Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random audio and failed updates [Closed]


  • This topic is locked This topic is locked

#1
Hippeaux

Hippeaux

    Member

  • Member
  • PipPip
  • 33 posts

I am running Win 7sp1, with nearly the latest updates.  Recently my computer has begun playing audio at random times.  It almost sounds like TV commercials or news.  This can occur at any time, unless I disable the network adapter.  Windows updates now fail to install.  No hardware changes have been made.

 

I have ESET NOD32 Antivirus and run the latest Malwarebytes weekly.

 

In addition to the OTL.txt log, a file called "Extras.txt".  Should I post that as well?

=======================

OTL logfile created on: 6/2/2014 11:08:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop\Cleaning
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.44% Memory free
15.99 Gb Paging File | 14.31 Gb Available in Paging File | 89.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 180.94 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 295.62 Gb Free Space | 31.74% Space Free | Partition Type: NTFS
 
Computer Name: HIPPEAUX | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/02 10:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\Cleaning\OTL.exe
PRC - [2014/05/09 08:19:26 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2013/10/15 10:58:54 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2012/12/21 13:08:56 | 001,333,424 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/23 23:40:08 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
PRC - [2012/07/10 19:42:34 | 000,460,432 | ---- | M] (NovaStor Corporation) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2012/07/10 19:32:40 | 000,313,488 | ---- | M] (NovaStor Corporation) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2011/12/07 16:32:34 | 000,162,920 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
PRC - [2011/08/16 20:00:36 | 001,005,568 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/03/26 10:48:46 | 000,364,032 | ---- | M] (TrippLite) -- C:\Program Files (x86)\TrippLite\PowerAlert\console\pastatus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/10 19:44:30 | 002,471,568 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
MOD - [2012/07/10 19:29:24 | 000,183,952 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
MOD - [2011/12/07 16:32:34 | 000,162,920 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
MOD - [2011/12/02 20:23:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTMUI.dll
MOD - [2011/12/02 20:23:04 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011/12/02 20:22:58 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTUI.dll
MOD - [2011/12/02 20:22:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTFC.dll
MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTTSH.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/21 13:08:56 | 001,333,424 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/19 12:22:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/05/14 13:38:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/21 21:26:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/15 10:58:54 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/23 23:40:08 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2012/07/10 19:42:34 | 000,460,432 | ---- | M] (NovaStor Corporation) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2012/07/10 19:15:06 | 000,256,512 | ---- | M] (NovaStor Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2012/04/11 12:39:02 | 004,743,680 | ---- | M] (NovaStor Corporation) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe -- (Disaster Recovery Imaging)
SRV - [2011/08/16 20:00:36 | 001,005,568 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2011/08/16 15:53:58 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/25 09:00:36 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012/12/21 13:09:28 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/12/21 13:08:54 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/12/21 13:08:18 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/27 11:30:40 | 000,024,456 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011/07/27 11:30:12 | 000,018,952 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV:64bit: - [2011/07/27 11:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2011/07/27 11:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2011/07/27 11:28:28 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:45:12 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/18 23:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2010/04/06 19:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2010/04/06 19:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/10/07 03:49:26 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 03:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 03:45:36 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/17 15:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/17 15:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/10/21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008/10/21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008/10/21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008/10/21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/17 15:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 AF 96 86 5B 96 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B36F8A13-8910-42D2-A22C-A18DB52ACE2E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9E1C648E-5DCB-4741-9939-9A45FAF7BB97}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B36F8A13-8910-42D2-A22C-A18DB52ACE2E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53172
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {73c39a20-8768-4a82-8b43-fc9535715c5c}:2.20
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
FF - prefs.js..extensions.enabledItems: {99f30549-35d4-11d9-8a2a-396c6e707e82}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {da7f40f0-8675-11db-b606-0800200c9a66}:3.04
FF - prefs.js..extensions.enabledItems: [email protected]:1.85
FF - prefs.js..extensions.enabledItems: {6d677280-ddfe-11dc-95ff-0800200c9a66}:0.4
FF - prefs.js..extensions.enabledItems: {269e35b1-cdde-11de-8a39-0800200c9a67}:0.3.3
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/03/14 15:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/19 21:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/10/15 10:58:10 | 000,173,427 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/21 21:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 12:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/23 10:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/05/19 12:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/03/14 15:24:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/21 21:26:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 12:21:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/23 10:31:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/05/19 12:21:23 | 000,000,000 | ---D | M]
 
[2010/11/16 22:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2010/11/16 22:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/05/30 20:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions
[2010/11/22 21:23:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 21:23:27 | 000,000,000 | ---D | M] (EmailTheWeb.com) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c}
[2014/03/24 14:20:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/05/26 09:06:28 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/03/23 21:13:10 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2013/06/27 16:17:01 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2010/11/22 21:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Netfox) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{269e35b1-cdde-11de-8a39-0800200c9a67}
[2010/11/17 10:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{31309720-471b-11dd-ae16-0800200c9a66}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Neofox IE 6) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Orthodox) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (History Submenus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (EmailTheWeb.com) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] ("Looks Familiar") -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{8d443e84-8d17-4211-948d-d033289ab0b4}
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2010/11/22 21:25:53 | 000,000,000 | ---D | M] (CoolChaser Toolbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2010/11/22 21:25:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 21:25:55 | 000,000,000 | ---D | M] (FOXSCAPE) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}
[2010/11/22 21:25:51 | 000,000,000 | ---D | M] (ClassicFox) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\[email protected]
[2010/11/22 21:25:51 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\[email protected]
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\[email protected]
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (Firefoxp) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\[email protected]
[2010/11/22 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\staged-xpis
[2010/11/22 21:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}\mozapps\extensions
[2012/06/27 14:01:00 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2012/06/27 14:01:02 | 000,811,915 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2014/05/15 08:49:22 | 000,017,922 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2012/06/27 14:29:25 | 000,316,198 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2013/08/03 13:36:10 | 000,070,941 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2013/12/23 19:42:39 | 000,159,912 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2014/03/13 10:10:58 | 003,679,842 | R--- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2014/03/13 10:10:58 | 000,062,091 | R--- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2013/08/03 12:06:57 | 000,067,795 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2013/08/03 12:06:57 | 000,066,429 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\[email protected]
[2014/01/02 16:08:14 | 000,475,779 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/05/08 11:09:20 | 000,692,058 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014/05/30 20:58:06 | 000,537,411 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2014/04/22 11:09:22 | 003,648,308 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}.xpi
[2013/12/25 16:06:40 | 000,179,023 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2014/05/28 17:20:22 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/01 11:09:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/11 11:03:41 | 000,002,964 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{d618933b-9eb4-1c04-949d-0f9b1a39ebb9}.xpi
[2014/04/22 11:09:20 | 001,775,810 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi
[2013/12/15 16:04:45 | 001,156,402 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi
[2008/01/31 13:06:03 | 000,457,744 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}\chrome\tmp.xpi
[1980/01/01 00:00:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}\mozapps\xpinstall\xpinstallConfirm.css
[2008/08/04 19:49:52 | 000,000,541 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/09/20 22:37:40 | 000,228,647 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\dg9898ot.default\extensions\staged-xpis\[email protected]\tmp-1.xpi
[2014/04/21 21:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/21 21:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/04/21 21:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/21 21:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/19 04:58:26 | 000,067,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/14 17:02:42 | 008,523,264 | ---- | M] (LizardTech) -- C:\Program Files (x86)\mozilla firefox\plugins\npexview.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://att.my.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5.1  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Speed Dial = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.6_0\
CHR - Extension: Closed tabs = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Recent History (Toolbar Icon) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\milbdjfbgdilllphgdmlahonjodlfokh\2.1.4.1_0\
CHR - Extension: Incredible StartPage - Productive Start Page = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.2_0\
CHR - Extension: Google Wallet = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Slinky Brushed = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc\19.6_0\
CHR - Extension: Gmail = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011/08/19 18:45:48 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Gaaiho PDF Conversion Toolbar Helper) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [NCsoft]  File not found
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append the content of the link to an existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to an existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append the content of the link to an existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to an existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8 - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F8E2FBA-ED5D-4E9B-89B7-A4D1D27DA700}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\jpip - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sidlet - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 11:00:07 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/29 18:09:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New folder (2)
[2014/05/28 20:32:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/28 19:52:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/05/28 18:54:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/05/28 18:27:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/05/28 18:27:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/05/28 18:27:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/05/28 18:23:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/28 18:22:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/05/28 18:09:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/28 17:51:59 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/28 17:49:39 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Cleaning
[2014/05/28 16:13:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/28 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2.old
[2014/05/28 15:27:47 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014/05/28 11:26:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Seagate
[2014/05/28 11:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2014/05/19 12:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/05/18 19:12:37 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\DropboxMaster
[2014/05/18 13:15:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\TS3Client
[2014/05/18 13:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014/05/18 13:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2014/05/14 13:38:13 | 017,938,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/12 13:19:33 | 009,822,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Scott\install_flash_player.exe
[2010/11/20 14:45:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Scott\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/02 11:10:19 | 000,000,086 | ---- | M] () -- C:\Windows\SysNative\jvmw.kqe
[2014/06/02 10:51:29 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job
[2014/06/02 10:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/02 10:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
[2014/06/02 10:19:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job
[2014/06/02 09:34:12 | 000,017,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 09:34:12 | 000,017,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 09:22:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job
[2014/06/02 09:22:10 | 000,001,169 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2014/06/02 09:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 09:21:58 | 2145,509,375 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/02 08:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job
[2014/06/02 08:12:54 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2014/06/02 08:12:54 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2014/06/01 15:01:00 | 000,003,392 | -H-- | M] () -- C:\ProgramData\nsActivation.act
[2014/05/28 21:19:01 | 514,093,051 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/28 13:14:31 | 000,794,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/28 13:14:31 | 000,661,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/28 13:14:31 | 000,121,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/28 08:37:40 | 000,001,049 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/25 14:40:22 | 000,001,848 | ---- | M] () -- C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
[2014/05/25 14:40:16 | 000,001,848 | ---- | M] () -- C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
[2014/05/23 19:08:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/05/23 16:13:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\gajd.edv
[2014/05/23 16:13:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\uhkgabk.sff
[2014/05/23 15:57:31 | 000,310,760 | --S- | M] () -- C:\Windows\SysNative\hbhsp.xzh
[2014/05/22 17:03:37 | 005,052,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/19 12:21:24 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2014/05/19 09:36:21 | 000,002,595 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
[2014/05/18 13:15:52 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/05/18 09:10:23 | 000,000,132 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2014/05/14 13:38:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 13:38:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/14 13:38:13 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2014/05/28 18:27:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/28 18:27:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/28 18:27:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/28 18:27:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/28 18:27:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/25 14:40:22 | 000,001,848 | ---- | C] () -- C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
[2014/05/25 14:40:16 | 000,001,848 | ---- | C] () -- C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
[2014/05/23 16:24:37 | 000,000,086 | ---- | C] () -- C:\Windows\SysNative\jvmw.kqe
[2014/05/23 16:13:35 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\gajd.edv
[2014/05/23 16:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\uhkgabk.sff
[2014/05/23 15:57:31 | 000,310,760 | --S- | C] () -- C:\Windows\SysNative\hbhsp.xzh
[2014/05/19 12:21:24 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
[2014/05/19 12:21:24 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
[2014/05/19 12:21:24 | 000,002,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2014/05/19 12:21:24 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2014/05/18 13:15:52 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/05/09 08:19:46 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
[2014/02/27 14:48:34 | 000,395,264 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2014/02/27 14:48:34 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2014/02/27 14:48:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2013/09/20 14:03:34 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2013/05/19 14:18:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/05/12 15:19:15 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\imsispd.exe
[2013/05/12 15:17:21 | 000,249,344 | ---- | C] () -- C:\Windows\SysWow64\imsised.exe
[2013/05/12 15:17:21 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\imsfchk.dll
[2013/02/10 12:41:22 | 000,034,816 | ---- | C] () -- C:\Users\Scott\murmur.sqlite
[2012/09/13 19:05:43 | 000,774,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/05 17:38:32 | 000,000,053 | RHS- | C] () -- C:\ProgramData\1.13.1.lic
[2012/08/05 17:38:28 | 000,003,392 | -H-- | C] () -- C:\ProgramData\nsActivation.act
[2012/08/03 15:40:39 | 000,000,059 | ---- | C] () -- C:\Windows\spwdrhsa.INI
[2012/07/17 16:56:07 | 000,000,132 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/12/19 12:54:08 | 000,004,812 | -HS- | C] () -- C:\Users\Scott\AppData\Local\s1qr71m2it4nvu
[2011/12/19 12:54:08 | 000,004,812 | -HS- | C] () -- C:\ProgramData\s1qr71m2it4nvu
[2011/09/24 16:20:09 | 000,002,595 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Resources
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Repeat Routines
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Receipts
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\Users\Scott\AppData\Roaming\Quartz Composer
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\Users\Scott\AppData\Roaming\Project Templates
[2011/03/06 17:30:34 | 000,000,268 | RH-- | C] () -- C:\Users\Scott\AppData\Roaming\Profiles
[2011/03/06 17:30:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/03/06 17:30:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/03/06 17:30:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/22 18:02:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/20 14:45:12 | 000,007,859 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.cat
[2010/11/20 14:45:12 | 000,001,167 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\pcouffin.inf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 964 bytes -> C:\Users\Scott\AppData\Local\Temp:EMhRuAazUzpmse8jlfe1NJ0xct0rvp
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:AEC0AC81
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:2683706C
@Alternate Data Stream - 16 bytes -> C:\Users\Scott\Downloads:Shareaza.GUID

< End of report >
 


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Hi Hippeaux, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Are you running pirated version of Adobe Products?

Regards,
Valinorum
  • 1

#3
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

No, I am not.  I did, however have trouble reinstalling my copy of Adobe Acrobat 8 not so long ago.


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Hi Hippeaux, :)
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Step #2 SystemLook Search
    • Please download SystemLook by jpshortstuff to your Desktop from the suitable link below.
    • Right-click and choose Run as administrator;
    • In the search box, copy and pasted the following code in the code-box.
      :filefind
      rpcss.dll
      
    • Click on Look;
    • After the scan a log will be opened;
    • Post the log in your next reply.
 

Post the Combofix Log located in C:\ComboFix.txt

 
  • Required Log(s):
    • Farbar Recovery Scan Tool Log(s) --
      • FRST.txt
      • Addition.txt
    • SystemLook Log
    • ComboFix Log
Regards,
Valinorum
  • 0

#5
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Scott (administrator) on HIPPEAUX on 02-06-2014 12:36:28
Running from C:\Users\Scott\Desktop\Cleaning
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(TrippLite) C:\Program Files (x86)\TrippLite\PowerAlert\console\pastatus.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-264554239-1153572309-3190330408-1001\...\Run: [NCsoft] => [X]
HKU\S-1-5-21-264554239-1153572309-3190330408-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
ShortcutTarget: NovaBACKUP Tray Control.lnk -> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:53172
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02AF96865B96CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {9E1C648E-5DCB-4741-9939-9A45FAF7BB97} URL = http://duckduckgo.com/?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://att.my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npexview.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\searchplugins\duckduckgo.xml
FF Extension: United States English Spellchecker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-03-23]
FF Extension: Pocket - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-06-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-22]
FF Extension: EmailTheWeb.com - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c} [2010-11-22]
FF Extension: DownloadHelper - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-26]
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Firefox 3 theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: History Submenus Ⅱ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-10]
FF Extension: Lazarus: Form Recovery - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Modern Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-08-02]
FF Extension: Classic Compact Options - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2012-03-06]
FF Extension: Silvermel - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Silvermel and Charamel XT - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Strata Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Winstripe Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: All-in-One Sidebar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-12-11]
FF Extension: Flagfox - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-07]
FF Extension: Session Manager - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-05-31]
FF Extension: Simple Green - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{13b4437e-b706-11dc-8314-0800200c9a66}.xpi [2011-12-11]
FF Extension: Grab and Drag - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi [2012-04-25]
FF Extension: NoScript - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-11]
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-14]
FF Extension: Back/forward dropmarker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d618933b-9eb4-1c04-949d-0f9b1a39ebb9}.xpi [2011-12-11]
FF Extension: FOXSCAPE - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2011-12-11]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2011-12-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-04-21]
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2012-09-25]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-08-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]

Chrome:
=======
CHR HomePage: hxxp://att.my.yahoo.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Contribute CS5.1 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-15]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-15]
CHR Extension: (Speed Dial) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-05-28]
CHR Extension: (Closed tabs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah [2012-11-27]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-11-15]
CHR Extension: (Recent History (Toolbar Icon)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\milbdjfbgdilllphgdmlahonjodlfokh [2012-11-27]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2012-11-27]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Slinky Brushed) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2012-07-16]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

==================== Services (Whitelisted) =================

S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [256512 2012-07-10] (NovaStor Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1005568 2011-08-16] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [4743680 2012-04-11] (NovaStor Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [460432 2012-07-10] (NovaStor Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
R3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25352 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
S3 busenum; system32\DRIVERS\SteelBus64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blueletaudio.sys 8BC053CD1F5F11F79C80BE85BC289258
C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys 8BC053CD1F5F11F79C80BE85BC289258
C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 46134C260E6B019AA24506B8AB4D42D3
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btnetdrv.sys 8CAD77D0FD83819237BAC6F365531D15
C:\Windows\System32\DRIVERS\btcomport.sys 4A1F1B30DF3BC9DFFA26BD9DA07F3999
C:\Windows\System32\Drivers\btcombus.sys 57E636DA6934FDAF45E91D47E8B6BF3F
C:\Windows\System32\Drivers\btcusb.sys 8AAAA24B6F8357E2AFF9222C058EE226
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\Drivers\BtHidBus.sys 0E7FEF42F9E86A41ACFC41EAEBDA65F4
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\Drivers\btnetBus.sys C0D50877BB7EC88A953A2A56CEF170FA
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\eamonm.sys 78A3903702B7535154F56685CA1517D4
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 4BBB5A55EEB5EC11B20FCBB4CBB49357
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IvtBtBus.sys C7B6BE6BF2B5766648E232077E86B6A0
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvpopf64.sys B2085E335F2B57077B0CBADB6F1245CD
C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
C:\Windows\System32\DRIVERS\lvrs64.sys 986C1CB787A007BAA5F74E7D316D7246
C:\Windows\System32\DRIVERS\lvuvc64.sys 5747BC465ABEA2858C5D037252AED84E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FE2909F7DFB12B9A20AD207FE23B7E96
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\System32\DRIVERS\s0017bus.sys 032F537623A7B2FB81AAA184C30B70C3
C:\Windows\System32\DRIVERS\s0017mdfl.sys 9964A28E569B4FF105B446EF8978FD5C
C:\Windows\System32\DRIVERS\s0017mdm.sys 06347087D274C23DCFA8C4AB5C4314DB
C:\Windows\System32\DRIVERS\s0017mgmt.sys F0F0747B3FA50272DE6B1BF575FA4700
C:\Windows\System32\DRIVERS\s0017nd5.sys 7224412CEA2FF2DF7D4842C1B0E71045
C:\Windows\System32\DRIVERS\s0017obex.sys 3FEADBC7F09B8B596CBFB82F12ABA87F
C:\Windows\System32\DRIVERS\s0017unic.sys 2B63BEA31D939888B2A8F3F14D89B5C1
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SAlpham64.sys 86873AA9867CA9D78850EE9DC1C6AE5B
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys B2F50286DC82B93C013E3FC57BA1A956
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\VHIDMini.sys B0B7AB1BBCD262864264A695BD02A480
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\system32\drivers\vpcuxd.sys 63F4E10873BEB4124028C6D1A66B0968
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 12:35 - 2014-06-02 12:36 - 00000000 ____D () C:\FRST
2014-05-29 18:09 - 2014-05-29 18:14 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-28 19:52 - 2014-05-28 20:09 - 00000000 ___SD () C:\ComboFix
2014-05-28 18:27 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-28 18:27 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-28 18:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-28 18:23 - 2014-05-28 18:26 - 00000000 ____D () C:\Qoobox
2014-05-28 18:22 - 2014-05-28 18:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 17:49 - 2014-06-02 12:36 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 11:26 - 2014-05-28 11:41 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:19 - 2014-05-28 19:51 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:50 - 2014-05-24 21:51 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-23 16:24 - 2014-06-02 12:12 - 00000084 _____ () C:\Windows\system32\jvmw.kqe
2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-18 19:12 - 2014-06-02 09:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-05-18 13:15 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-09 08:19 - 2014-06-02 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9

==================== One Month Modified Files and Folders =======

2014-06-02 12:37 - 2010-11-16 14:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Temp
2014-06-02 12:36 - 2014-06-02 12:35 - 00000000 ____D () C:\FRST
2014-06-02 12:36 - 2014-05-28 17:49 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-06-02 12:24 - 2014-05-09 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-06-02 12:18 - 2014-03-30 14:18 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job
2014-06-02 12:12 - 2014-05-23 16:24 - 00000084 _____ () C:\Windows\system32\jvmw.kqe
2014-06-02 11:51 - 2013-05-13 08:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job
2014-06-02 11:38 - 2013-02-05 11:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 11:14 - 2010-11-16 14:31 - 01555414 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 09:34 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 09:34 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 09:29 - 2011-05-14 08:54 - 00000000 ___RD () C:\Users\Scott\Dropbox
2014-06-02 09:28 - 2014-05-18 19:12 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-06-02 09:28 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Dropbox
2014-06-02 09:22 - 2014-03-30 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job
2014-06-02 09:22 - 2011-08-16 15:06 - 00001169 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-02 09:22 - 2010-11-16 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-02 09:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 09:22 - 2009-07-13 23:51 - 00107914 _____ () C:\Windows\setupact.log
2014-06-02 09:21 - 2010-11-16 16:08 - 00266560 _____ () C:\Windows\PFRO.log
2014-06-02 08:18 - 2014-03-30 14:18 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job
2014-06-02 08:12 - 2011-05-14 17:05 - 00000380 _____ () C:\Windows\Tasks\At2.job
2014-06-02 08:12 - 2011-05-14 17:02 - 00000380 _____ () C:\Windows\Tasks\At1.job
2014-06-01 21:10 - 2010-11-23 18:24 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\uTorrent
2014-06-01 21:09 - 2010-11-23 18:31 - 00000000 ____D () C:\Users\Scott\Downloads\uTorrent
2014-06-01 20:56 - 2013-12-26 19:17 - 00000000 ____D () C:\Users\Scott\Downloads\Subtitles
2014-06-01 18:08 - 2010-11-23 13:46 - 00000000 ___RD () C:\Users\Scott\Downloads\Shareaza
2014-06-01 16:12 - 2010-11-24 18:37 - 00000000 ____D () C:\Users\Scott\Documents\Books
2014-06-01 15:01 - 2012-08-05 17:38 - 00003392 ____H () C:\ProgramData\nsActivation.act
2014-05-30 17:37 - 2011-04-09 22:15 - 00000000 ____D () C:\Users\Scott\Calibre Library
2014-05-29 18:14 - 2014-05-29 18:09 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-29 12:56 - 2013-03-10 18:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-29 12:56 - 2013-03-10 18:04 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-05-29 12:55 - 2011-12-15 18:26 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-05-29 12:55 - 2011-01-28 12:00 - 00000000 _____ () C:\conmgr.log
2014-05-29 12:55 - 2010-11-19 23:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 21:19 - 2012-09-30 22:40 - 514093051 _____ () C:\Windows\MEMORY.DMP
2014-05-28 21:19 - 2011-04-21 08:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-28 20:09 - 2014-05-28 19:52 - 00000000 ___SD () C:\ComboFix
2014-05-28 19:51 - 2014-05-28 11:19 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-05-28 18:26 - 2014-05-28 18:23 - 00000000 ____D () C:\Qoobox
2014-05-28 18:22 - 2014-05-28 18:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:55 - 2014-02-15 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:59 - 2010-12-14 09:55 - 00000000 ____D () C:\Temp
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 13:18 - 2013-11-11 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-28 13:14 - 2009-07-14 00:13 - 00794966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 11:41 - 2014-05-28 11:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:14 - 2009-07-14 00:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 09:11 - 2011-02-17 19:03 - 00000000 ____D () C:\Windows\pss
2014-05-28 09:11 - 2010-11-16 14:30 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 08:37 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 17:24 - 2014-02-14 18:41 - 00341504 ___SH () C:\Users\Scott\Desktop\Thumbs.db
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:51 - 2014-05-24 21:50 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-23 19:08 - 2010-11-22 17:51 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-05-23 19:07 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
2014-05-23 15:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-22 17:03 - 2009-07-13 23:45 - 05052504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 16:50 - 2011-02-06 18:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-20 15:29 - 2010-12-13 17:12 - 00000000 ____D () C:\Genealogy
2014-05-19 16:24 - 2010-11-16 18:13 - 00137848 _____ () C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-19 12:15 - 2010-11-17 19:02 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-05-19 11:02 - 2014-05-18 13:15 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-19 09:36 - 2011-09-24 16:20 - 00002595 _____ () C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-18 09:10 - 2012-07-17 16:56 - 00000132 _____ () C:\Users\Scott\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-14 14:38 - 2013-02-05 11:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:11 - 2010-12-03 12:14 - 00006600 _____ () C:\Users\Scott\Desktop\notes.txt
2014-05-13 08:11 - 2012-06-26 09:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9
2014-05-09 08:19 - 2014-03-30 14:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27
2014-05-06 19:14 - 2013-12-31 22:19 - 00000033 _____ () C:\Users\Scott\Documents\movie release list.txt
2014-05-06 18:50 - 2011-11-05 10:45 - 00000000 ____D () C:\Users\Scott\Desktop\videos for the dad
2014-05-06 08:13 - 2014-03-30 14:18 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2
2014-05-06 08:13 - 2014-03-30 14:18 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a
2014-05-04 17:12 - 2010-11-16 15:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Scott\install_flash_player.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Scott\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1x1g1t.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-08-24 13:41] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) 3B48132A26B44667B491D30B95832AF2

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {acf023f4-f1c7-11df-b588-863c29615dbe}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {acf023f5-f1c7-11df-b588-863c29615dbe}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {acf023f3-f1c7-11df-b588-863c29615dbe}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {acf023f5-f1c7-11df-b588-863c29615dbe}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Enterprise (recovered)
locale                  en-US
recoverysequence        {acf023f5-f1c7-11df-b588-863c29615dbe}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}

Windows Boot Loader
-------------------
identifier              {acf023f8-f1c7-11df-b588-863c29615dbe}
device                  ramdisk=[C:]\Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\Winre.wim,{acf023f9-f1c7-11df-b588-863c29615dbe}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                  
osdevice                ramdisk=[C:]\Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\Winre.wim,{acf023f9-f1c7-11df-b588-863c29615dbe}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {acf023f3-f1c7-11df-b588-863c29615dbe}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Enterprise (recovered)
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {acf023f6-f1c7-11df-b588-863c29615dbe}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\boot.sdi

Device options
--------------
identifier              {acf023f9-f1c7-11df-b588-863c29615dbe}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\boot.sdi



LastRegBack: 2014-05-29 08:22

==================== End Of Log ============================

 

==========================================================

 

==========================================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Scott at 2014-06-02 12:37:16
Running from C:\Users\Scott\Desktop\Cleaning
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Leawo DVD Ripper version  3.3.0.0 (HKLM-x32\...\{1FE417E2-6B8F-44CA-A7DF-A4BD072E8ED8}_is1) (Version:  - )
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version:  - )
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.30 - Avanquest Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BlueSoleil 7.0.370.0 (HKLM\...\{997F0EA4-A522-4A54-AB18-50D7C67CADCD}) (Version: 7.0.370.0 - IVT Corporation)
calibre (HKLM-x32\...\{DEDF9B07-5628-4CA0-96BD-8B3AAD553292}) (Version: 0.9.33 - Kovid Goyal)
CCS64 V3.8 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
CDCopy (HKLM-x32\...\CDCopy) (Version:  - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Champions Online (HKLM-x32\...\Champions Online) (Version:  - Cryptic Studios)
City of Heroes (HKCU\...\NCsoft-CityOfHeroes) (Version:  - NCsoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}) (Version: 15.2.0.661 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVDFab 8.0.4.0 (11/11/2010) (HKLM-x32\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ePub DRM Removal (HKLM-x32\...\ePubDRM) (Version: 1.2.1 - eBook Converter)
ESET NOD32 Antivirus (HKLM\...\{87CA8C0A-D865-48B6-B521-B3DB1771D565}) (Version: 6.0.308.0 - ESET, spol s r. o.)
EVGA OC Scanner 1.8.2 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version:  - EVGA)
EVGA Precision 2.1.1 (HKLM-x32\...\Precision) (Version: 2.1.1 - EVGA Corporation)
Free Video Flip and Rotate version 1.8.13.804 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version:  - DVDVideoSoft Limited.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp Pro 8 (HKLM-x32\...\{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
intelliScore Ensemble MP3 to MIDI Converter Demo (HKLM-x32\...\intelliScore Ensemble MP3 to MIDI Converter Demo) (Version: 8.1 - Innovative Music Systems)
intelliScore Polyphonic MP3 to MIDI Converter Demo (HKLM-x32\...\intelliScore Polyphonic MP3 to MIDI Converter Demo) (Version: 8.1 - Innovative Music Systems)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
LizardTech ExpressView Browser Plug-in (HKLM-x32\...\{67CEE8A8-9E1A-440A-9D99-F997EB4FB7AE}) (Version: 6.5 - LizardTech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.112.08260 (HKLM-x32\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.112.08260 - Sony)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.38 - Crintsoft) <==== ATTENTION
Movie Draft version 1.0.6 (HKLM-x32\...\{9AD89970-B9F1-4726-B48C-33CB3CDD55C7}_is1) (Version: 1.0.6 - iikon Limited)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.25.1 - NCsoft)
NovaBACKUP (HKLM-x32\...\NovaBACKUP) (Version: 13.1.12 - NovaStor)
NovaBACKUP (x32 Version: 13.1.12 - NovaStor) Hidden
Nuance PDF Converter Professional 8 (HKLM\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Control Panel 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1070 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
RMPrepUSB (HKLM-x32\...\RMPrepUSB) (Version:  - )
RootsMagic 4.0.9.9 (HKLM-x32\...\{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1) (Version:  - RootsMagic, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shareaza 2.6.0.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.6.0.0 - Shareaza Development Team)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SolidWorks eDrawings 2013 (HKLM-x32\...\{3C023AD6-4740-479A-8B7A-B5718F240268}) (Version: 13.4.107 - Dassault Systèmes SolidWorks Corp.)
Sony PC Companion 2.10.174 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stanza (HKLM-x32\...\Stanza) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version:  - )
SureThing CD Labeler Deluxe (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.647.0 - MicroVision Development, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Ultima Second Trilogy (HKLM-x32\...\GOGPACKULTIMASECONDTRILOGY_is1) (Version: 2.0.0.19 - GOG.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Ventrilo Server (HKLM-x32\...\{1D46A3A0-B37D-423A-91C2-101A49E2FF80}) (Version: 3.0.3 - Flagship Industries, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.1 - Nikon)
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
xu4 SVN (HKLM-x32\...\xu4_is1) (Version:  - The XU4 Team)
Zeekey for Windows (HKLM-x32\...\Zeekey for Windows) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 21:34 - 2011-08-19 18:45 - 00000922 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {16E99967-AA6E-4946-A2FB-81EECD9533CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93 => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {17EB398A-CFF9-4069-8898-A54498E5F9DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {34294D28-F9CF-4CD4-BFD1-2959AECA8C65} - System32\Tasks\Lightbulb icon => C:\Program Files (x86)\TrippLite\PowerAlert\console\pastatus.exe [2009-03-26] (TrippLite)
Task: {44F9A845-ED5F-4B85-8B40-B58A2DA9BCA3} - System32\Tasks\At2 => C:\Users\Scott\AppData\Local\Temp\tsdiscona.exe <==== ATTENTION
Task: {45491CB4-6199-462F-89A0-27164AF7CADE} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31] (Google Inc.)
Task: {6E69CCA5-0A48-47B8-89D6-BB85406D908F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {7C336B2D-8E3C-4418-8DDF-4472D26C9AED} - System32\Tasks\RTSS => C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe [2011-12-07] ()
Task: {877DE44A-73AA-42EE-BCBF-1A1FE13AC03C} - System32\Tasks\At1 => C:\Users\Scott\AppData\Local\Temp\tsdiscona.exe <==== ATTENTION
Task: {977D603E-5178-4D66-89D2-9FAD62DE244A} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31] (Google Inc.)
Task: {9ABE64B4-D7CA-4981-A340-CFBD092A3212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2 => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {C037F348-A1E8-49F5-9719-C3DD5F6DF474} - System32\Tasks\{41AECA28-097D-4666-A247-A00E3041C704} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Users\Scott\AppData\Local\Temp\tsdiscona.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Scott\AppData\Local\Temp\tsdiscona.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-27 21:05 - 2012-12-01 00:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-16 15:53 - 2011-08-16 15:53 - 00022016 _____ () C:\Windows\System32\BsTrace.dll
2011-08-16 15:53 - 2011-08-16 15:53 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2011-08-16 15:54 - 2011-08-16 15:54 - 00010240 _____ () C:\Windows\system32\BsHelpCSps.dll
2011-08-16 15:54 - 2011-08-16 15:54 - 00050176 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2011-12-07 16:32 - 2011-12-07 16:32 - 00162920 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
2011-12-02 20:23 - 2011-12-02 20:23 - 00110592 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
2011-08-16 15:53 - 2011-08-16 15:53 - 00022016 _____ () C:\Windows\system32\bstrace.dll
2012-07-10 19:29 - 2012-07-10 19:29 - 00183952 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
2012-04-13 19:23 - 2012-04-13 19:23 - 00005120 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\throttle.dll
2012-07-10 19:42 - 2012-07-10 19:42 - 00141456 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
2012-07-10 19:46 - 2012-07-10 19:46 - 00095376 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsHyperVBackupRestore.dll
2011-12-02 20:22 - 2011-12-02 20:22 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTFC.dll
2011-12-02 20:22 - 2011-12-02 20:22 - 00147456 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTUI.dll
2011-12-02 20:23 - 2011-12-02 20:23 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTMUI.dll
2011-05-01 02:04 - 2011-05-01 02:04 - 00013312 _____ () C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTTSH.dll
2012-07-10 19:44 - 2012-07-10 19:44 - 02471568 _____ () C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
2011-08-16 15:55 - 2011-08-16 15:55 - 00152064 _____ () C:\Windows\system32\BsProfilefunc.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:2683706C
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
AlternateDataStreams: C:\Users\Scott\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Scott\Local Settings:CSKyYdqBDdvj5pYDbkh8D
AlternateDataStreams: C:\Users\Scott\Downloads\Shareaza:Shareaza.GUID
AlternateDataStreams: C:\Users\Scott\AppData\Local:CSKyYdqBDdvj5pYDbkh8D
AlternateDataStreams: C:\Users\Scott\AppData\Local\Application Data:CSKyYdqBDdvj5pYDbkh8D
AlternateDataStreams: C:\Users\Scott\AppData\Local\Temp:EMhRuAazUzpmse8jlfe1NJ0xct0rvp

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-264554239-1153572309-3190330408-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk => C:\Windows\pss\Microsoft Office Groove.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
MSCONFIG\startupreg: conhost => C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe
MSCONFIG\startupreg: Copernic Desktop Search - Home => "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: Google Update => "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nuance PDF Converter Professional 8-reminder => "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: CSR Bluetooth Device
Description: CSR Bluetooth Device
Class Guid: {9b21fd3a-b1ab-4eb9-956f-e56acfe78bce}
Manufacturer: IVT Corporation
Service: Btcsrusb
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 09:55:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (06/02/2014 09:20:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800706b5, The interface is unknown.
.

Error: (06/02/2014 09:20:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]

Error: (06/02/2014 09:20:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800706b5, The interface is unknown.
.

Error: (06/02/2014 09:20:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]

Error: (06/02/2014 09:14:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_RpcEptMapper, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x00000000000508c5
Faulting process id: 0x3b4
Faulting application start time: 0xsvchost.exe_RpcEptMapper0
Faulting application path: svchost.exe_RpcEptMapper1
Faulting module path: svchost.exe_RpcEptMapper2
Report Id: svchost.exe_RpcEptMapper3

Error: (06/02/2014 08:40:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (06/01/2014 08:37:07 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (05/31/2014 02:31:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (05/30/2014 09:55:10 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (06/02/2014 00:31:57 PM) (Source: DCOM) (EventID: 10016) (User: Hippeaux)
Description: machine-defaultLocalActivation{DC22CE61-F0A5-415C-986E-4DF78C2D1029}{6528E69E-B9B8-4ED2-9FE4-4CAAC2303900}HippeauxScottS-1-5-21-264554239-1153572309-3190330408-1001LocalHost (Using LRPC)

Error: (06/02/2014 00:31:57 PM) (Source: DCOM) (EventID: 10016) (User: Hippeaux)
Description: machine-defaultLocalActivation{1CE3EB56-16B9-40A0-8110-284EF53ACF04}{0199DA33-8515-47CD-B9FE-0D748BEFD785}HippeauxScottS-1-5-21-264554239-1153572309-3190330408-1001LocalHost (Using LRPC)

Error: (06/02/2014 09:28:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/02/2014 09:28:59 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/02/2014 09:28:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (06/02/2014 09:28:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (06/02/2014 09:27:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/02/2014 09:27:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/02/2014 09:24:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/02/2014 09:24:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-28 18:51:54.295
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-28 18:51:54.201
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-24 10:57:20.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:57:20.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:57:19.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:57:18.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:54:56.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:54:55.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:54:54.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-24 10:54:53.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Holly Recovered\WINDOWS2\system32\MRT.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8189.49 MB
Available physical RAM: 5240.84 MB
Total Pagefile: 16377.17 MB
Available Pagefile: 14272.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:181.08 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:295.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2C54ACE2)
 Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D7A4D7A4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: 605A61E0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

==========================================================

 

==========================================================

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:41 on 02/06/2014 by Scott
Administrator - Elevation successful

========== filefind ==========

Searching for "rpcss.dll"
C:\Windows\System32\rpcss.dll    --a---- 520192 bytes    [18:41 24/08/2011]    [13:27 20/11/2010] 3B48132A26B44667B491D30B95832AF2
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll    --a---- 512000 bytes    [18:41 24/08/2011]    [13:27 20/11/2010] 5C627D1B1138676C0A7AB2C2C190D123

-= EOF =-

 

=============================================

 

=============================================

 

ComboFix 14-05-29.01 - Scott 06/02/2014  12:52:44.3.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.8189.4040 [GMT -5:00]
Running from: c:\users\Scott\Desktop\Cleaning\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-02 to 2014-06-02  )))))))))))))))))))))))))))))))
.
.
2014-06-02 18:53 . 2014-06-02 18:53    69000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDAA19F1-AAD1-4B5F-A2D4-296A06F19586}\offreg.dll
2014-06-02 18:05 . 2014-06-02 18:05    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-06-02 18:05 . 2014-06-02 18:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-02 17:35 . 2014-06-02 17:37    --------    d-----w-    C:\FRST
2014-05-28 23:09 . 2014-05-28 23:09    --------    d-----w-    c:\windows\ERUNT
2014-05-28 22:51 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-28 20:49 . 2014-05-28 20:49    --------    d---a-w-    c:\windows\system32\catroot2.old
2014-05-28 20:27 . 2014-05-28 20:27    --------    d-----w-    c:\windows\CheckSur
2014-05-28 16:26 . 2014-05-28 16:41    --------    d-----w-    c:\users\Scott\AppData\Roaming\Seagate
2014-05-19 17:22 . 2014-05-19 17:22    --------    d-----w-    c:\program files (x86)\Common Files\Macrovision Shared
2014-05-19 00:12 . 2014-06-02 18:56    --------    d-----w-    c:\users\Scott\AppData\Roaming\DropboxMaster
2014-05-18 18:15 . 2014-05-19 16:02    --------    d-----w-    c:\users\Scott\AppData\Roaming\TS3Client
2014-05-18 18:15 . 2014-05-18 18:15    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2014-05-14 18:38 . 2014-05-14 18:38    17938608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 18:38 . 2012-07-16 22:37    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:38 . 2012-07-16 22:37    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-04 22:12 . 2010-11-16 20:37    93223848    ----a-w-    c:\windows\system32\MRT.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-20 . 3B48132A26B44667B491D30B95832AF2 . 520192 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NovaBACKUP Tray Control.lnk - c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe [2012-7-10 313488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys;c:\windows\SYSNATIVE\drivers\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 Disaster Recovery Imaging;Disaster Recovery Imaging;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 18:38]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 18:26]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 18:26]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 21:25]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 21:25]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 21:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 6326448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:53172
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to an existing PDF file - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to an existing PDF file - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Open with PDF Professional 8 - c:\program files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-NCsoft - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\switch.exe
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\videopad.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2014-06-02  14:12:40 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-02 19:12
.
Pre-Run: 194,810,281,984 bytes free
Post-Run: 194,974,621,696 bytes free
.
- - End Of File - - 54230984473D84D37A35D2976E327AF4
A36C5E4F47E84449FF07ED3517B43A31


 


  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Hi Hippeaux, :)

Tell me how your PC is after the fix.
  • Step #3 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #4 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Java 6 Update 26
 
  • Step #5 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      HKLM-x32\...\Run: [] => [X]
      ProxyServer: http=127.0.0.1:53172
      2014-06-02 12:12 - 2014-05-23 16:24 - 00000084 _____ () C:\Windows\system32\jvmw.kqe
      2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
      2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
      2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
      AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
      AlternateDataStreams: C:\ProgramData\TEMP:2683706C
      AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
      AlternateDataStreams: C:\Users\Scott\AppData\Local\Temp:EMhRuAazUzpmse8jlfe1NJ0xct0rvp
      HKU\S-1-5-21-264554239-1153572309-3190330408-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
      Replace: c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll c:\windows\system32\rpcss.dll
      Reboot:
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#7
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Should all boxes in the FRST scanner be checked, as they were the first time we ran it?


  • 0

#8
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Scott (administrator) on HIPPEAUX on 02-06-2014 16:17:31
Running from C:\Users\Scott\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
() C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET)
HKLM-x32\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
ShortcutTarget: NovaBACKUP Tray Control.lnk -> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:53172
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02AF96865B96CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9E1C648E-5DCB-4741-9939-9A45FAF7BB97} URL = http://duckduckgo.com/?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://att.my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npexview.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\searchplugins\duckduckgo.xml
FF Extension: United States English Spellchecker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-03-23]
FF Extension: Pocket - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-06-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-22]
FF Extension: EmailTheWeb.com - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c} [2010-11-22]
FF Extension: DownloadHelper - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-26]
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Firefox 3 theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: History Submenus Ⅱ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-10]
FF Extension: Lazarus: Form Recovery - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Modern Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-08-02]
FF Extension: Classic Compact Options - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2012-03-06]
FF Extension: Silvermel - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Silvermel and Charamel XT - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Strata Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Winstripe Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: All-in-One Sidebar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-12-11]
FF Extension: Flagfox - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-07]
FF Extension: Session Manager - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-05-31]
FF Extension: Simple Green - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{13b4437e-b706-11dc-8314-0800200c9a66}.xpi [2011-12-11]
FF Extension: Grab and Drag - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi [2012-04-25]
FF Extension: NoScript - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-11]
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-14]
FF Extension: Back/forward dropmarker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d618933b-9eb4-1c04-949d-0f9b1a39ebb9}.xpi [2011-12-11]
FF Extension: FOXSCAPE - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2011-12-11]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2011-12-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-04-21]
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2012-09-25]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-08-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]

Chrome:
=======
CHR HomePage: hxxp://att.my.yahoo.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Contribute CS5.1 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-15]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-15]
CHR Extension: (Speed Dial) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-05-28]
CHR Extension: (Closed tabs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah [2012-11-27]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-11-15]
CHR Extension: (Recent History (Toolbar Icon)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\milbdjfbgdilllphgdmlahonjodlfokh [2012-11-27]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2012-11-27]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Slinky Brushed) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2012-07-16]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

==================== Services (Whitelisted) =================

S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [256512 2012-07-10] (NovaStor Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1005568 2011-08-16] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [4743680 2012-04-11] (NovaStor Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [460432 2012-07-10] (NovaStor Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
R3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25352 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
S3 busenum; system32\DRIVERS\SteelBus64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blueletaudio.sys 8BC053CD1F5F11F79C80BE85BC289258
C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys 8BC053CD1F5F11F79C80BE85BC289258
C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 46134C260E6B019AA24506B8AB4D42D3
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btnetdrv.sys 8CAD77D0FD83819237BAC6F365531D15
C:\Windows\System32\DRIVERS\btcomport.sys 4A1F1B30DF3BC9DFFA26BD9DA07F3999
C:\Windows\System32\Drivers\btcombus.sys 57E636DA6934FDAF45E91D47E8B6BF3F
C:\Windows\System32\Drivers\btcusb.sys 8AAAA24B6F8357E2AFF9222C058EE226
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\Drivers\BtHidBus.sys 0E7FEF42F9E86A41ACFC41EAEBDA65F4
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\Drivers\btnetBus.sys C0D50877BB7EC88A953A2A56CEF170FA
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\eamonm.sys 78A3903702B7535154F56685CA1517D4
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 4BBB5A55EEB5EC11B20FCBB4CBB49357
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IvtBtBus.sys C7B6BE6BF2B5766648E232077E86B6A0
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvpopf64.sys B2085E335F2B57077B0CBADB6F1245CD
C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
C:\Windows\System32\DRIVERS\lvrs64.sys 986C1CB787A007BAA5F74E7D316D7246
C:\Windows\System32\DRIVERS\lvuvc64.sys 5747BC465ABEA2858C5D037252AED84E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FE2909F7DFB12B9A20AD207FE23B7E96
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\System32\DRIVERS\s0017bus.sys 032F537623A7B2FB81AAA184C30B70C3
C:\Windows\System32\DRIVERS\s0017mdfl.sys 9964A28E569B4FF105B446EF8978FD5C
C:\Windows\System32\DRIVERS\s0017mdm.sys 06347087D274C23DCFA8C4AB5C4314DB
C:\Windows\System32\DRIVERS\s0017mgmt.sys F0F0747B3FA50272DE6B1BF575FA4700
C:\Windows\System32\DRIVERS\s0017nd5.sys 7224412CEA2FF2DF7D4842C1B0E71045
C:\Windows\System32\DRIVERS\s0017obex.sys 3FEADBC7F09B8B596CBFB82F12ABA87F
C:\Windows\System32\DRIVERS\s0017unic.sys 2B63BEA31D939888B2A8F3F14D89B5C1
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SAlpham64.sys 86873AA9867CA9D78850EE9DC1C6AE5B
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys B2F50286DC82B93C013E3FC57BA1A956
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\VHIDMini.sys B0B7AB1BBCD262864264A695BD02A480
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\system32\drivers\vpcuxd.sys 63F4E10873BEB4124028C6D1A66B0968
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 16:17 - 2014-06-02 16:18 - 00044473 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-06-02 15:31 - 2014-06-02 15:31 - 00000944 _____ () C:\Users\Scott\Desktop\fixlist.txt
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 14:12 - 2014-06-02 14:12 - 00023174 _____ () C:\ComboFix.txt
2014-06-02 12:35 - 2014-06-02 16:17 - 00000000 ____D () C:\FRST
2014-06-02 12:34 - 2014-06-02 12:34 - 02068992 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
2014-05-29 18:09 - 2014-05-29 18:14 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 18:27 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-28 18:27 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-28 18:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-28 18:23 - 2014-06-02 14:13 - 00000000 ____D () C:\Qoobox
2014-05-28 18:22 - 2014-06-02 14:08 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 17:49 - 2014-06-02 15:29 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 11:26 - 2014-05-28 11:41 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:19 - 2014-05-28 19:51 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:50 - 2014-05-24 21:51 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-23 16:24 - 2014-06-02 16:14 - 00000080 _____ () C:\Windows\system32\jvmw.kqe
2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-18 19:12 - 2014-06-02 14:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-05-18 13:15 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-09 08:19 - 2014-06-02 15:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9

==================== One Month Modified Files and Folders =======

2014-06-02 16:18 - 2014-06-02 16:17 - 00044473 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-06-02 16:18 - 2014-03-30 14:18 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job
2014-06-02 16:17 - 2014-06-02 12:35 - 00000000 ____D () C:\FRST
2014-06-02 16:17 - 2010-11-16 14:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Temp
2014-06-02 16:14 - 2014-05-23 16:24 - 00000080 _____ () C:\Windows\system32\jvmw.kqe
2014-06-02 15:51 - 2013-05-13 08:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job
2014-06-02 15:38 - 2013-02-05 11:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 15:37 - 2011-05-14 08:54 - 00000000 ___RD () C:\Users\Scott\Dropbox
2014-06-02 15:31 - 2014-06-02 15:31 - 00000944 _____ () C:\Users\Scott\Desktop\fixlist.txt
2014-06-02 15:29 - 2014-05-28 17:49 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-06-02 15:24 - 2014-05-09 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-06-02 15:15 - 2010-11-16 14:31 - 01657107 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 15:06 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 15:06 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 14:59 - 2014-05-18 19:12 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-06-02 14:59 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Dropbox
2014-06-02 14:58 - 2014-03-30 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job
2014-06-02 14:58 - 2011-08-16 15:06 - 00001169 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-02 14:58 - 2010-11-16 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-02 14:58 - 2010-11-16 16:08 - 00267590 _____ () C:\Windows\PFRO.log
2014-06-02 14:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 14:58 - 2009-07-13 23:51 - 00108026 _____ () C:\Windows\setupact.log
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 14:13 - 2014-05-28 18:23 - 00000000 ____D () C:\Qoobox
2014-06-02 14:12 - 2014-06-02 14:12 - 00023174 _____ () C:\ComboFix.txt
2014-06-02 14:08 - 2014-05-28 18:22 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 13:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-02 12:34 - 2014-06-02 12:34 - 02068992 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
2014-06-02 08:18 - 2014-03-30 14:18 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job
2014-06-01 21:10 - 2010-11-23 18:24 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\uTorrent
2014-06-01 21:09 - 2010-11-23 18:31 - 00000000 ____D () C:\Users\Scott\Downloads\uTorrent
2014-06-01 20:56 - 2013-12-26 19:17 - 00000000 ____D () C:\Users\Scott\Downloads\Subtitles
2014-06-01 18:08 - 2010-11-23 13:46 - 00000000 ___RD () C:\Users\Scott\Downloads\Shareaza
2014-06-01 16:12 - 2010-11-24 18:37 - 00000000 ____D () C:\Users\Scott\Documents\Books
2014-06-01 15:01 - 2012-08-05 17:38 - 00003392 ____H () C:\ProgramData\nsActivation.act
2014-05-30 17:37 - 2011-04-09 22:15 - 00000000 ____D () C:\Users\Scott\Calibre Library
2014-05-29 18:14 - 2014-05-29 18:09 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-29 12:56 - 2013-03-10 18:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-29 12:56 - 2013-03-10 18:04 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-05-29 12:55 - 2011-12-15 18:26 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-05-29 12:55 - 2011-01-28 12:00 - 00000000 _____ () C:\conmgr.log
2014-05-29 12:55 - 2010-11-19 23:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 21:19 - 2012-09-30 22:40 - 514093051 _____ () C:\Windows\MEMORY.DMP
2014-05-28 21:19 - 2011-04-21 08:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 19:51 - 2014-05-28 11:19 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:55 - 2014-02-15 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:59 - 2010-12-14 09:55 - 00000000 ____D () C:\Temp
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 13:18 - 2013-11-11 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-28 13:14 - 2009-07-14 00:13 - 00794966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 11:41 - 2014-05-28 11:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:14 - 2009-07-14 00:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 09:11 - 2011-02-17 19:03 - 00000000 ____D () C:\Windows\pss
2014-05-28 09:11 - 2010-11-16 14:30 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 08:37 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 17:24 - 2014-02-14 18:41 - 00341504 ___SH () C:\Users\Scott\Desktop\Thumbs.db
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:51 - 2014-05-24 21:50 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-23 19:08 - 2010-11-22 17:51 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-05-23 19:07 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
2014-05-23 15:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-22 17:03 - 2009-07-13 23:45 - 05052504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 16:50 - 2011-02-06 18:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-20 15:29 - 2010-12-13 17:12 - 00000000 ____D () C:\Genealogy
2014-05-19 16:24 - 2010-11-16 18:13 - 00137848 _____ () C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-19 12:15 - 2010-11-17 19:02 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-05-19 11:02 - 2014-05-18 13:15 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-19 09:36 - 2011-09-24 16:20 - 00002595 _____ () C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-18 09:10 - 2012-07-17 16:56 - 00000132 _____ () C:\Users\Scott\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-14 14:38 - 2013-02-05 11:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:11 - 2010-12-03 12:14 - 00006600 _____ () C:\Users\Scott\Desktop\notes.txt
2014-05-13 08:11 - 2012-06-26 09:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9
2014-05-09 08:19 - 2014-03-30 14:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27
2014-05-06 19:14 - 2013-12-31 22:19 - 00000033 _____ () C:\Users\Scott\Documents\movie release list.txt
2014-05-06 18:50 - 2011-11-05 10:45 - 00000000 ____D () C:\Users\Scott\Desktop\videos for the dad
2014-05-06 08:13 - 2014-03-30 14:18 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2
2014-05-06 08:13 - 2014-03-30 14:18 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a
2014-05-04 17:12 - 2010-11-16 15:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Scott\install_flash_player.exe


Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppqe7hj.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-08-24 13:41] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) 3B48132A26B44667B491D30B95832AF2

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {acf023f4-f1c7-11df-b588-863c29615dbe}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {acf023f5-f1c7-11df-b588-863c29615dbe}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {acf023f3-f1c7-11df-b588-863c29615dbe}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {acf023f5-f1c7-11df-b588-863c29615dbe}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Enterprise (recovered)
locale                  en-US
recoverysequence        {acf023f5-f1c7-11df-b588-863c29615dbe}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}

Windows Boot Loader
-------------------
identifier              {acf023f8-f1c7-11df-b588-863c29615dbe}
device                  ramdisk=[C:]\Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\Winre.wim,{acf023f9-f1c7-11df-b588-863c29615dbe}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                  
osdevice                ramdisk=[C:]\Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\Winre.wim,{acf023f9-f1c7-11df-b588-863c29615dbe}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {acf023f3-f1c7-11df-b588-863c29615dbe}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {bbf6df7d-4e1a-11e1-9b86-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Enterprise (recovered)
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {acf023f6-f1c7-11df-b588-863c29615dbe}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\boot.sdi

Device options
--------------
identifier              {acf023f9-f1c7-11df-b588-863c29615dbe}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\acf023f5-f1c7-11df-b588-863c29615dbe\boot.sdi



LastRegBack: 2014-05-29 08:22

==================== End Of Log ============================


  • 0

#9
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

At about 8PM Central time, the computer again exhibited the audio noises.  As before, it appears to be some sort of broadcast, but it's too garbled and uncontrollably (intermittently) loud.


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Referring to Step 5 here, you need to create the Fixlist.txt file. After than re-run FRST and click the Fix button not the Scan button. You are listening the audio sounds because the infected file is still in your system.
  • 0

#11
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Pardon me whilst I bang my head!  And I used to pride myself on following directions. :P  I'll let you know later if it truly seems to be cleared up.  Thank You for your help!

================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Scott at 2014-06-03 09:42:54 Run:1
Running from C:\Users\Scott\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
ProxyServer: http=127.0.0.1:53172
2014-06-02 12:12 - 2014-05-23 16:24 - 00000084 _____ () C:\Windows\system32\jvmw.kqe
2014-05-23 16:13 - 2014-05-23 16:13 - 00000064 _____ () C:\Windows\system32\gajd.edv
2014-05-23 16:13 - 2014-05-23 16:13 - 00000000 _____ () C:\Windows\system32\uhkgabk.sff
2014-05-23 15:57 - 2014-05-23 15:57 - 00310760 ____S () C:\Windows\system32\hbhsp.xzh
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:2683706C
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
AlternateDataStreams: C:\Users\Scott\AppData\Local\Temp:EMhRuAazUzpmse8jlfe1NJ0xct0rvp
HKU\S-1-5-21-264554239-1153572309-3190330408-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
Replace: c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll c:\windows\system32\rpcss.dll
Reboot:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Windows\system32\jvmw.kqe => Moved successfully.
C:\Windows\system32\gajd.edv => Moved successfully.
Could not move "C:\Windows\system32\uhkgabk.sff" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\hbhsp.xzh" => Scheduled to move on reboot.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
C:\ProgramData\TEMP => ":2683706C" ADS removed successfully.
C:\ProgramData\TEMP => ":AEC0AC81" ADS removed successfully.
C:\Users\Scott\AppData\Local\Temp => ":EMhRuAazUzpmse8jlfe1NJ0xct0rvp" ADS removed successfully.
HKU\S-1-5-21-264554239-1153572309-3190330408-1001\Software\Classes\ => Unable to delete key
HKU\S-1-5-21-264554239-1153572309-3190330408-1001\Software\Classes\.exe => Key not found.
c:\windows\system32\rpcss.dll => Moved successfully.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to c:\windows\system32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-03 09:46:26)<=

C:\Windows\system32\uhkgabk.sff => Is moved successfully.
C:\Windows\system32\hbhsp.xzh => Is moved successfully.

==== End of Fixlog ====


  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
How is your system running? Please re-run FRST.exe and click on Scan button. No need to check any boxes. After the scan, please, post the scan log.
  • 0

#13
Hippeaux

Hippeaux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

The system seems to be running well, now.  I've not heard any phantom sounds and Windows Update has resumed working again.  I would say you've done a bang-up job.

 

Many thanks, Valinorum!

======================

 

======================

 

=====================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Scott (administrator) on HIPPEAUX on 04-06-2014 14:56:55
Running from C:\Users\Scott\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
ShortcutTarget: NovaBACKUP Tray Control.lnk -> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02AF96865B96CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9E1C648E-5DCB-4741-9939-9A45FAF7BB97} URL = http://duckduckgo.com/?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux
FF Homepage: hxxp://att.my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npexview.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\searchplugins\duckduckgo.xml
FF Extension: United States English Spellchecker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-03-23]
FF Extension: Pocket - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-06-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-22]
FF Extension: EmailTheWeb.com - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c} [2010-11-22]
FF Extension: DownloadHelper - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-26]
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Firefox 3 theme for Firefox 4+ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: History Submenus Ⅱ - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-10]
FF Extension: Lazarus: Form Recovery - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Modern Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2013-08-02]
FF Extension: Classic Compact Options - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2012-03-06]
FF Extension: Silvermel - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Silvermel and Charamel XT - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Strata Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: Winstripe Toolbar Icons - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\[email protected] [2011-12-11]
FF Extension: All-in-One Sidebar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-12-11]
FF Extension: Flagfox - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-07]
FF Extension: Session Manager - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-05-31]
FF Extension: Simple Green - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{13b4437e-b706-11dc-8314-0800200c9a66}.xpi [2011-12-11]
FF Extension: Grab and Drag - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi [2012-04-25]
FF Extension: NoScript - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-11]
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-14]
FF Extension: Back/forward dropmarker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{d618933b-9eb4-1c04-949d-0f9b1a39ebb9}.xpi [2011-12-11]
FF Extension: FOXSCAPE - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2011-12-11]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\990y0zbd.hippeaux\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2011-12-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-04-21]
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2012-09-25]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-08-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-14]

Chrome:
=======
CHR HomePage: hxxp://att.my.yahoo.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Contribute CS5.1 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-15]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-15]
CHR Extension: (Speed Dial) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-05-28]
CHR Extension: (Closed tabs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah [2012-11-27]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-11-15]
CHR Extension: (Recent History (Toolbar Icon)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\milbdjfbgdilllphgdmlahonjodlfokh [2012-11-27]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2012-11-27]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Slinky Brushed) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2012-07-16]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

==================== Services (Whitelisted) =================

S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [256512 2012-07-10] (NovaStor Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1005568 2011-08-16] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [4743680 2012-04-11] (NovaStor Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [460432 2012-07-10] (NovaStor Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
R3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25352 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [18952 2011-07-27] (IVT Corporation.)
S3 busenum; system32\DRIVERS\SteelBus64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:56 - 2014-06-04 14:56 - 00026764 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-06-04 10:00 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 10:00 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-04 10:00 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-04 10:00 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-04 10:00 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 10:00 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-04 09:59 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-04 09:59 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-04 09:58 - 2014-03-13 01:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-04 09:58 - 2014-03-13 01:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-04 09:58 - 2014-03-13 01:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-04 09:58 - 2014-03-13 01:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-04 09:58 - 2014-03-13 01:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-04 09:58 - 2014-03-13 01:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-04 09:58 - 2014-03-13 01:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-04 09:58 - 2014-03-13 01:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-04 09:58 - 2014-03-13 01:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-04 09:58 - 2014-03-13 00:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-04 09:58 - 2014-03-13 00:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-04 09:58 - 2014-03-13 00:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-04 09:58 - 2014-03-12 22:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-04 09:58 - 2014-03-12 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-04 09:57 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-04 09:57 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-04 09:57 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-04 09:57 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-04 09:57 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-04 09:57 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-04 09:57 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-04 09:57 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-04 09:57 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-04 09:57 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-04 09:57 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-04 09:57 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-04 09:57 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-04 09:57 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-04 09:57 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-04 09:57 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-04 09:57 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-04 09:57 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-04 09:57 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-04 09:57 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-04 09:57 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-04 09:57 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-04 09:57 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-04 09:57 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 14:12 - 2014-06-02 14:12 - 00023174 _____ () C:\ComboFix.txt
2014-06-02 12:35 - 2014-06-04 14:56 - 00000000 ____D () C:\FRST
2014-06-02 12:34 - 2014-06-02 12:34 - 02068992 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
2014-05-29 18:09 - 2014-05-29 18:14 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 18:27 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-28 18:27 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-28 18:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-28 18:27 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-28 18:23 - 2014-06-02 14:13 - 00000000 ____D () C:\Qoobox
2014-05-28 18:22 - 2014-06-02 14:08 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 17:49 - 2014-06-04 14:46 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 11:26 - 2014-05-28 11:41 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:19 - 2014-06-04 10:07 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:50 - 2014-05-24 21:51 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-18 19:12 - 2014-06-04 10:07 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-05-18 13:15 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-09 08:19 - 2014-06-04 14:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9

==================== One Month Modified Files and Folders =======

2014-06-04 14:57 - 2014-06-04 14:56 - 00026764 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-06-04 14:57 - 2010-11-16 14:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Temp
2014-06-04 14:56 - 2014-06-02 12:35 - 00000000 ____D () C:\FRST
2014-06-04 14:51 - 2013-05-13 08:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1ce4fdd6bac1e93.job
2014-06-04 14:46 - 2014-05-28 17:49 - 00000000 ____D () C:\Users\Scott\Desktop\Cleaning
2014-06-04 14:38 - 2013-02-05 11:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 14:24 - 2014-05-09 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9.job
2014-06-04 14:18 - 2014-03-30 14:18 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2.job
2014-06-04 12:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-04 10:57 - 2010-11-16 14:31 - 01889818 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 10:12 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 10:12 - 2009-07-13 23:45 - 00017312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 10:07 - 2014-05-28 11:19 - 00003034 _____ () C:\Windows\System32\Tasks\RTSS
2014-06-04 10:07 - 2014-05-18 19:12 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\DropboxMaster
2014-06-04 10:07 - 2011-05-14 08:54 - 00000000 ___RD () C:\Users\Scott\Dropbox
2014-06-04 10:07 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Dropbox
2014-06-04 10:06 - 2014-03-30 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27.job
2014-06-04 10:06 - 2011-01-28 13:11 - 00000000 ___RD () C:\Users\Scott\Virtual Machines
2014-06-04 10:06 - 2010-11-16 14:30 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 10:06 - 2010-11-16 14:30 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 10:03 - 2011-08-16 15:06 - 00001169 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-04 10:03 - 2010-11-16 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 10:03 - 2010-11-16 16:08 - 00268170 _____ () C:\Windows\PFRO.log
2014-06-04 10:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 10:03 - 2009-07-13 23:51 - 00108138 _____ () C:\Windows\setupact.log
2014-06-04 10:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-04 10:01 - 2011-02-06 18:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 08:18 - 2014-03-30 14:18 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a.job
2014-06-03 18:58 - 2014-01-29 19:34 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\MiniLyrics
2014-06-03 17:43 - 2010-11-23 18:31 - 00000000 ____D () C:\Users\Scott\Downloads\uTorrent
2014-06-02 21:56 - 2011-04-09 22:15 - 00000000 ____D () C:\Users\Scott\Calibre Library
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 14:13 - 2014-06-02 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 14:13 - 2014-05-28 18:23 - 00000000 ____D () C:\Qoobox
2014-06-02 14:12 - 2014-06-02 14:12 - 00023174 _____ () C:\ComboFix.txt
2014-06-02 14:08 - 2014-05-28 18:22 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 13:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-02 12:34 - 2014-06-02 12:34 - 02068992 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
2014-06-01 21:10 - 2010-11-23 18:24 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\uTorrent
2014-06-01 20:56 - 2013-12-26 19:17 - 00000000 ____D () C:\Users\Scott\Downloads\Subtitles
2014-06-01 18:08 - 2010-11-23 13:46 - 00000000 ___RD () C:\Users\Scott\Downloads\Shareaza
2014-06-01 16:12 - 2010-11-24 18:37 - 00000000 ____D () C:\Users\Scott\Documents\Books
2014-06-01 15:01 - 2012-08-05 17:38 - 00003392 ____H () C:\ProgramData\nsActivation.act
2014-05-29 18:14 - 2014-05-29 18:09 - 00000000 ____D () C:\Users\Scott\Desktop\New folder (2)
2014-05-29 12:56 - 2013-03-10 18:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-29 12:56 - 2013-03-10 18:04 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-05-29 12:55 - 2011-12-15 18:26 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-05-29 12:55 - 2011-01-28 12:00 - 00000000 _____ () C:\conmgr.log
2014-05-29 12:55 - 2010-11-19 23:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 21:19 - 2014-05-28 21:19 - 00286752 _____ () C:\Windows\Minidump\052814-32167-01.dmp
2014-05-28 21:19 - 2012-09-30 22:40 - 514093051 _____ () C:\Windows\MEMORY.DMP
2014-05-28 21:19 - 2011-04-21 08:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 18:09 - 2014-05-28 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 17:55 - 2014-02-15 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:59 - 2010-12-14 09:55 - 00000000 ____D () C:\Temp
2014-05-28 15:49 - 2014-05-28 15:49 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-05-28 15:27 - 2014-05-28 15:27 - 00000000 ____D () C:\Windows\CheckSur
2014-05-28 13:18 - 2013-11-11 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-28 13:14 - 2009-07-14 00:13 - 00794966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 11:41 - 2014-05-28 11:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Seagate
2014-05-28 11:23 - 2014-05-28 11:23 - 00000000 ____D () C:\ProgramData\Acronis
2014-05-28 11:14 - 2009-07-14 00:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 09:11 - 2011-02-17 19:03 - 00000000 ____D () C:\Windows\pss
2014-05-28 08:37 - 2011-05-14 08:51 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 17:24 - 2014-02-14 18:41 - 00341504 ___SH () C:\Users\Scott\Desktop\Thumbs.db
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (with NPC pieces).bat - Shortcut.lnk
2014-05-25 14:40 - 2014-05-25 14:40 - 00001848 _____ () C:\Users\Scott\Desktop\Launch Icon (Costume Creator).bat - Shortcut.lnk
2014-05-24 21:51 - 2014-05-24 21:50 - 00285504 _____ () C:\Windows\Minidump\052414-25084-01.dmp
2014-05-24 18:14 - 2014-05-24 18:14 - 00284928 _____ () C:\Windows\Minidump\052414-19609-01.dmp
2014-05-23 19:08 - 2010-11-22 17:51 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-05-23 19:07 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 15:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-22 17:03 - 2009-07-13 23:45 - 05052504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-20 15:29 - 2010-12-13 17:12 - 00000000 ____D () C:\Genealogy
2014-05-19 16:24 - 2010-11-16 18:13 - 00137848 _____ () C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 12:21 - 2014-05-19 12:21 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
2014-05-19 12:21 - 2014-05-19 12:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-19 12:20 - 2010-11-17 19:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-19 12:18 - 2014-05-19 12:18 - 00000742 _____ () C:\Windows\KB893803v2.log
2014-05-19 12:15 - 2010-11-17 19:02 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-05-19 11:02 - 2014-05-18 13:15 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
2014-05-19 09:36 - 2011-09-24 16:20 - 00002595 _____ () C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
2014-05-18 13:15 - 2014-05-18 13:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-18 13:15 - 2014-05-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-18 09:10 - 2012-07-17 16:56 - 00000132 _____ () C:\Users\Scott\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-14 14:38 - 2013-02-05 11:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 13:38 - 2014-05-14 13:38 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 13:38 - 2012-07-16 17:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:11 - 2010-12-03 12:14 - 00006600 _____ () C:\Users\Scott\Desktop\notes.txt
2014-05-13 08:11 - 2012-06-26 09:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 08:19 - 2014-05-09 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6b89592f8da9
2014-05-09 08:19 - 2014-03-30 14:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4c50f5ef2f27
2014-05-06 19:14 - 2013-12-31 22:19 - 00000033 _____ () C:\Users\Scott\Documents\movie release list.txt
2014-05-06 18:50 - 2011-11-05 10:45 - 00000000 ____D () C:\Users\Scott\Desktop\videos for the dad
2014-05-06 08:13 - 2014-03-30 14:18 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001UA1cf4c4cdb2d5fe2
2014-05-06 08:13 - 2014-03-30 14:18 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-264554239-1153572309-3190330408-1001Core1cf4c4cda11646a
2014-05-06 00:14 - 2014-06-04 10:00 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-06-04 10:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:48 - 2014-06-04 10:00 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:48 - 2014-06-04 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:37 - 2014-06-04 10:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:26 - 2014-06-04 10:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Scott\install_flash_player.exe


Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqohszq.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 08:22

==================== End Of Log ============================


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Hi Hippeaux, :)
  • Step #6 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #7 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,912 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP