TechSpot

Those !@#$%^ Random Audio Ads On My Computer

Inactive-A
By AvengeMypeecee
Mar 27, 2014
  1. Where to begin?
    My computer began randomly playing simultaneous audio streams of random ads through the speakers. It is not consistent; it is not even decipherable. Initially, we ran Norton, then MBAM, Ad-Aware, then Comcast's security suite. Finally, the computer was taken to a previous system restore point.

    All to no avail, obviously.

    Then I did my research and used Kaspersky's TDSS rootkit and rkill. Neither of them found a thing: nada! Through trial and error, all I know is that this bug does not activate in Safe Mode and will not sound off without access to the internet.

    Does any one have any insight at all?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.03.19.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer
    QUALITYREVIEWS [administrator]
    3/23/2014 8:14:25 PM
    mbam-log-2014-03-23 (20-14-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 251660
    Time elapsed: 9 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  4. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/27/2011 10:07:03 PM
    System Uptime: 3/24/2014 5:35:02 PM (75 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AAE
    Processor: AMD Athlon(tm) II X2 260u Processor | CPU 1 | 1800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 230.631 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.753 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: 802.11n Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\00002532D89D651C00
    Manufacturer: Ralink Technology, Corp.
    Name: 802.11n Wireless LAN Card #2
    PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\00002532D89D651C00
    Service: netr28x
    .
    ==== System Restore Points ===================
    .
    RP349: 3/12/2014 12:00:02 AM - Scheduled Checkpoint
    RP350: 3/13/2014 3:00:29 AM - Windows Update
    RP351: 3/18/2014 7:28:48 AM - Removed ooVoo
    RP352: 3/19/2014 3:00:11 AM - Windows Update
    RP353: 3/23/2014 11:05:59 AM - Removed ooVoo
    RP354: 3/23/2014 1:04:58 PM - Removed OpenVPN Connect
    RP355: 3/23/2014 1:26:25 PM - AA11
    RP356: 3/23/2014 1:33:48 PM - AA11
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Ad-Aware Antivirus
    AdAwareInstaller
    AdAwareUpdater
    Adobe AIR
    Adobe Connect 9 Add-in
    Adobe Digital Editions
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.06)
    Adobe Shockwave Player 12.0
    Agatha Christie - Peril at End House
    Akamai NetSession Interface
    AntiLogger SDK version 1.6.6.296
    AntimalwareEngine
    Apple Application Support
    Apple Software Update
    ATI Catalyst Install Manager
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    BitTorrent
    BlackBerry Desktop Software 6.0.1
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Constant Guard Protection Suite
    Coupon Printer for Windows
    CyberLink DVD Suite Deluxe
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    EA Download Manager
    Escape Rosecliff Island
    Facebook Video Calling 2.0.0.447
    Farm Frenzy
    FATE
    Final Drive Nitro
    Finale PrintMusic 2008
    Finale SongWriter 2012
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.2.3
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Deskjet 3050 J610 series Basic Device Software
    HP Deskjet 3050 J610 series Help
    HP Deskjet 3050 J610 series Product Improvement Study
    HP Game Console
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP My Display
    HP Odometer
    HP Photo Creations
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Hulu Desktop
    InstallVC90Support
    Internet TV for Windows Media Center
    Java 7 Update 45
    Java Auto Updater
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    Learning Essentials for Microsoft Office
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Math
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Student 2007 for Learning Essentials
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    MiniTool Partition Wizard Home Edition 7.8
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    Norton Security Suite
    NVIDIA PhysX
    OpenAL
    OverDrive Media Console
    PDF Architect
    PDFCreator
    Penguins!
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    Rosetta Stone Ltd Services
    Rosetta Stone Version 3
    RoxioNow Player
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    SDK
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
    Sibelius 6
    Sibelius Scorch (all browsers)
    Sibelius Sounds Essentials for Sibelius 6
    Skype Click to Call
    Skype™ 6.11
    swMSM
    The Sims™ 3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.00 (32-bit)
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/24/2014 5:34:14 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    3/23/2014 9:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/23/2014 9:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/23/2014 12:13:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:39:15 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/23/2014 11:37:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/23/2014 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/23/2014 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/23/2014 11:37:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/23/2014 11:37:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/23/2014 11:37:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  5. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2
    Run by Lynda Nicole at 20:02:46 on 2014-03-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1537 [GMT -5:00]
    .
    AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\PDF Architect\HelperService.exe
    C:\Program Files (x86)\PDF Architect\ConversionService.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
    C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\svchost.exe
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
    uRun: [L09AXLRD_28746959] "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
    uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [Facebook Update] "C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Google Update] "C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Akamai NetSession Interface] "C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe"
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    StartupFolder: C:\Users\LYNDAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: liveops.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5499B21D-C7C8-427E-A81E-78726D7033DB} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B}\2456C6B696E6F574F575962756C6563737F5 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B}\C696E6B6379737 : DHCPNameServer = 68.87.68.166 68.87.74.166
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
    x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 143.61.195.18 d2000-okc
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-26 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-26 1147480]
    R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-11-14 49240]
    R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
    R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-26 162392]
    R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140326.001\IDSviA64.sys [2014-3-26 525016]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-26 264280]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-26 590936]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-7 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-7 203264]
    R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-12-7 17992]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-26 137648]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-27 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-7 349800]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-7 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
    S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-12-7 1002848]
    S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-6-18 19032]
    S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-6-18 9584]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-10-6 30720]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-30 59392]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2014-03-27 03:54:10 -------- d-----w- C:\Users\Lynda Nicole\AppData\Local\{D118918F-D623-42BD-9F75-FE4D3B9750C2}
    2014-03-23 19:11:17 -------- d-----w- C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
    2014-03-23 18:36:36 -------- d-----w- C:\Program Files\Lavasoft
    2014-03-23 18:26:53 -------- d-----w- C:\Program Files\Common Files\Lavasoft
    2014-03-21 21:59:07 -------- d-----w- C:\ProgramData\SMR410
    2014-03-13 07:44:53 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-13 07:44:53 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-13 07:44:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-13 07:44:51 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    .
    ==================== Find3M ====================
    .
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-12-29 09:59:25 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
    .
    ============= FINISH: 20:06:00.01 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] You're running two AV programs, Ad-aware and Norton.
    You must uninstall one of them.
    I suggest Ad-aware goes.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  7. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Is RK, RKill, and RogueKiller one and the same? If so, here is the log:

    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 03/27/2014 08:45:49 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual
    Searching for Missing Digital Signatures:
    * C:\Windows\System32\rpcss.dll : 513,536 : 11/20/2010 08:27 AM : 057511a529608c3a4148bba537b388fa [NoSig]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 08:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 08:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]
    Checking HOSTS File:
    * HOSTS file entries found:
    143.61.195.18 d2000-okc
    Program finished at: 03/27/2014 08:47:47 PM
    Execution time: 0 hours(s), 1 minute(s), and 57 seconds(s)

    IF THEY ARE NOT THE SAME, let me know. I will wait for your reply before creating a new restore point.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    They're not.
    Please follow my previous reply and re-read my rules especially...

     
    AvengeMypeecee likes this.
  9. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Never mind, I used my brain for once and figured it out. New log to come...
     
  10. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Lynda Nicole [Admin rights]
    Mode : Remove -- Date : 03/27/2014 21:11:58
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\LYNDAN~1\AppData\Local\Temp\stttinx\sfrwmds\wow64.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Browser Addons : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> REPLACED AT REBOOT -> (C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll)
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x6B4613DD)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x764446E9)
    [Address] EAT @iexplore.exe (DllCanUnloadNow) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B652223)
    [Address] EAT @iexplore.exe (DllEnumClassObjects) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B662412)
    [Address] EAT @iexplore.exe (DllGetClassObject) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B653E07)
    [Address] EAT @iexplore.exe (DllRegisterServer) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B65D79F)
    [Address] EAT @iexplore.exe (DllUnregisterServer) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B65D79F)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDF38)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEB741)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x730076AF)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEBBDB)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEB8D4)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDE83)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CE19)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE428)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7525)
    [Address] EAT @iexplore.exe (CloseThemeData) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE1FA1)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FED464)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF436D)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C01C)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300D123)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE776)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE5C5)
    [Address] EAT @iexplore.exe (DrawThemeText) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDB21)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEA70C)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF786D)
    [Address] EAT @iexplore.exe (EnableTheming) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C9FF)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEACE8)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEACE8)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300762C)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FECF26)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CDCF)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CD86)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C893)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF63AE)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEEBD6)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDA9E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7155)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF0190)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE4B9C)
    [Address] EAT @iexplore.exe (GetThemeBool) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE6651)
    [Address] EAT @iexplore.exe (GetThemeColor) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C346)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
    [Address] EAT @iexplore.exe (GetThemeFilename) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B997)
    [Address] EAT @iexplore.exe (GetThemeFont) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF76A2)
    [Address] EAT @iexplore.exe (GetThemeInt) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
    [Address] EAT @iexplore.exe (GetThemeIntList) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B86E)
    [Address] EAT @iexplore.exe (GetThemeMargins) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE2F97)
    [Address] EAT @iexplore.exe (GetThemeMetric) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF55B4)
    [Address] EAT @iexplore.exe (GetThemePartSize) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE289F)
    [Address] EAT @iexplore.exe (GetThemePosition) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B80D)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF0923)
    [Address] EAT @iexplore.exe (GetThemeRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B936)
    [Address] EAT @iexplore.exe (GetThemeStream) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B8CF)
    [Address] EAT @iexplore.exe (GetThemeString) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B7A1)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CB86)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF5530)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CA32)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C3D8)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C5E7)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CC61)
    [Address] EAT @iexplore.exe (GetThemeSysString) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C553)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE89FE)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF778C)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE1A1)
    [Address] EAT @iexplore.exe (GetWindowTheme) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF535B)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF2DC1)
    [Address] EAT @iexplore.exe (IsAppThemed) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7009)
    [Address] EAT @iexplore.exe (IsCompositionActive) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE65DF)
    [Address] EAT @iexplore.exe (IsThemeActive) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF6F36)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE281C)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CB3F)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE30CF)
    [Address] EAT @iexplore.exe (OpenThemeData) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE5F29)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF06FE)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CCEC)
    [Address] EAT @iexplore.exe (SetWindowTheme) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7AFC)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE9E39)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE4571)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x730075ED)
    [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x6B4613DD)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x764446E9)
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : Root.Zekos ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    143.61.195.18 d2000-okc

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA362 SATA Disk Device +++++
    --- User ---
    [MBR] 2599761a59849fd336e2b3257bb5b3d5
    [BSP] f96377d3463883e3757767605c29ff5f : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 462225 MB
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946843648 | Size: 14613 MB
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] da23af8735b2d4742abc2605bf603c4c
    [BSP] 0dd554baf2f1106255f48e2332ab3565 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB
    Finished : << RKreport[0]_D_03272014_211158.txt >>
    RKreport[0]_S_03272014_210836.txt
     
  11. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16521
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.800000 GHz
    Memory total: 4025802752, free: 2134384640
    Downloaded database version: v2014.03.28.01
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/27/2014 21:46:54
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amdsata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\N360x64\1501000.012\SYMDS64.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\N360x64\1501000.012\ccSetx64.sys
    \SystemRoot\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS
    \SystemRoot\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS
    \SystemRoot\system32\drivers\N360x64\1501000.012\Ironx64.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140327.003\EX64.SYS
    \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140327.003\ENG64.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140326.001\IDSvia64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys
    \??\C:\Windows\system32\drivers\AntiLog64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\OSDACPI.SYS
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\serscan.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amdsata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\system32\drivers\tdtcp.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\DRIVERS\tssecsrv.sys
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WinUsb.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\DRIVERS\scfilter.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\imm32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\user32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\psapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\shell32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\sechost.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ole32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800463c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xfffffa80045c3060
    Lower Device Driver Name: \Driver\amdsata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800463c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800463b2a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800463c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80045c5770, DeviceName: Unknown, DriverName: \Driver\amdxata\
    DevicePointer: 0xfffffa80045c3060, DeviceName: \Device\00000066\, DriverName: \Driver\amdsata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 75484273
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 946636800
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946843648 Numsec = 29927424
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
     
  12. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Gotta hit the sack. I have to be up and out of the house by 6 a.m. (My bed time, honestly, was 2 hours ago.) Thank you so much for your help; I'll be back tomorrow. Just a heads up though, I work 12 hour days at the hospital so it'll be later. Good night.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  14. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    # AdwCleaner v3.022 - Report created 28/03/2014 at 20:00:26
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Lynda Nicole - QUALITYREVIEWS
    # Running from : C:\Users\Lynda Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT2U765P\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\myfree codec
    Folder Deleted : C:\Program Files (x86)\Red Sky
    Folder Deleted : C:\Users\Lynda Nicole\AppData\Local\apn
    Folder Deleted : C:\Users\LYNDAN~1\AppData\Local\Temp\apn
    [x] Not Deleted : C:\Users\Lynda Nicole\AppData\Roaming\pdfforge
    File Deleted : C:\END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16521

    -\\ Google Chrome v
    [ File : C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted : icon_url
    Deleted : search_url
    *************************
    AdwCleaner[R0].txt - [5694 octets] - [28/03/2014 19:51:04]
    AdwCleaner[S0].txt - [5263 octets] - [28/03/2014 20:00:26]
     
  15. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Lynda Nicole on Fri 03/28/2014 at 20:10:05.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\Users\Lynda Nicole\AppData\Roaming\pdfforge"
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{31113F87-E4BB-4837-A825-A59053F618EB}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{5605FAEC-FC23-43D6-A412-E89BB9DF8D02}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{6BE50A6C-CBEA-4D32-8BA3-D2D2A3D58C21}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{771D2AEA-C7C4-4762-A9DE-6AEB6646AF7A}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{7BC31985-6367-4709-9FBC-D4E2B0E7B76A}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{9D77DBDF-EAF4-4C2D-9D16-E4F9891FA1A9}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{D118918F-D623-42BD-9F75-FE4D3B9750C2}
    Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{E20F420D-8B14-457F-84C8-1BFA11C7CB2A}
    ~~~ Chrome
    Dumping contents of C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\background.js
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\ContentScript.js
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\manifest.json
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\background.js
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\ContentScript.js
    C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\manifest.json
    Successfully deleted: [Folder] C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 03/28/2014 at 20:20:48.16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Lynda Nicole (administrator) on QUALITYREVIEWS on 28-03-2014 20:23:53
    Running from C:\Users\Lynda Nicole\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Windows\SysWOW64\PnkBstrB.exe
    (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
    (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
    (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
    HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-07-30] ()
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-06-24] (Apple Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [L09AXLRD_28746959] - "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Desktop Software] - "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Facebook Update] - C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Google Update] - C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {0b58a8cb-9e70-11e0-8f58-e0699516ab3b} - F:\LiteAuto.exe
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {8800261d-46d3-11e3-acbc-e0699516ab3b} - F:\HTC_Sync_Manager_PC.exe
    Startup: C:\Users\Lynda Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: 143.61.195.18 d2000-okc
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Chrome:
    =======
    CHR HomePage: hxxp://xfinity.comcast.net/?cid=insDate09282012
    CHR DefaultSearchKeyword: ask
    CHR DefaultSearchProvider: Norton Safe Search
    CHR DefaultSearchURL: http://www.google.com
    CHR DefaultNewTabURL:
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    CHR Plugin: (Skype Toolbars) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lynda Nicole\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    CHR Plugin: (Google Update) - C:\Users\Lynda Nicole\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Hulu Desktop) - C:\Users\Lynda Nicole\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Google Drive) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-30]
    CHR Extension: (YouTube) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-29]
    CHR Extension: (Google Search) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-29]
    CHR Extension: (Cloud Reader) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-06-15]
    CHR Extension: (Skype Click to Call) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
    CHR Extension: (Norton Identity Protection) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-26]
    CHR Extension: (Google Wallet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
    CHR Extension: (Gmail) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-29]
    CHR Extension: (Space Planet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-02-02]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\LYNDAN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
    ==================== Services (Whitelisted) =================
    R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [125552 2010-07-30] ()
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
    R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-05-07] ()
    R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2011-05-07] ()
    R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.)
    ==================== Drivers (Whitelisted) ====================
    R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
    R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-29] (Zemana Ltd.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-03-26] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-03-26] (Symantec Corporation)
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
    S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
    S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-03-28 20:23 - 2014-03-28 20:24 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
    2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
    2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
    2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
    2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
    2014-03-28 19:50 - 2014-03-28 20:00 - 00000000 ____D () C:\AdwCleaner
    2014-03-27 21:46 - 2014-03-27 22:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-03-27 21:11 - 2009-07-13 20:41 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2014-03-27 20:58 - 2014-03-27 21:22 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
    2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
    2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
    2014-03-23 13:46 - 2014-03-28 19:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
    2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
    2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
    2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
    2014-03-23 11:37 - 2014-03-23 13:24 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
    2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
    2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
    2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
    2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
    2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
    2014-03-21 17:02 - 2014-03-22 04:34 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
    2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
    2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
    2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
    2014-03-16 15:19 - 2014-03-27 21:22 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
    2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
    2014-03-13 02:45 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-13 02:45 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-13 02:45 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-13 02:45 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 02:45 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 02:45 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-13 02:45 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 02:45 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 02:45 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-13 02:45 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-13 02:45 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-13 02:45 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-13 02:45 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-13 02:45 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-13 02:45 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 02:45 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-13 02:45 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 02:45 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 02:45 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 02:45 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-13 02:45 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 02:45 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 02:45 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 02:45 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 02:45 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-13 02:45 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-13 02:45 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-13 02:45 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-13 02:45 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 02:45 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 02:45 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 02:45 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 02:45 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 02:45 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-13 02:45 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 02:45 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 02:45 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 02:45 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 02:45 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-13 02:45 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-13 02:45 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 02:45 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-13 02:45 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-03-13 02:45 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-03-13 02:44 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-03-13 02:44 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 02:44 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 02:44 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
    2014-03-09 07:18 - 2014-03-09 07:19 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
    2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
    ==================== One Month Modified Files and Folders =======
    2014-03-28 20:24 - 2014-03-28 20:23 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
    2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
    2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
    2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
    2014-03-28 20:19 - 2012-05-29 18:16 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
    2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-28 20:11 - 2012-08-12 08:58 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\ID Vault
    2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
    2014-03-28 20:07 - 2010-12-07 17:06 - 01722626 _____ () C:\Windows\WindowsUpdate.log
    2014-03-28 20:05 - 2012-07-03 12:36 - 00000000 ___RD () C:\Users\Lynda Nicole\Google Drive
    2014-03-28 20:03 - 2012-07-03 12:33 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-28 20:02 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-03-28 20:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-28 20:02 - 2009-07-13 23:51 - 00085730 _____ () C:\Windows\setupact.log
    2014-03-28 20:00 - 2014-03-28 19:50 - 00000000 ____D () C:\AdwCleaner
    2014-03-28 19:46 - 2014-03-23 13:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
    2014-03-28 19:34 - 2012-07-03 12:33 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-28 19:04 - 2011-09-14 20:54 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
    2014-03-28 17:28 - 2012-08-12 08:56 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-03-28 16:19 - 2012-05-29 18:16 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
    2014-03-28 16:14 - 2012-05-29 18:16 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA
    2014-03-28 16:14 - 2012-05-29 18:16 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core
    2014-03-28 16:04 - 2011-09-14 20:54 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
    2014-03-27 22:14 - 2014-03-27 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-03-27 21:22 - 2014-03-27 20:58 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
    2014-03-27 21:22 - 2014-03-16 15:19 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
    2014-03-27 20:40 - 2011-09-27 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft
    2014-03-27 19:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-03-27 15:29 - 2012-07-03 12:33 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-27 15:29 - 2012-07-03 12:33 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
    2014-03-26 22:53 - 2011-06-08 17:01 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\Windows Live Writer
    2014-03-25 05:07 - 2009-07-14 00:13 - 00796550 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-23 18:26 - 2012-08-26 19:51 - 00000464 _____ () C:\Windows\demdata.txt
    2014-03-23 18:21 - 2013-04-29 20:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\PDF Architect Files
    2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
    2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
    2014-03-23 13:24 - 2014-03-23 11:37 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2014-03-23 13:05 - 2013-07-13 21:15 - 27955810 _____ () C:\Users\Lynda Nicole\ovpntray.log
    2014-03-23 12:14 - 2012-03-04 08:53 - 00039572 _____ () C:\aaw7boot.log
    2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
    2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
    2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
    2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
    2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
    2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
    2014-03-23 11:26 - 2014-01-30 20:53 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
    2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
    2014-03-22 15:29 - 2011-03-28 09:39 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\BitTorrent
    2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
    2014-03-22 11:54 - 2010-12-07 21:02 - 01063120 _____ () C:\Windows\PFRO.log
    2014-03-22 04:34 - 2014-03-21 17:02 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
    2014-03-21 21:09 - 2011-09-30 20:07 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
    2014-03-21 21:09 - 2011-09-30 20:07 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
    2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
    2014-03-21 15:54 - 2013-06-04 10:41 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\NPE
    2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
    2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
    2014-03-19 03:04 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-19 03:00 - 2011-03-30 21:15 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-03-18 17:29 - 2011-10-25 18:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-03-18 17:29 - 2011-03-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
    2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
    2014-03-16 14:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
    2014-03-15 15:19 - 2013-03-05 18:53 - 00002413 _____ () C:\Users\Lynda Nicole\Desktop\Google Chrome.lnk
    2014-03-14 21:04 - 2011-09-27 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-13 03:26 - 2009-07-13 23:45 - 00499064 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-13 03:04 - 2011-10-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
    2014-03-09 07:29 - 2012-05-27 09:08 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Digital Editions
    2014-03-09 07:19 - 2014-03-09 07:18 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
    2014-03-09 06:07 - 2013-01-22 08:32 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\Corpsman Docs
    2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
    2014-03-04 18:28 - 2011-03-27 22:07 - 00000000 ____D () C:\Users\Lynda Nicole
    2014-03-04 04:01 - 2011-07-19 17:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-03-04 04:01 - 2011-07-19 17:14 - 00000000 ____D () C:\ProgramData\Skype
    2014-03-01 01:05 - 2014-03-13 02:45 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-01 00:17 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-01 00:16 - 2014-03-13 02:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-02-28 23:58 - 2014-03-13 02:45 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-28 23:52 - 2014-03-13 02:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-02-28 23:51 - 2014-03-13 02:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-02-28 23:42 - 2014-03-13 02:45 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-28 23:40 - 2014-03-13 02:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-02-28 23:37 - 2014-03-13 02:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-28 23:33 - 2014-03-13 02:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-28 23:33 - 2014-03-13 02:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-02-28 23:32 - 2014-03-13 02:45 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-02-28 23:30 - 2014-03-13 02:45 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-02-28 23:23 - 2014-03-13 02:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-02-28 23:17 - 2014-03-13 02:45 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-02-28 23:11 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-02-28 23:02 - 2014-03-13 02:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-02-28 22:54 - 2014-03-13 02:45 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-28 22:52 - 2014-03-13 02:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-02-28 22:51 - 2014-03-13 02:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-02-28 22:47 - 2014-03-13 02:45 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-02-28 22:43 - 2014-03-13 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-02-28 22:43 - 2014-03-13 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-02-28 22:42 - 2014-03-13 02:45 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-28 22:40 - 2014-03-13 02:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-02-28 22:38 - 2014-03-13 02:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-02-28 22:37 - 2014-03-13 02:45 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-02-28 22:35 - 2014-03-13 02:45 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-28 22:18 - 2014-03-13 02:45 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-28 22:16 - 2014-03-13 02:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-02-28 22:14 - 2014-03-13 02:45 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-02-28 22:10 - 2014-03-13 02:45 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-28 22:03 - 2014-03-13 02:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-02-28 22:00 - 2014-03-13 02:45 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-02-28 21:57 - 2014-03-13 02:45 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-02-28 21:38 - 2014-03-13 02:45 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-28 21:32 - 2014-03-13 02:45 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-02-28 21:27 - 2014-03-13 02:45 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-02-28 21:25 - 2014-03-13 02:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-02-28 21:25 - 2014-03-13 02:45 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-02-26 04:02 - 2010-12-07 17:16 - 00788672 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    Files to move or delete:
    ====================
    C:\Users\Lynda Nicole\AppData\Roaming\skype.ini

    Some content of TEMP:
    ====================
    C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-20 12:54
    ==================== End Of Log ============================
     
  17. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Lynda Nicole at 2014-03-28 20:25:05
    Running from C:\Users\Lynda Nicole\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    ==================== Installed Programs ======================
    Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,261,0 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.159.1 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
    AntiLogger SDK version 1.6.6.296 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.6.6.296 - Zemana Ltd.)
    Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
    BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
    BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
    BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.13.1211.1 - Comcast)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    EA Download Manager (HKLM-x32\...\EADM) (Version: 8.0.3.427 - Electronic Arts, Inc.)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Finale PrintMusic 2008 (HKLM-x32\...\Finale PrintMusic 2008) (Version: 13.0.0.21 - MakeMusic)
    Finale SongWriter 2012 (HKLM-x32\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Game Console (x32 Version: - WildTangent) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
    HP MediaSmart DVD (x32 Version: 4.2.4521 - Hewlett-Packard) Hidden
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3303 - Hewlett-Packard)
    HP MediaSmart Webcam (x32 Version: 4.2.3303 - Hewlett-Packard) Hidden
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
    HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.00.180 - Portrait Displays, Inc.)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
    InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
    Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
    LightScribe System Software (HKLM-x32\...\{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}) (Version: 1.18.17.1 - LightScribe)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Norton Security Suite (HKLM-x32\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
    NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
    Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
    SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
    Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
    Sibelius Scorch (all browsers) (HKLM-x32\...\{37EF63D9-3E31-45A9-A90F-BDE07CE88095}) (Version: 5.2.1 - Sibelius Software)
    Sibelius Sounds Essentials for Sibelius 6 (HKLM-x32\...\{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1) (Version: 1.0.0 - Sibelius Software, a division of Avid Technology, Inc.)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ==================== Restore Points =========================
    18-03-2014 12:28:48 Removed ooVoo
    19-03-2014 08:00:11 Windows Update
    23-03-2014 16:05:59 Removed ooVoo
    23-03-2014 18:04:58 Removed OpenVPN Connect
    23-03-2014 18:26:25 AA11
    23-03-2014 18:33:48 AA11
    28-03-2014 01:35:32 AA11
    28-03-2014 02:21:13 No More Zekos
    ==================== Hosts content: ==========================
    2009-07-13 21:34 - 2014-03-23 13:05 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
    143.61.195.18 d2000-okc
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {1D736309-C9E7-439A-A3EF-A1DD3DC9416D} - System32\Tasks\{8B3B3F6A-9CA3-4AFE-A028-BAA9292A5F3A} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.115/fr/go/help.faq.installer?LastError=1618
    Task: {23C3D838-7CDA-4A33-91C1-3E3B962D49AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29] (Google Inc.)
    Task: {2DEFAB4D-B4C4-4ACD-A4FF-8F559C3D8F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
    Task: {31B1606E-C363-43A3-A8CD-9C0B81AEB7DA} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {332900C9-F76B-4991-8299-9ED4C2221D5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {4C03DDD7-0EEC-48F2-B12A-F5C58765290E} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {718FFCFD-1DA1-45C8-BECE-A624A34766DF} - System32\Tasks\HPCeeScheduleForLynda Nicole => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {8B2D98F3-E8FE-48E4-89CA-7EDC21826F99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
    Task: {8B55AC2F-AD3E-4D66-B997-CDE37FB36B0D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-QUALITYREVIEWS => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {8DAD3730-2BD6-4918-B594-CBA0328000EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {95F3069C-FA68-4190-A585-2B15BB1502C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {9743E41D-16F7-4C80-96B2-8D3D0DC7F285} - System32\Tasks\{37A4207D-4804-43CF-AFF4-A598EA5A917E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {A66864E1-7730-4E92-8BCD-6219BBC854E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {B3543041-9BDA-459D-B939-3DD206BC5FAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29] (Google Inc.)
    Task: {C9EB6A5E-C032-4693-AD29-8CF0632B5DDC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
    Task: {C9F769D8-A0EF-43DE-88AD-774575225625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
    Task: {D9D2BBD3-0B7B-4F1D-876D-FB4505959AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
    Task: {DDD186A7-DAA3-4975-BAF6-70E656E9D6AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {E3B6D793-D5C5-4D9D-8E79-C297F49B505A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
    Task: {E623023A-00F5-43EA-8623-97EF5D7EE88E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {E6F76D5D-3A26-4908-B091-74525E9DCC63} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    ==================== Loaded Modules (whitelisted) =============
    2010-12-07 18:03 - 2010-07-30 17:03 - 00125552 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    2011-05-07 10:08 - 2011-05-07 10:08 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2011-05-07 10:08 - 2011-05-07 10:08 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
    2010-09-15 13:31 - 2010-09-15 13:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-12-07 17:34 - 2010-12-07 17:34 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-03-28 09:58 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2013-12-11 14:57 - 2013-12-11 14:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
    2014-03-28 20:04 - 2014-03-28 20:04 - 00098816 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32api.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00110080 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\PyWinTypes27.dll
    2014-03-28 20:04 - 2014-03-28 20:04 - 00364544 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pythoncom27.dll
    2014-03-28 20:04 - 2014-03-28 20:04 - 00044032 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_socket.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 01157120 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_ssl.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00320512 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32com.shell.shell.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00712192 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_hashlib.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 01175040 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._core_.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00805888 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._gdi_.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00811008 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._windows_.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 01062400 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._controls_.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00735232 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._misc_.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00128512 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_elementtree.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00127488 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pyexpat.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00557056 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pysqlite2._sqlite.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00087040 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_ctypes.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00119808 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32file.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00108544 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32security.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00018432 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32event.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00038912 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32inet.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00122368 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._wizard.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00070656 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._html2.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00026624 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_multiprocessing.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00010240 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\select.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00024064 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32pipe.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00686080 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\unicodedata.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00025600 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32pdh.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00525640 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\windows._lib_cacheinvalidation.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00011264 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32crypt.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00035840 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32process.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00017408 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32profile.pyd
    2014-03-28 20:04 - 2014-03-28 20:04 - 00022528 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32ts.pyd
    2010-12-07 18:03 - 2010-05-25 12:29 - 00014856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
    ==================== Alternate Data Streams (whitelisted) =========
    AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD
    ==================== Safe Mode (whitelisted) ===================

    ==================== Disabled items from MSCONFIG ==============
    MSCONFIG\startupreg: Darksiders => rundll32 "C:\Users\Lynda Nicole\AppData\Local\{A1D52FFE-40D7-4DEA-AC3B-032AE3D1E515}\Darksiders\ymdcicq.dll",OpenRootStorageEx
    MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    MSCONFIG\startupreg: GameSpy => rundll32 "C:\Users\Lynda Nicole\AppData\Local\Activision\GameSpy\kictt.dll",RFCOM_FreeUnusedNow
    MSCONFIG\startupreg: Temp => rundll32 "C:\Users\Lynda Nicole\AppData\Local\Research In Motion\Temp\drowv.dll",DllRegisterServerW
    ==================== Faulty Device Manager Devices =============
    Name: 802.11n Wireless LAN Card #2
    Description: 802.11n Wireless LAN Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Ralink Technology, Corp.
    Service: netr28x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Percentage of memory in use: 40%
    Total physical RAM: 3839.3 MB
    Available physical RAM: 2281.37 MB
    Total Pagefile: 7676.79 MB
    Available Pagefile: 5852.44 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:451.39 GB) (Free:231.75 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:14.27 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 75484273)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  18. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    I humbly submit to further instruction!
     
  19. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  20. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Lynda Nicole at 2014-03-30 11:15:53 Run:1
    Running from C:\Users\Lynda Nicole\Desktop
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {0b58a8cb-9e70-11e0-8f58-e0699516ab3b} - F:\LiteAuto.exe
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {8800261d-46d3-11e3-acbc-e0699516ab3b} - F:\HTC_Sync_Manager_PC.exe
    CHR Plugin: (Native Client) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    2014-03-16 15:19 - 2014-03-27 21:22 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
    2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
    2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
    C:\Users\Lynda Nicole\AppData\Roaming\skype.ini
    C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe
    C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe
    AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b58a8cb-9e70-11e0-8f58-e0699516ab3b} => Key deleted successfully.
    HKCR\CLSID\{0b58a8cb-9e70-11e0-8f58-e0699516ab3b} => Key not found.
    HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8800261d-46d3-11e3-acbc-e0699516ab3b} => Key deleted successfully.
    HKCR\CLSID\{8800261d-46d3-11e3-acbc-e0699516ab3b} => Key not found.
    C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll not found.
    C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll not found.
    C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll not found.
    C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
    C:\Windows\system32\tcpufx.iut => Moved successfully.
    C:\Windows\system32\buueg.zya => Moved successfully.
    C:\Windows\system32\rusus.hsn => Moved successfully.
    Could not move "C:\Windows\system32\qcymkf.gpf" => Scheduled to move on reboot.
    C:\Users\Lynda Nicole\AppData\Roaming\skype.ini => Moved successfully.
    C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
    C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe => Moved successfully.
    C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe => Moved successfully.
    C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe => Moved successfully.
    C:\ProgramData\Temp => ":C8B8CEBD" ADS removed successfully.
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-30 11:18:36)<=
    C:\Windows\system32\qcymkf.gpf => Is moved successfully.
    ==== End of Fixlog ====
     
  21. AvengeMypeecee

    AvengeMypeecee TS Member Topic Starter Posts: 16

    By the way, you are amazing, but you probably already knew that. I cannot hypothesize the amount of time I have spent searching (mostly in the dark) for solutions to this issue. Who knows how many more hours would have been wasted before finding you. Thank you so much!
     
  22. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    I'm assuming the issues are gone? :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Still with me?
     
  24. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.