft=1 fh=22ed941cbe5e9352 vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files\JDAST\RequestHelp.exe"
sh=726D452843596D84DD37905C6961C04E27A0D2DE ft=1 fh=0e61106c5c1b7d36 vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files\JDAST\Upload_child.exe"
sh=34FB1193679A5E1E4C74C5E0954E89FA58C30104 ft=1 fh=2d6e59a465644940 vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=99B7227A5AA4CBE43507266FC2309D52398175A2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\29a7a2.msi"
sh=B0885C5CD28325EB2BFF6A3AD058264F20959377 ft=1 fh=3b4dca405f53da8e vn="Win32/HackKMS.B application" ac=I fn="C:\Windows\kmsem\Shadow.KMS"
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello battison10,

I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#18
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Hi, many thanks for your help but I am still getting the same error message everytime I start windows!! Any ideas?!!

Edited by battison10, 16 January 2014 - 12:47 AM.

  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

but I am still getting the same error message everytime I start windows!! Any ideas?!!


So at post #14 you said:

"Just found out how to test it and yes it is working fine :)"

Are you saying things have reverted since then?

If so, we will run some more scans.

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
Also

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
And finally

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]So when you return please post

  • MGA diagnostic report
  • FRST.txt
  • Addition.txt
  • FSS.txt

  • 0

#20
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
With regards to post #14 at first i did not know how to test if the flash player was working correctly but after looking on the internet i managed to work it out!!

I will run the scans now and report back as soon as they are completed :)
  • 0

#21
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Ok this is strange - have just run the MGAdiag from the link you gave me and it is giving different information from the link that the Microsoft tech person gave me!! Very confused now.

From your link :-

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation unsupported OS
Validation Code: 6
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-DTHWX-RHBCM-PRYRQ
Windows Product Key Hash: docFsJ6gaCcFxVYEV8M4tWslXMQ=
Windows Product ID: 00181-00007-04454-AB569
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 6.3.9600.2.00010100.0.0.103
ID: {66D00923-3EC9-41E6-B004-6A1ED7991447}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 8.1 Pro with Media Center
Architecture: 0x00000000
Build lab: 9600.winblue_gdr.131030-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics:

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\licdll.dll[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80070002]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66D00923-3EC9-41E6-B004-6A1ED7991447}</UGUID><Version>1.9.0027.0</Version><OS>6.3.9600.2.00010100.0.0.103</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PRYRQ</PKey><PID>00181-00007-04454-AB569</PID><PIDType>0</PIDType><SID>S-1-5-21-1423471140-3236196863-1363927929</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0706 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100409000000.000000+000</Date></BIOS><HWID>3EEA3B07018400F6</HWID><UserLCID>0809</UserLCID><SystemLCID>0809</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="00" Version="10" Result="8904028"/><App Id="01" Version="10" Result="2000263750"/><App Id="02" Version="10" Result="72"/><App Id="04" Version="10" Result="8904736"/><App Id="06" Version="10" Result="34078782"/><App Id="07" Version="10" Result="260"/><App Id="08" Version="10" Result="11385152"/><App Id="09" Version="10" Result="2"/><App Id="0A" Version="10" Result="10"/><App Id="0B" Version="10" Result="31"/><App Id="0D" Version="10" Result="80"/><App Id="0E" Version="10" Result="3"/><App Id="0F" Version="10" Result="31"/><App Id="10" Version="10" Result="62"/><App Id="13" Version="10" Result="20850579"/><App Id="15" Version="10" Result="62"/><App Id="16" Version="10" Result="34078782"/><App Id="17" Version="10" Result="8904128"/><App Id="18" Version="10" Result="1"/><App Id="19" Version="10" Result="8904076"/><App Id="1A" Version="10" Result="2000303059"/><App Id="1B" Version="10" Result="-516220188"/><App Id="1D" Version="10" Result="-516220212"/><App Id="1E" Version="10" Result="8909016"/><App Id="1F" Version="10" Result="2000572419"/><App Id="20" Version="10" Result="-1762116500"/><App Id="21" Version="10" Result="8904736"/><App Id="22" Version="10" Result="62"/><App Id="23" Version="10" Result="8904656"/><App Id="24" Version="10" Result="2000278982"/><App Id="25" Version="10" Result="11385160"/><App Id="26" Version="10" Result="8904128"/><App Id="27" Version="10" Result="62"/><App Id="29" Version="10" Result="11346672"/><App Id="2A" Version="10" Result="2000279105"/><App Id="2B" Version="10" Result="-479526033"/><App Id="2C" Version="10" Result="8904128"/><App Id="2D" Version="10" Result="2000101328"/><App Id="2E" Version="10" Result="122492"/><App Id="30" Version="10" Result="34078782"/><App Id="31" Version="10" Result="8904128"/><App Id="32" Version="10" Result="8847422"/><App Id="33" Version="10" Result="8"/><App Id="35" Version="10" Result="11385160"/><App Id="36" Version="10" Result="1963722413"/><App Id="38" Version="10" Result="8904752"/><App Id="39" Version="10" Result="8904776"/><App Id="3A" Version="10" Result="2"/><App Id="3C" Version="10" Result="3801155"/><App Id="3D" Version="10" Result="5701724"/><App Id="3E" Version="10" Result="5111881"/><App Id="3F" Version="10" Result="5177412"/><App Id="40" Version="10" Result="5439575"/><App Id="41" Version="10" Result="7536732"/><App Id="42" Version="10" Result="7536761"/><App Id="43" Version="10" Result="6619252"/><App Id="44" Version="10" Result="3342445"/><App Id="45" Version="10" Result="6029362"/><App Id="46" Version="10" Result="4653143"/><App Id="47" Version="10" Result="5505089"/><App Id="48" Version="10" Result="7536741"/><App Id="49" Version="10" Result="3014772"/><App Id="4A" Version="10" Result="6357091"/><App Id="4B" Version="10" Result="98"/><App Id="B7" Version="10" Result="8904700"/><App Id="B8" Version="10" Result="11383696"/><App Id="B9" Version="10" Result="2000258695"/><App Id="BA" Version="10" Result="2000544420"/><App Id="BB" Version="10" Result="-1073741809"/><App Id="BC" Version="10" Result="8847360"/><App Id="BE" Version="10" Result="8519680"/><App Id="BF" Version="10" Result="11383696"/><App Id="C0" Version="10" Result="-516220864"/><App Id="C1" Version="10" Result="2000544420"/><App Id="C2" Version="10" Result="-1073741809"/><App Id="C3" Version="10" Result="8847360"/><App Id="C4" Version="10" Result="75"/><App Id="C5" Version="10" Result="8904656"/><App Id="C7" Version="10" Result="8909016"/><App Id="C8" Version="10" Result="2000572419"/><App Id="C9" Version="10" Result="-1762016508"/><App Id="CA" Version="10" Result="-2"/><App Id="CB" Version="10" Result="8905448"/><App Id="CC" Version="10" Result="1963709899"/><App Id="CD" Version="10" Result="2"/><App Id="CE" Version="10" Result="-1073741809"/><App Id="CF" Version="10" Result="1963744713"/><App Id="D2" Version="10" Result="1963744733"/><App Id="D3" Version="10" Result="8904768"/><App Id="D4" Version="10" Result="3145776"/><App Id="D5" Version="10" Result="11385152"/><App Id="D6" Version="10" Result="556"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="11385200"/><App Id="D9" Version="10" Result="11385152"/><App Id="DB" Version="10" Result="8905520"/><App Id="DC" Version="10" Result="8904796"/><App Id="DD" Version="10" Result="2000562011"/><App Id="DE" Version="10" Result="8904860"/><App Id="DF" Version="10" Result="8913148"/><App Id="E0" Version="10" Result="9"/><App Id="E1" Version="10" Result="8912896"/><App Id="E2" Version="10" Result="1"/><App Id="E3" Version="10" Result="8904884"/><App Id="E4" Version="10" Result="2000303059"/><App Id="E5" Version="10" Result="8904860"/><App Id="E6" Version="10" Result="2"/><App Id="E7" Version="10" Result="8913148"/><App Id="E8" Version="10" Result="16"/><App Id="E9" Version="10" Result="2000413994"/><App Id="EA" Version="10" Result="1204"/><App Id="EC" Version="10" Result="2000303465"/><App Id="ED" Version="10" Result="8920048"/><App Id="EE" Version="10" Result="8920008"/><App Id="EF" Version="10" Result="4"/><App Id="F0" Version="10" Result="2"/><App Id="F1" Version="10" Result="1995900929"/><App Id="F2" Version="10" Result="236"/><App Id="F3" Version="10" Result="2"/><App Id="F4" Version="10" Result="8905136"/><App Id="F5" Version="10" Result="1204"/><App Id="F6" Version="10" Result="-194488364"/><App Id="F7" Version="10" Result="4"/><App Id="F8" Version="10" Result="16900304"/><App Id="F9" Version="10" Result="8904928"/><App Id="FA" Version="10" Result="2000302650"/><App Id="FB" Version="10" Result="2"/><App Id="FC" Version="10" Result="8904964"/><App Id="FD" Version="10" Result="2"/><App Id="FE" Version="10" Result="1204"/><App Id="00" Version="11" Result="8918860"/><App Id="01" Version="11" Result="8904964"/><App Id="02" Version="11" Result="2132402176"/><App Id="03" Version="11" Result="2132406272"/><App Id="04" Version="11" Result="8905012"/><App Id="05" Version="11" Result="2000302307"/><App Id="06" Version="11" Result="8904960"/><App Id="07" Version="11" Result="8904972"/><App Id="08" Version="11" Result="8905340"/><App Id="09" Version="11" Result="8905240"/><App Id="0A" Version="11" Result="8905280"/><App Id="0C" Version="11" Result="1204"/><App Id="0D" Version="11" Result="8918860"/><App Id="10" Version="11" Result="-194488364"/><App Id="11" Version="11" Result="1"/><App Id="12" Version="11" Result="24"/><App Id="13" Version="11" Result="3"/><App Id="15" Version="11" Result="2"/><App Id="16" Version="11" Result="3"/><App Id="17" Version="11" Result="2"/><App Id="19" Version="11" Result="8905204"/><App Id="1A" Version="11" Result="2000300173"/><App Id="1B" Version="11" Result="3"/><App Id="1D" Version="11" Result="2"/><App Id="1E" Version="11" Result="8905136"/><App Id="1F" Version="11" Result="8905056"/><App Id="20" Version="11" Result="8905708"/><App Id="22" Version="11" Result="2000300266"/><App Id="24" Version="11" Result="64"/><App Id="30" Version="11" Result="8905716"/><App Id="34" Version="11" Result="8905280"/><App Id="35" Version="11" Result="1"/><App Id="37" Version="11" Result="1995726224"/><App Id="38" Version="11" Result="1310738"/><App Id="39" Version="11" Result="11297536"/><App Id="3A" Version="11" Resu

Spsys.log Content: 0x80070002

Licensing Data-->
N/A, hr = 0x80070424

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAeqh6jU51IhWSAC4dAMcQAt5ZHm1iPXF6Ds8C0A==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
FACP 040910 FACP2050
SRAT AMD FAM_F_10
APIC 040910 APIC2050
HPET 040910 OEMHPET0
MCFG 040910 OEMMCFG
OEMB 040910 OEMB2050
SSDT A M I POWERNOW


And from the Microsoft tech teams link :-

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine (WGA unsupported OS)
Validation Code: 6

Cached Validation Code: 0x0
Windows Product Key: *****-*****-DTHWX-RHBCM-PRYRQ
Windows Product Key Hash: docFsJ6gaCcFxVYEV8M4tWslXMQ=
Windows Product ID: 00181-00007-04454-AB569
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 6.3.9600.2.00010100.0.0.103
ID: {66D00923-3EC9-41E6-B004-6A1ED7991447}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 8.1 Pro with Media Center
Architecture: 0x00000000
Build lab: 9600.winblue_gdr.131030-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics:

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\licdll.dll[hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.bin[hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.dat[hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.sig[hr = 0x80070002]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66D00923-3EC9-41E6-B004-6A1ED7991447}</UGUID><Version>1.9.0019.0</Version><OS>6.3.9600.2.00010100.0.0.103</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PRYRQ</PKey><PID>00181-00007-04454-AB569</PID><PIDType>0</PIDType><SID>S-1-5-21-1423471140-3236196863-1363927929</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0706 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100409000000.000000+000</Date></BIOS><HWID>3EEA3B07018400F6</HWID><UserLCID>0809</UserLCID><SystemLCID>0809</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="00" Version="10" Result="16439516"/><App Id="01" Version="10" Result="2000263750"/><App Id="02" Version="10" Result="72"/><App Id="04" Version="10" Result="16440224"/><App Id="06" Version="10" Result="34078782"/><App Id="07" Version="10" Result="260"/><App Id="08" Version="10" Result="22641664"/><App Id="09" Version="10" Result="2"/><App Id="0A" Version="10" Result="10"/><App Id="0B" Version="10" Result="31"/><App Id="0D" Version="10" Result="80"/><App Id="0E" Version="10" Result="3"/><App Id="0F" Version="10" Result="31"/><App Id="10" Version="10" Result="62"/><App Id="13" Version="10" Result="20850579"/><App Id="15" Version="10" Result="62"/><App Id="16" Version="10" Result="34078782"/><App Id="17" Version="10" Result="16439616"/><App Id="18" Version="10" Result="1"/><App Id="19" Version="10" Result="16439564"/><App Id="1A" Version="10" Result="2000303059"/><App Id="1B" Version="10" Result="1477753911"/><App Id="1D" Version="10" Result="1477753887"/><App Id="1E" Version="10" Result="16444504"/><App Id="1F" Version="10" Result="2000572419"/><App Id="20" Version="10" Result="799711039"/><App Id="21" Version="10" Result="16440224"/><App Id="22" Version="10" Result="62"/><App Id="23" Version="10" Result="16440144"/><App Id="24" Version="10" Result="2000278982"/><App Id="25" Version="10" Result="22641672"/><App Id="26" Version="10" Result="16439616"/><App Id="27" Version="10" Result="62"/><App Id="29" Version="10" Result="22661936"/><App Id="2A" Version="10" Result="2000279105"/><App Id="2B" Version="10" Result="1514461645"/><App Id="2C" Version="10" Result="16439616"/><App Id="2D" Version="10" Result="2000101328"/><App Id="2E" Version="10" Result="121340"/><App Id="30" Version="10" Result="34078782"/><App Id="31" Version="10" Result="16439616"/><App Id="32" Version="10" Result="16384062"/><App Id="33" Version="10" Result="8"/><App Id="35" Version="10" Result="22641672"/><App Id="36" Version="10" Result="1963722413"/><App Id="38" Version="10" Result="16440240"/><App Id="39" Version="10" Result="16440264"/><App Id="3A" Version="10" Result="2"/><App Id="3C" Version="10" Result="3801155"/><App Id="3D" Version="10" Result="5701724"/><App Id="3E" Version="10" Result="5111881"/><App Id="3F" Version="10" Result="5177412"/><App Id="40" Version="10" Result="5439575"/><App Id="41" Version="10" Result="7536732"/><App Id="42" Version="10" Result="7536761"/><App Id="43" Version="10" Result="6619252"/><App Id="44" Version="10" Result="3342445"/><App Id="45" Version="10" Result="6029362"/><App Id="46" Version="10" Result="4653143"/><App Id="47" Version="10" Result="5505089"/><App Id="48" Version="10" Result="7536741"/><App Id="49" Version="10" Result="3014772"/><App Id="4A" Version="10" Result="6357091"/><App Id="4B" Version="10" Result="98"/><App Id="B7" Version="10" Result="16440188"/><App Id="B8" Version="10" Result="22658344"/><App Id="B9" Version="10" Result="2000258695"/><App Id="BA" Version="10" Result="2000544420"/><App Id="BB" Version="10" Result="-1073741809"/><App Id="BC" Version="10" Result="16384000"/><App Id="BE" Version="10" Result="16056320"/><App Id="BF" Version="10" Result="22658344"/><App Id="C0" Version="10" Result="1477754771"/><App Id="C1" Version="10" Result="2000544420"/><App Id="C2" Version="10" Result="-1073741809"/><App Id="C3" Version="10" Result="16384000"/><App Id="C4" Version="10" Result="75"/><App Id="C5" Version="10" Result="16440144"/><App Id="C7" Version="10" Result="16444504"/><App Id="C8" Version="10" Result="2000572419"/><App Id="C9" Version="10" Result="799760471"/><App Id="CA" Version="10" Result="-2"/><App Id="CB" Version="10" Result="16440936"/><App Id="CC" Version="10" Result="1963709899"/><App Id="CD" Version="10" Result="2"/><App Id="CE" Version="10" Result="-1073741809"/><App Id="CF" Version="10" Result="1963744713"/><App Id="D2" Version="10" Result="1963744733"/><App Id="D3" Version="10" Result="16440256"/><App Id="D4" Version="10" Result="3145776"/><App Id="D5" Version="10" Result="22641664"/><App Id="D6" Version="10" Result="556"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="22641712"/><App Id="D9" Version="10" Result="22641664"/><App Id="DB" Version="10" Result="16441008"/><App Id="DC" Version="10" Result="16440284"/><App Id="DD" Version="10" Result="2000562011"/><App Id="DE" Version="10" Result="16440348"/><App Id="DF" Version="10" Result="16449788"/><App Id="E0" Version="10" Result="9"/><App Id="E1" Version="10" Result="16449536"/><App Id="E2" Version="10" Result="1"/><App Id="E3" Version="10" Result="16440372"/><App Id="E4" Version="10" Result="2000303059"/><App Id="E5" Version="10" Result="16440348"/><App Id="E6" Version="10" Result="2"/><App Id="E7" Version="10" Result="16449788"/><App Id="E8" Version="10" Result="16"/><App Id="E9" Version="10" Result="2000413994"/><App Id="EA" Version="10" Result="1204"/><App Id="EC" Version="10" Result="2000303465"/><App Id="ED" Version="10" Result="16456688"/><App Id="EE" Version="10" Result="16456648"/><App Id="EF" Version="10" Result="4"/><App Id="F0" Version="10" Result="2"/><App Id="F1" Version="10" Result="1995900929"/><App Id="F2" Version="10" Result="236"/><App Id="F3" Version="10" Result="2"/><App Id="F4" Version="10" Result="16440624"/><App Id="F5" Version="10" Result="1204"/><App Id="F6" Version="10" Result="-194488364"/><App Id="F7" Version="10" Result="4"/><App Id="F8" Version="10" Result="16899152"/><App Id="F9" Version="10" Result="16440416"/><App Id="FA" Version="10" Result="2000302650"/><App Id="FB" Version="10" Result="2"/><App Id="FC" Version="10" Result="16440452"/><App Id="FD" Version="10" Result="2"/><App Id="FE" Version="10" Result="1204"/><App Id="00" Version="11" Result="16455500"/><App Id="01" Version="11" Result="16440452"/><App Id="02" Version="11" Result="2133647360"/><App Id="03" Version="11" Result="2133651456"/><App Id="04" Version="11" Result="16440500"/><App Id="05" Version="11" Result="2000302307"/><App Id="06" Version="11" Result="16440448"/><App Id="07" Version="11" Result="16440460"/><App Id="08" Version="11" Result="16440828"/><App Id="09" Version="11" Result="16440728"/><App Id="0A" Version="11" Result="16440768"/><App Id="0C" Version="11" Result="1204"/><App Id="0D" Version="11" Result="16455500"/><App Id="10" Version="11" Result="-194488364"/><App Id="11" Version="11" Result="1"/><App Id="12" Version="11" Result="24"/><App Id="13" Version="11" Result="3"/><App Id="15" Version="11" Result="2"/><App Id="16" Version="11" Result="3"/><App Id="17" Version="11" Result="2"/><App Id="19" Version="11" Result="16440692"/><App Id="1A" Version="11" Result="2000300173"/><App Id="1B" Version="11" Result="3"/><App Id="1D" Version="11" Result="2"/><App Id="1E" Version="11" Result="16440624"/><App Id="1F" Version="11" Result="16440544"/><App Id="20" Version="11" Result="16441196"/><App Id="22" Version="11" Result="2000300266"/><App Id="24" Version="11" Result="64"/><App Id="30" Version="11" Result="16441204"/><App Id="34" Version="11" Result="16440768"/><App Id="35" Version="11" Result="1"/><App Id="37" Version="11" Result="1995726224"/><App Id="38" Version="11" Result="1310738"/><App Id="39" Version="11" Resu

Spsys.log Content: 0x80070002

Licensing Data-->
N/A, hr = 0x80070424

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAgADAAAAAQABAAEAeqh6jU51IhWSAC4dAMcQAt5ZHm1iPXF6Ds8C0A==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
FACP 040910 FACP2050
SRAT AMD FAM_F_10
APIC 040910 APIC2050
HPET 040910 OEMHPET0
MCFG 040910 OEMMCFG
OEMB 040910 OEMB2050
SSDT A M I POWERNOW
  • 0

#22
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
I see that the link to the version that Microsoft gave me is an older version to the one you sent me!!
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I see that the link to the version that Microsoft gave me is an older version to the one you sent me!!


Let's see the FRST scans and the FSS one.
  • 0

#24
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2014 02
Ran by Scott (administrator) on SCOTT-PC on 16-01-2014 20:45:29
Running from C:\Users\Scott\Desktop
Microsoft Windows 8.1 Pro with Media Center (X86) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version
Any other download link is unpermitted or outdated.
The tutorial for FRST can be find here: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
() C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(ZF Electronics GmbH) C:\Program Files\Cherry\KeyMan\KeyMan.exe
(ZF Electronics GmbH) C:\Program Files\Cherry\CDI\cdi.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Dropbox, Inc.) C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft AutoRoute 2013\AutoRout.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Foolish IT LLC) C:\Program Files\Foolish IT\CryptoPrevent\CryptoPrevent.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PMBVolumeWatcher] - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CherryKeyMan] - C:\Program Files\Cherry\KeyMan\KeyMan.exe [254004 2010-09-28] (ZF Electronics GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\inst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\hitmanpro.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\hitmanpro.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\hitmanpro.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\inst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\inst.exe <====== ATTENTION
HKCU\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-06] (Google Inc.)
HKCU\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKCU\...\Run: [EPSON575477 (Epson Stylus SX620FW)] - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Epson Stylus SX620FW(Network)] - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [FreeRAM XP] - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [1591808 2006-03-22] (YourWare Solutions ™)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [MyDriveConnect.exe] - C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKCU\...\Run: [Adobe] - C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\BrowserCache\IDMcache.bat [313 2013-07-25] ()
HKU\DefaultAppPool.IIS APPPOOL.067\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2013-08-22] (Microsoft Corporation)
HKU\LogMeInRemoteUser.Scott-PC.000\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\LogMeInRemoteUser.Scott-PC.000\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\Mcx1-SCOTT-PC\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [ 2009-11-04] (SlySoft, Inc.)
HKU\Mcx1-SCOTT-PC\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-07-06] (Google Inc.)
HKU\Mcx1-SCOTT-PC\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00CD75871EB1CD01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\0rdtqlta.default
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\0rdtqlta.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Star Stable Online - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\0rdtqlta.default\Extensions\[email protected] [2013-02-21]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Photo Uploader) - C:\Users\Scott\AppData\Local\Facebook\PhotoUploader\1.0.0.2003\npFacebookPhotoUploader.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Scott\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-11]
CHR Extension: (WGT Golf Challenge) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0 [2012-12-02]
CHR Extension: (iCloud Bookmarks) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0 [2013-12-10]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.4.2_0 [2013-12-16]
CHR Extension: (IDM Integration Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.8_0 [2014-01-09]
CHR Extension: (Into The Mist) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0 [2012-11-20]
CHR Extension: (Norton Identity Protection) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0 [2013-12-10]
CHR Extension: (Range Rover Evoque | SUV | Land Rover UK) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbihhjgpobhhbidhlfkclkjllkgoicbj\2012.7.6.45832_0 [2012-07-06]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-08]
CHR Extension: (My Chrome Theme) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0 [2013-02-01]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-10]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [2013-12-10]
CHR StartMenuInternet: Google Chrome - C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
R3 Cherry Device Interface; C:\Program Files\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S4 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2013-10-18] (Microsoft Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [186760 2013-01-30] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-07-12] (VIA Technologies, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [66560 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-10-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [104512 2009-11-04] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW83.sys [86624 2013-04-23] (Advanced Micro Devices)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-07] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25768 2009-09-26] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140115.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-01-11] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [131072 2013-10-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] ()
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140115.001\NAVENG.SYS [93272 2014-01-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140115.001\NAVEX15.SYS [1612376 2014-01-07] (Symantec Corporation)
R3 pepifilter; C:\Windows\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-21] ()
R1 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NIS\1501000.012\SYMELAM.SYS [21520 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-11-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NIS\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation)
R3 VIAHdAudAddService; C:\Windows\system32\drivers\viahduaa.sys [1810032 2011-07-12] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U3 idsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-16 20:45 - 2014-01-16 20:46 - 00040899 _____ C:\Users\Scott\Desktop\FRST.txt
2014-01-16 20:45 - 2014-01-16 20:45 - 00000000 ____D C:\FRST
2014-01-16 20:44 - 2014-01-14 20:36 - 01220608 _____ (Farbar) C:\Users\Scott\Desktop\FRST.exe
2014-01-16 20:40 - 2014-01-16 20:40 - 02031992 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MGADiag (1).exe
2014-01-16 20:39 - 2014-01-16 20:39 - 02031992 _____ (Microsoft Corporation) C:\Users\Scott\Desktop\MGADiag (1).exe
2014-01-16 20:34 - 2014-01-16 20:34 - 00053248 _____ C:\WINDOWS\system32\zlib.dll
2014-01-16 20:33 - 2014-01-16 20:33 - 00001190 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2014-01-16 20:33 - 2014-01-16 20:33 - 00000000 ____D C:\Program Files\Foolish IT
2014-01-16 20:32 - 2014-01-16 20:32 - 00809976 _____ (Foolish IT LLC ) C:\Users\Scott\Downloads\CryptoPreventSetup.exe
2014-01-16 15:16 - 2014-01-16 15:16 - 00000880 _____ C:\Users\Scott\AppData\Local\recently-used.xbel
2014-01-16 15:16 - 2014-01-16 15:16 - 00000000 ____D C:\Users\Scott\AppData\Local\gtk-2.0
2014-01-16 15:16 - 2014-01-16 15:16 - 00000000 ____D C:\Users\Scott\.thumbnails
2014-01-16 15:13 - 2014-01-16 15:20 - 00000000 ____D C:\Users\Scott\.gimp-2.8
2014-01-16 15:13 - 2014-01-16 15:13 - 00001470 _____ C:\Users\Scott\Desktop\gimp-2.8.exe - Shortcut.lnk
2014-01-16 15:13 - 2014-01-16 15:13 - 00000000 ____D C:\Users\Scott\AppData\Local\gegl-0.2
2014-01-16 15:10 - 2014-01-16 15:11 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-16 15:07 - 2014-01-16 15:08 - 90396104 ____R (The GIMP Team ) C:\Users\Scott\Downloads\gimp-2.8.10-setup.exe
2014-01-16 15:06 - 2014-01-16 15:06 - 00007405 _____ C:\Users\Scott\Downloads\gimp-2.8.10-setup.exe.torrent
2014-01-16 14:53 - 2014-01-16 14:53 - 00791552 _____ (AMD) C:\Users\Scott\Downloads\amddriverdownloader.exe
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2014-01-16 14:35 - 2014-01-16 14:35 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-16 14:32 - 2013-12-11 07:36 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-16 14:32 - 2013-12-09 00:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-16 14:32 - 2013-11-27 14:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-16 14:32 - 2013-11-27 13:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-16 14:32 - 2013-11-27 11:03 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-16 14:32 - 2013-11-27 10:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-16 14:32 - 2013-11-27 09:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-16 14:32 - 2013-11-27 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-16 14:32 - 2013-11-27 09:01 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-16 14:32 - 2013-11-27 08:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-16 14:32 - 2013-11-27 08:47 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-16 14:32 - 2013-11-27 08:23 - 03423744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-16 14:32 - 2013-11-27 04:01 - 00385614 _____ C:\WINDOWS\system32\ApnDatabase.xml
2014-01-16 14:32 - 2013-11-26 11:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-16 14:32 - 2013-11-26 11:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-16 14:32 - 2013-11-26 11:44 - 01213232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-16 14:32 - 2013-11-26 11:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-16 14:32 - 2013-11-26 11:44 - 01155384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-16 14:32 - 2013-11-26 09:16 - 03489792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-16 14:32 - 2013-11-26 08:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-16 14:32 - 2013-11-25 00:47 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-16 14:32 - 2013-11-25 00:32 - 00871256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-16 14:32 - 2013-11-24 23:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-16 14:32 - 2013-11-23 08:28 - 00030552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-16 14:32 - 2013-11-23 08:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-16 14:32 - 2013-11-23 06:14 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-16 14:32 - 2013-11-23 06:14 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-16 14:32 - 2013-11-23 06:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-16 14:32 - 2013-11-23 04:23 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-16 14:32 - 2013-11-23 03:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-16 14:32 - 2013-11-23 03:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-16 14:32 - 2013-11-23 03:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-16 14:32 - 2013-11-21 06:10 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-16 14:32 - 2013-11-21 05:44 - 01088512 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-16 14:32 - 2013-11-15 18:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-16 14:32 - 2013-11-15 14:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-16 14:32 - 2013-11-15 13:46 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-16 14:32 - 2013-11-15 13:20 - 00622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-16 14:32 - 2013-11-05 18:50 - 01888088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-16 14:32 - 2013-10-30 23:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-16 07:18 - 2014-01-16 07:18 - 00000000 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-16 06:26 - 2013-12-08 23:43 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-16 06:26 - 2013-11-27 14:09 - 02872688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-16 06:26 - 2013-11-27 10:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-16 06:26 - 2013-11-27 09:54 - 00103936 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-16 06:26 - 2013-11-27 08:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 06:26 - 2013-11-27 08:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-16 06:26 - 2013-11-27 08:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-14 20:43 - 2014-01-14 20:43 - 00089525 _____ C:\Users\Scott\Downloads\dir.dcr
2014-01-14 20:37 - 2014-01-14 20:37 - 00000000 ____D C:\Users\Scott\Desktop\FRST-OlderVersion
2014-01-14 20:36 - 2014-01-14 20:36 - 01220608 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-01-14 20:35 - 2014-01-14 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
2014-01-14 07:31 - 2014-01-14 07:31 - 01607032 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MGADiag.exe
2014-01-13 20:45 - 2014-01-13 20:45 - 01528184 _____ (Microsoft Corporation) C:\Users\Scott\Desktop\GenuineCheck.exe
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2014-01-13 20:27 - 2014-01-13 20:27 - 00000133 _____ C:\Users\Scott\Downloads\fixlist.txt
2014-01-13 06:44 - 2014-01-13 07:08 - 00014848 _____ C:\Users\Scott\Documents\13.01.14.axe
2014-01-11 19:48 - 2014-01-11 19:49 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-09 18:22 - 2014-01-14 20:41 - 00000000 ____D C:\Users\Scott\AppData\Local\Adobe
2014-01-08 15:30 - 2014-01-08 16:35 - 00048128 _____ C:\Users\Scott\Documents\09.01.14.axe
2014-01-07 23:30 - 2014-01-16 15:27 - 00000000 ____D C:\Users\Scott\Desktop\Melia Sharm - Egypt 2013-14
2013-12-21 22:56 - 2013-12-21 22:56 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2013-12-21 21:32 - 2013-12-21 21:34 - 00000000 ____D C:\ProgramData\HitmanPro

==================== One Month Modified Files and Folders =======

2014-01-16 20:46 - 2014-01-16 20:45 - 00040899 _____ C:\Users\Scott\Desktop\FRST.txt
2014-01-16 20:45 - 2014-01-16 20:45 - 00000000 ____D C:\FRST
2014-01-16 20:45 - 2013-10-18 17:41 - 01387606 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-16 20:40 - 2014-01-16 20:40 - 02031992 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MGADiag (1).exe
2014-01-16 20:39 - 2014-01-16 20:39 - 02031992 _____ (Microsoft Corporation) C:\Users\Scott\Desktop\MGADiag (1).exe
2014-01-16 20:34 - 2014-01-16 20:34 - 00053248 _____ C:\WINDOWS\system32\zlib.dll
2014-01-16 20:34 - 2013-10-18 18:31 - 00000362 __RSH C:\ProgramData\ntuser.pol
2014-01-16 20:33 - 2014-01-16 20:33 - 00001190 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2014-01-16 20:33 - 2014-01-16 20:33 - 00000000 ____D C:\Program Files\Foolish IT
2014-01-16 20:32 - 2014-01-16 20:32 - 00809976 _____ (Foolish IT LLC ) C:\Users\Scott\Downloads\CryptoPreventSetup.exe
2014-01-16 20:29 - 2013-09-30 04:06 - 00976620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-16 20:25 - 2011-06-16 21:22 - 00000000 ___RD C:\Users\Scott\Desktop\Dropbox
2014-01-16 20:25 - 2011-06-16 21:11 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Dropbox
2014-01-16 20:25 - 2010-12-27 08:58 - 00000000 ____D C:\Users\Scott\AppData\Local\CrashDumps
2014-01-16 20:24 - 2013-11-17 11:35 - 00000000 __RDO C:\Users\Scott\SkyDrive
2014-01-16 20:24 - 2013-08-22 07:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-16 20:24 - 2013-04-30 21:32 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 20:24 - 2013-01-09 16:18 - 00913034 _____ C:\WINDOWS\system32\oodbs.lor
2014-01-16 15:27 - 2014-01-07 23:30 - 00000000 ____D C:\Users\Scott\Desktop\Melia Sharm - Egypt 2013-14
2014-01-16 15:20 - 2014-01-16 15:13 - 00000000 ____D C:\Users\Scott\.gimp-2.8
2014-01-16 15:16 - 2014-01-16 15:16 - 00000880 _____ C:\Users\Scott\AppData\Local\recently-used.xbel
2014-01-16 15:16 - 2014-01-16 15:16 - 00000000 ____D C:\Users\Scott\AppData\Local\gtk-2.0
2014-01-16 15:16 - 2014-01-16 15:16 - 00000000 ____D C:\Users\Scott\.thumbnails
2014-01-16 15:16 - 2013-10-18 17:40 - 00000000 ____D C:\Users\Scott
2014-01-16 15:13 - 2014-01-16 15:13 - 00001470 _____ C:\Users\Scott\Desktop\gimp-2.8.exe - Shortcut.lnk
2014-01-16 15:13 - 2014-01-16 15:13 - 00000000 ____D C:\Users\Scott\AppData\Local\gegl-0.2
2014-01-16 15:13 - 2010-12-23 15:00 - 00000000 ____D C:\Users\Scott\AppData\Roaming\uTorrent
2014-01-16 15:11 - 2014-01-16 15:10 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-16 15:08 - 2014-01-16 15:07 - 90396104 ____R (The GIMP Team ) C:\Users\Scott\Downloads\gimp-2.8.10-setup.exe
2014-01-16 15:06 - 2014-01-16 15:06 - 00007405 _____ C:\Users\Scott\Downloads\gimp-2.8.10-setup.exe.torrent
2014-01-16 15:06 - 2011-05-04 18:32 - 00000000 ____D C:\Users\Scott\Documents\Outlook Files
2014-01-16 15:04 - 2013-04-30 21:32 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 15:02 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-16 14:53 - 2014-01-16 14:53 - 00791552 _____ (AMD) C:\Users\Scott\Downloads\amddriverdownloader.exe
2014-01-16 14:48 - 2011-07-06 18:54 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000UA.job
2014-01-16 14:41 - 2013-08-22 07:22 - 05988632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-16 14:38 - 2013-08-22 08:17 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-16 14:38 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-16 14:38 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-16 14:38 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-16 14:38 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\Camera
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2014-01-16 14:36 - 2014-01-16 14:36 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2014-01-16 14:35 - 2014-01-16 14:35 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-16 14:35 - 2010-12-30 10:12 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2014-01-16 14:34 - 2011-04-26 09:42 - 00000000 ____D C:\Program Files\AMD
2014-01-16 14:34 - 2010-12-23 06:46 - 00000000 ____D C:\AMD
2014-01-16 14:27 - 2013-04-02 19:11 - 01099724 _____ C:\Users\Scott\Desktop\Apr2014 Instructions by Agent.xlsx
2014-01-16 07:18 - 2014-01-16 07:18 - 00000000 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-16 07:18 - 2011-06-22 18:08 - 00000000 ____D C:\Program Files\Java
2014-01-16 06:54 - 2013-04-10 20:41 - 00000000 ____D C:\Users\Scott\Desktop\DAILY ROUTES
2014-01-16 06:43 - 2013-08-22 06:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2014-01-16 06:42 - 2013-07-21 20:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 06:39 - 2010-12-23 06:23 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 06:35 - 2013-09-29 19:58 - 01267086 _____ C:\WINDOWS\PFRO.log
2014-01-16 06:23 - 2013-08-22 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-14 22:42 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-14 22:40 - 2013-08-22 08:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-14 20:48 - 2011-07-06 18:53 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000Core.job
2014-01-14 20:43 - 2014-01-14 20:43 - 00089525 _____ C:\Users\Scott\Downloads\dir.dcr
2014-01-14 20:41 - 2014-01-09 18:22 - 00000000 ____D C:\Users\Scott\AppData\Local\Adobe
2014-01-14 20:37 - 2014-01-14 20:37 - 00000000 ____D C:\Users\Scott\Desktop\FRST-OlderVersion
2014-01-14 20:36 - 2014-01-16 20:44 - 01220608 _____ (Farbar) C:\Users\Scott\Desktop\FRST.exe
2014-01-14 20:36 - 2014-01-14 20:36 - 01220608 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-01-14 20:35 - 2014-01-14 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
2014-01-14 07:31 - 2014-01-14 07:31 - 01607032 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MGADiag.exe
2014-01-13 20:57 - 2013-10-10 14:43 - 00000000 ____D C:\Program Files\Britannica 13.0
2014-01-13 20:54 - 2010-12-23 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\DMCache
2014-01-13 20:48 - 2011-04-26 09:40 - 00000000 ____D C:\Program Files\Handbrake
2014-01-13 20:45 - 2014-01-13 20:45 - 01528184 _____ (Microsoft Corporation) C:\Users\Scott\Desktop\GenuineCheck.exe
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2014-01-13 20:36 - 2012-06-02 14:53 - 00000000 ____D C:\Program Files\Adobe Download Assistant
2014-01-13 20:36 - 2010-12-23 16:21 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-13 20:34 - 2010-12-23 16:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-13 20:33 - 2010-12-23 16:21 - 00000000 ____D C:\Program Files\Adobe
2014-01-13 20:32 - 2011-01-14 20:33 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2014-01-13 20:30 - 2010-12-23 16:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2014-01-13 20:28 - 2010-12-23 16:21 - 00000000 ____D C:\ProgramData\Adobe
2014-01-13 20:27 - 2014-01-13 20:27 - 00000133 _____ C:\Users\Scott\Downloads\fixlist.txt
2014-01-13 14:17 - 2013-07-12 20:39 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2014-01-13 07:08 - 2014-01-13 06:44 - 00014848 _____ C:\Users\Scott\Documents\13.01.14.axe
2014-01-12 20:11 - 2010-12-23 06:04 - 00000000 ____D C:\Users\Scott\AppData\Local\VirtualStore
2014-01-11 19:49 - 2014-01-11 19:48 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-11 19:46 - 2013-09-12 14:07 - 00000000 ____D C:\AdwCleaner
2014-01-10 06:46 - 2011-06-16 21:14 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 17:20 - 2012-12-14 12:30 - 00000000 ____D C:\Users\Scott\Desktop\New folder
2014-01-08 16:35 - 2014-01-08 15:30 - 00048128 _____ C:\Users\Scott\Documents\09.01.14.axe
2014-01-08 13:06 - 2013-10-12 16:20 - 00000000 ____D C:\Users\Scott\AppData\Roaming\.minecraft
2014-01-06 22:31 - 2013-08-22 08:18 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-06 22:31 - 2013-08-22 08:18 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-21 22:56 - 2013-12-21 22:56 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2013-12-21 21:34 - 2013-12-21 21:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-21 21:32 - 2013-08-07 11:02 - 09452704 _____ (SurfRight B.V.) C:\Users\Scott\AppData\Roaming\HitmanPro.exe
2013-12-17 16:08 - 2013-04-30 21:32 - 00000000 ____D C:\Program Files\Google

Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\OCL871F.tmp.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-11-16 11:13] - [2013-10-22 06:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-14 22:38

==================== End Of Log ============================

And addtional

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2014 02
Ran by Scott at 2014-01-16 20:46:46
Running from C:\Users\Scott\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (Version: 3.3.2.30303 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AnyDVD (Version: - SlySoft)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArtiCAD 14.0 Build 20 (Version: 14.0 Build 20 - ArtiCAD Ltd)
ASUSUpdate (Version: 7.18.03 - ASUSTeK Computer Inc.)
Auslogics Registry Cleaner (Version: 2.4 - Auslogics Software Pty Ltd)
BenVista PhotoZoom Pro 4.1 (Version: 4.1 - BenVista Ltd.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
calibre (Version: 0.8.55 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
CloneDVD2 (Version: - Elaborate Bytes)
CloneDVDmobile (Version: - SlySoft)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322 - )
CryptoPrevent v4.3.0 (Version: - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp DSP Effects (Version: Release 9 - Illustrate)
dBpoweramp Music Converter (Version: Release 14.4 - Illustrate)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (Version: - )
DVD Shrink 3.2 (Version: - DVD Shrink)
DxO Optics Pro 8 (Version: 8.1.3 - DxO Labs)
Epson Easy Photo Print 2 (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (Version: - )
EPSON PhotoQuicker3.5 (Version: - )
Epson Print CD (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (Version: - SEIKO EPSON Corporation)
EPSON Scan (Version: - Seiko Epson Corporation)
EPSON SX620FW Series Manual (Version: - )
EPSON SX620FW Series Network Guide (Version: - )
EPSON SX620FW Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (Version: 3.3a - SEIKO EPSON CORPORATION)
Facebook Photo Uploader (Version: 1.0.0.2003 - Facebook)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Chrome (Version: 32.0.1700.72 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (Version: - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
JDs Auto Speed Tester (Version: - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyMan V4.0 Build 6 (Version: 4.0.0.6 - ZF Friedrichshafen AG)
K-Lite Codec Pack 9.6.5 (Basic) (Version: 9.6.5 - )
Logitech Vid HD (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (Version: 12.10.1113 - Logitech Inc.)
Macromedia Extension Manager (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medieval CUE Splitter (Version: 1.2.0 - Medieval Software)
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2013 (Version: 19.0.21.0500 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MioMore Desktop 7.50 (Version: 7.50.0107.120 - Mio Technology)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 15.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (Version: 3.3.0.1342 - TomTom)
MyFreeCodec (Version: - )
Nero 9 (Version: - Nero AG)
Nero BurningROM (Version: 9.0.0.0 - Nero AG) Hidden
Nero ControlCenter (Version: 0.0.0.1 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Express (Version: 9.0.0.0 - Nero AG) Hidden
Nero Installer (Version: 2.0.0.1 - Nero AG) Hidden
NeroBurningROM (Version: 9.0.9.100 - Nero AG) Hidden
NeroExpress (Version: 9.0.9.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton Identity Safe (Version: 2014.6.0.27 - Symantec Corporation)
Norton Internet Security (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (Version: - )
Origin (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Photodex Presenter (Version: - Photodex Corporation)
Photomatix Pro version 4.2.5 (Version: 4.2.5 - HDRsoft Ltd)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
PMB (Version: 5.8.02.10270 - Sony Corporation)
Power Packet Utility (Version: 1.0.7 - Intellon)
ProShow Producer (Version: - Photodex Corporation)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (Version: 1.5.24.0 - Ralink)
Rapport (Version: 3.5.1304.32 - Trusteer) Hidden
RescuePRO Deluxe 5.1.2.7 (Version: 5.1.2.7 - LC Technology International, Inc.)
SDFormatter (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sony Image Data Suite (Version: 3.2.00.19080 - Sony Corporation)
Sony RAW Driver (Version: 2.0.00.08130 - Sony Corporation)
System Requirements Lab CYRI (Version: 4.5.1.0 - Husdawg, LLC)
Text-To-Speech-Runtime (Version: 1.0.0.0 - Magix Development GmbH)
The Sims™ 3 (Version: 1.63.5 - Electronic Arts)
The Sims™ 3 Pets (Version: 10.0.96 - Electronic Arts)
Topaz Adjust 4 (Version: 4.0.0 - Topaz Labs)
Trusteer Endpoint Protection (Version: 3.5.1304.32 - Trusteer)
Turbo Lister 2 (Version: 2.00.0000 - eBay Inc.)
Ultimate Reference Suite (Version: 2013.0.0.0 - Encyclopaedia Britannica, Inc.)
Unity Web Player (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (Version: 1.36 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
VSO Image Resizer 4.0.3.6 (Version: 4.0.3.6 - VSO-Software)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (Version: 4.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (Version: 7.3.0.20120529 - Xilisoft)
Your Uninstaller! 7 (Version: 7.5.2013.2 - URSoft, Inc.)

==================== Restore Points =========================

16-01-2014 06:38:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:04 - 2014-01-13 20:38 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01C84230-C58E-4BD9-88AE-495BC89650DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {20CEA0AF-4671-467C-B424-031ACD097FFA} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E2E106D-3DD4-4127-8ACA-847D8EF4622B} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {307E6374-EA28-4814-875C-21BEF882AD48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4540E2D8-2D81-4BAF-8220-4E481D29813A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {4D5B143C-ED52-4F1E-8C05-1FE36EA08650} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {58472642-3B55-40F6-BD48-7C5A5F0223C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-16] (Microsoft Corporation)
Task: {596B3132-26C5-4D8A-82DA-750742A65199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.)
Task: {5C3EA04C-CE98-4F7B-BFEB-4EA48DE67871} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5D29DCF6-A6CE-41C3-9AD2-3379C547AA65} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SCOTT-PC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {831030FD-34A3-4C30-80EF-0346C7EAFBC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {890D4007-9ACF-4529-AB9A-4652C242EEA6} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {8AA30F92-6FDD-4C3D-9BF7-4B6A0CE9A1E4} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8BA231F8-7C02-4A25-AB7A-6FFDA93BF3A0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {9E85725E-3F15-4886-8562-8637AF740AE5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE25B209-850E-44B2-9A52-E9A7FE635481} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6833800-B7BF-4000-882D-78E7AFCB61A3} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {F632B970-7809-4C1C-A225-73914E0DF7AF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {FDE27317-74B8-4D08-A42A-1372B296FF89} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423471140-3236196863-1363927929-1000UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2012-05-03 22:27 - 2013-10-21 19:41 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-06-18 16:06 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-21 23:55 - 2013-06-18 12:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2006-02-22 14:47 - 2006-02-22 14:47 - 00073728 ____R () C:\Program Files\Cherry\KeyMan\zlib1.dll
2006-02-22 14:47 - 2006-02-22 14:47 - 00114688 ____R () C:\Program Files\Cherry\KeyMan\libpng13.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-28 21:29 - 2013-03-28 21:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-11-29 09:29 - 2013-11-29 09:29 - 00026520 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2013-11-29 09:28 - 2013-11-29 09:28 - 00082840 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 09:28 - 2013-11-29 09:28 - 00344984 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Scott\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-07 23:37 - 2014-01-07 04:04 - 00715544 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\libglesv2.dll
2014-01-07 23:36 - 2014-01-07 04:04 - 00100120 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\libegl.dll
2014-01-07 23:37 - 2014-01-07 04:05 - 04055320 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\pdf.dll
2014-01-07 23:37 - 2014-01-07 04:05 - 00399640 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll
2014-01-07 23:36 - 2014-01-07 04:04 - 01634584 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Scott\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Scott\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Scott\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Edimax 802.11n PCI Card
Description: Edimax 802.11n PCI Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Edimax Technology Co., Ltd
Service: netr28
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2014 08:25:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1940
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 02:57:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1804
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 02:43:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1614
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 02:16:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1a24
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 06:45:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x18b0
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/16/2014 06:35:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1960
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/16/2014 06:24:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.13.13.5, time stamp: 0x516e136b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d45f2
Exception code: 0xe06d7363
Fault offset: 0x00011aa0
Faulting process ID: 0x1a44
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report ID: ApplePhotoStreams.exe3
Faulting package full name: ApplePhotoStreams.exe4
Faulting package-relative application ID: ApplePhotoStreams.exe5

Error: (01/15/2014 03:09:15 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d0

Start Time: 01cf119e74b4a604

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: 68f2ecbd-7d92-11e3-b295-20cf3081f7c8

Faulting package full name: Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (01/15/2014 02:54:15 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b78

Start Time: 01cf119c5c59fa39

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: 5088b089-7d90-11e3-b295-20cf3081f7c8

Faulting package full name: Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App


System errors:
=============
Error: (01/16/2014 08:44:57 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:44:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:40:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:39:50 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:32:49 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:25:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 08:24:34 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (01/16/2014 03:10:03 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 02:53:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/16/2014 02:42:17 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/16/2014 08:25:08 PM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa0194001cf12f90af3191dC:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dll4a6e544c-7eec-11e3-b29b-20cf3081f7c8

Error: (01/16/2014 02:57:53 PM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa0180401cf12cb530e3fd4C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dll92c8abb1-7ebe-11e3-b29a-20cf3081f7c8

Error: (01/16/2014 02:43:50 PM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa0161401cf12c95bb2ac22C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dll9c95c33e-7ebc-11e3-b29a-20cf3081f7c8

Error: (01/16/2014 02:16:12 PM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa01a2401cf12c582225a6aC:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dllc0736880-7eb8-11e3-b299-20cf3081f7c8

Error: (01/16/2014 06:45:07 AM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa018b001cf12867d871a63C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dllbc22386b-7e79-11e3-b298-20cf3081f7c8

Error: (01/16/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (01/16/2014 06:35:55 AM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa0196001cf12853466b8b2C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dll72eec40a-7e78-11e3-b297-20cf3081f7c8

Error: (01/16/2014 06:24:10 AM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.13.13.5516e136bKERNELBASE.dll6.3.9600.16408523d45f2e06d736300011aa01a4401cf12839092c3a0C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\WINDOWS\system32\KERNELBASE.dllcf2de1ba-7e76-11e3-b296-20cf3081f7c8

Error: (01/15/2014 03:09:15 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1643117d001cf119e74b4a6044294967295C:\WINDOWS\system32\wwahost.exe68f2ecbd-7d92-11e3-b295-20cf3081f7c8Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5cApp

Error: (01/15/2014 02:54:15 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.164311b7801cf119c5c59fa394294967295C:\WINDOWS\system32\wwahost.exe5088b089-7d90-11e3-b295-20cf3081f7c8Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5cApp


CodeIntegrity Errors:
===================================
Date: 2013-12-11 18:40:33.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:32.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:32.596
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:30.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:30.065
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:29.893
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:25.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2013-12-11 18:40:20.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2013-11-18 21:49:55.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2013-11-18 21:49:55.077
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3071.22 MB
Available physical RAM: 1457.7 MB
Total Pagefile: 4671.22 MB
Available Pagefile: 2025.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1862.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.82 GB) (Free:183.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.3 GB) (Free:465.11 GB) NTFS
Drive z: (2nd Hard Disc) (Fixed) (Total:931.51 GB) (Free:767.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 68546BD0)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B5CAE923)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#25
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
FSS Scan


Farbar Service Scanner Version: 08-01-2014
Ran by Scott (administrator) on 16-01-2014 at 20:49:52
Running from "C:\Users\Scott\Desktop"
Microsoft Windows 8.1 Pro with Media Center (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\nsisvc.dll
[2013-08-22 06:13] - [2013-08-22 06:13] - 0021504 ____A (Microsoft Corporation) 4763A0EC9B205B32E1194024E50F0C32

C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\dhcpcore.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2014-01-16 14:32] - [2013-11-05 18:50] - 1888088 ____A (Microsoft Corporation) B499B828852496F96A16A6248A712879

C:\WINDOWS\system32\dnsrslvr.dll
[2013-11-16 11:13] - [2013-10-08 05:14] - 0186880 ____A (Microsoft Corporation) 68A875283BBB4635120E14A024BBBE1E

C:\WINDOWS\system32\mpssvc.dll => MD5 is legit
C:\WINDOWS\system32\bfe.dll
[2013-11-14 14:49] - [2013-10-12 21:14] - 0549888 ____A (Microsoft Corporation) B504A323B1280F66498B9601CA2D0C48

C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuaueng.dll
[2013-11-16 11:13] - [2013-10-07 02:03] - 2833408 ____A (Microsoft Corporation) A3BC24D8C092FD62EC0E30AA95E53D63

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2013-11-16 11:13] - [2013-09-14 08:54] - 0380928 ____A (Microsoft Corporation) F17175CD44231011EC33F3F62F8A9314

C:\WINDOWS\system32\iphlpsvc.dll
[2013-11-16 11:13] - [2013-10-08 04:40] - 0795648 ____A (Microsoft Corporation) DD457C613576ED1E134297DF8D4C5922

C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Question:

Are you getting the same error message as before or, is it that Flash is not working properly?

The reason I ask is because sometimes I have found that CryptoPrevent will interfere with Flash.

Try uninstalling CryptoPrevent and see if that makes a difference.
  • 0

#27
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Same error message as before, have only just installed cryptoprevent but was getting the error message before the recent installation. :(
  • 0

#28
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Question for you, what exactly is IDMcache.exe anyway?!
  • 0

#29
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Question for you, what exactly is IDMcache.exe anyway?!


I believe it is Internet Download Manager. In some quarters it is seen as bad although some versions are legitimate.

In your case you had a cracked version of Adobe on the machine which might have interfered with flash and which could have had other bad stuff with it. You uninstalled that and we cleared out the browser cache and downloaded a new version of flash. Further, we ran ESET which should have picked it up if it was bad and still there.

Let's do this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    IDMcache.exe
    :filefind
    *IDMcache*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

#30
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 22:09 on 16/01/2014 by Scott
Administrator - Elevation successful

========== regfind ==========

Searching for "IDMcache.exe"
No data found.

========== filefind ==========

Searching for "*IDMcache*"
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\BrowserCache\IDMcache.bat --a---- 313 bytes [20:39 12/07/2013] [13:35 25/07/2013] EB55C15DC2178F0E197902E27C5E00F5
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\BrowserCache\IDMcache.vbs --a---- 78 bytes [20:39 12/07/2013] [21:28 02/07/2012] C578D9653B22800C3EB6B6A51219BBB8
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Recent\http--www.averscanner.com-scan-28-idmcache-exe.shtml.lnk --a---- 262 bytes [21:15 16/01/2014] [21:15 16/01/2014] FA1DF90E8C91BEB3E171D561F5EE68F3

-= EOF =-

I think the last entry averscanner was me just doing some research on the item!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP