Inactive-A Those !@#$%^ Random Audio Ads On My Computer

Status
Not open for further replies.
AvengeMypeecee

AvengeMypeecee

Posts: 16   +0
Where to begin?
My computer began randomly playing simultaneous audio streams of random ads through the speakers. It is not consistent; it is not even decipherable. Initially, we ran Norton, then MBAM, Ad-Aware, then Comcast's security suite. Finally, the computer was taken to a previous system restore point.

All to no avail, obviously.

Then I did my research and used Kaspersky's TDSS rootkit and rkill. Neither of them found a thing: nada! Through trial and error, all I know is that this bug does not activate in Safe Mode and will not sound off without access to the internet.

Does any one have any insight at all?
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.19.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer
QUALITYREVIEWS [administrator]
3/23/2014 8:14:25 PM
mbam-log-2014-03-23 (20-14-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251660
Time elapsed: 9 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/27/2011 10:07:03 PM
System Uptime: 3/24/2014 5:35:02 PM (75 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AAE
Processor: AMD Athlon(tm) II X2 260u Processor | CPU 1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 230.631 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.753 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\00002532D89D651C00
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card #2
PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\00002532D89D651C00
Service: netr28x
.
==== System Restore Points ===================
.
RP349: 3/12/2014 12:00:02 AM - Scheduled Checkpoint
RP350: 3/13/2014 3:00:29 AM - Windows Update
RP351: 3/18/2014 7:28:48 AM - Removed ooVoo
RP352: 3/19/2014 3:00:11 AM - Windows Update
RP353: 3/23/2014 11:05:59 AM - Removed ooVoo
RP354: 3/23/2014 1:04:58 PM - Removed OpenVPN Connect
RP355: 3/23/2014 1:26:25 PM - AA11
RP356: 3/23/2014 1:33:48 PM - AA11
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Connect 9 Add-in
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Agatha Christie - Peril at End House
Akamai NetSession Interface
AntiLogger SDK version 1.6.6.296
AntimalwareEngine
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
BitTorrent
BlackBerry Desktop Software 6.0.1
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Constant Guard Protection Suite
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
EA Download Manager
Escape Rosecliff Island
Facebook Video Calling 2.0.0.447
Farm Frenzy
FATE
Final Drive Nitro
Finale PrintMusic 2008
Finale SongWriter 2012
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP My Display
HP Odometer
HP Photo Creations
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
InstallVC90Support
Internet TV for Windows Media Center
Java 7 Update 45
Java Auto Updater
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
Learning Essentials for Microsoft Office
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Math
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student 2007 for Learning Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MiniTool Partition Wizard Home Edition 7.8
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Security Suite
NVIDIA PhysX
OpenAL
OverDrive Media Console
PDF Architect
PDFCreator
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Rosetta Stone Ltd Services
Rosetta Stone Version 3
RoxioNow Player
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SDK
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Sibelius 6
Sibelius Scorch (all browsers)
Sibelius Sounds Essentials for Sibelius 6
Skype Click to Call
Skype™ 6.11
swMSM
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/24/2014 5:34:14 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
3/23/2014 9:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/23/2014 9:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/23/2014 12:13:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:39:15 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/23/2014 11:37:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/23/2014 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/23/2014 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/23/2014 11:37:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/23/2014 11:37:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/23/2014 11:37:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/23/2014 11:37:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:15 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/23/2014 11:37:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2
Run by Lynda Nicole at 20:02:46 on 2014-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1537 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
uRun: [L09AXLRD_28746959] "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Facebook Update] "C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Akamai NetSession Interface] "C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\LYNDAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: liveops.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5499B21D-C7C8-427E-A81E-78726D7033DB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B}\2456C6B696E6F574F575962756C6563737F5 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7401AFAB-A92B-4D45-BBA5-FB02A22BFD2B}\C696E6B6379737 : DHCPNameServer = 68.87.68.166 68.87.74.166
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 143.61.195.18 d2000-okc
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-26 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-26 1147480]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-11-14 49240]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-26 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140326.001\IDSviA64.sys [2014-3-26 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-26 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-26 590936]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-7 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-7 203264]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-12-7 17992]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-26 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-27 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-7 349800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-7 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-12-7 1002848]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-6-18 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-6-18 9584]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-10-6 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-30 59392]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-03-27 03:54:10 -------- d-----w- C:\Users\Lynda Nicole\AppData\Local\{D118918F-D623-42BD-9F75-FE4D3B9750C2}
2014-03-23 19:11:17 -------- d-----w- C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
2014-03-23 18:36:36 -------- d-----w- C:\Program Files\Lavasoft
2014-03-23 18:26:53 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-03-21 21:59:07 -------- d-----w- C:\ProgramData\SMR410
2014-03-13 07:44:53 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 07:44:53 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 07:44:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 07:44:51 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M ====================
.
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-29 09:59:25 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
.
============= FINISH: 20:06:00.01 ===============
 
redtarget.gif
You're running two AV programs, Ad-aware and Norton.
You must uninstall one of them.
I suggest Ad-aware goes.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Is RK, RKill, and RogueKiller one and the same? If so, here is the log:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/27/2014 08:45:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* C:\Windows\System32\rpcss.dll : 513,536 : 11/20/2010 08:27 AM : 057511a529608c3a4148bba537b388fa [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 08:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 08:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
143.61.195.18 d2000-okc
Program finished at: 03/27/2014 08:47:47 PM
Execution time: 0 hours(s), 1 minute(s), and 57 seconds(s)

IF THEY ARE NOT THE SAME, let me know. I will wait for your reply before creating a new restore point.
 
They're not.
Please follow my previous reply and re-read my rules especially...

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...
 
  • Like
Reactions: AvengeMypeecee
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynda Nicole [Admin rights]
Mode : Remove -- Date : 03/27/2014 21:11:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\LYNDAN~1\AppData\Local\Temp\stttinx\sfrwmds\wow64.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> REPLACED AT REBOOT -> (C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll)
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x6B4613DD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x764446E9)
[Address] EAT @iexplore.exe (DllCanUnloadNow) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B652223)
[Address] EAT @iexplore.exe (DllEnumClassObjects) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B662412)
[Address] EAT @iexplore.exe (DllGetClassObject) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B653E07)
[Address] EAT @iexplore.exe (DllRegisterServer) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B65D79F)
[Address] EAT @iexplore.exe (DllUnregisterServer) : UIAnimation.dll -> HOOKED (C:\Windows\SysWOW64\Dxtrans.dll @ 0x6B65D79F)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEB741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x730076AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEBBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEB8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7525)
[Address] EAT @iexplore.exe (CloseThemeData) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE1FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FED464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEA70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF786D)
[Address] EAT @iexplore.exe (EnableTheming) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FECF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF63AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEEBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEDA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF0190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE4B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE6651)
[Address] EAT @iexplore.exe (GetThemeColor) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B997)
[Address] EAT @iexplore.exe (GetThemeFont) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF76A2)
[Address] EAT @iexplore.exe (GetThemeInt) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE27C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE2F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF55B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE289F)
[Address] EAT @iexplore.exe (GetThemePosition) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF0923)
[Address] EAT @iexplore.exe (GetThemeRect) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B936)
[Address] EAT @iexplore.exe (GetThemeStream) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF5530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE89FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FEE1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF2DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7009)
[Address] EAT @iexplore.exe (IsCompositionActive) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE65DF)
[Address] EAT @iexplore.exe (IsThemeActive) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF6F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE30CF)
[Address] EAT @iexplore.exe (OpenThemeData) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE5F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF06FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7300CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FF7AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE9E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x72FE4571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : slc.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x730075ED)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x6B4613DD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x764446E9)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : Root.Zekos ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

143.61.195.18 d2000-okc

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA362 SATA Disk Device +++++
--- User ---
[MBR] 2599761a59849fd336e2b3257bb5b3d5
[BSP] f96377d3463883e3757767605c29ff5f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 462225 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946843648 | Size: 14613 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] da23af8735b2d4742abc2605bf603c4c
[BSP] 0dd554baf2f1106255f48e2332ab3565 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB
Finished : << RKreport[0]_D_03272014_211158.txt >>
RKreport[0]_S_03272014_210836.txt
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16521
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.800000 GHz
Memory total: 4025802752, free: 2134384640
Downloaded database version: v2014.03.28.01
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
03/27/2014 21:46:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\ccSetx64.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1501000.012\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140327.003\EX64.SYS
\??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140327.003\ENG64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140326.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\OSDACPI.SYS
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800463c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa80045c3060
Lower Device Driver Name: \Driver\amdsata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800463c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800463b2a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800463c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045c5770, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa80045c3060, DeviceName: \Device\00000066\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 75484273
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 946636800
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 946843648 Numsec = 29927424
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Gotta hit the sack. I have to be up and out of the house by 6 a.m. (My bed time, honestly, was 2 hours ago.) Thank you so much for your help; I'll be back tomorrow. Just a heads up though, I work 12 hour days at the hospital so it'll be later. Good night.
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v3.022 - Report created 28/03/2014 at 20:00:26
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lynda Nicole - QUALITYREVIEWS
# Running from : C:\Users\Lynda Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT2U765P\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Users\Lynda Nicole\AppData\Local\apn
Folder Deleted : C:\Users\LYNDAN~1\AppData\Local\Temp\apn
[x] Not Deleted : C:\Users\Lynda Nicole\AppData\Roaming\pdfforge
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v
[ File : C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
Deleted : search_url
*************************
AdwCleaner[R0].txt - [5694 octets] - [28/03/2014 19:51:04]
AdwCleaner[S0].txt - [5263 octets] - [28/03/2014 20:00:26]
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lynda Nicole on Fri 03/28/2014 at 20:10:05.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Lynda Nicole\AppData\Roaming\pdfforge"
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{31113F87-E4BB-4837-A825-A59053F618EB}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{5605FAEC-FC23-43D6-A412-E89BB9DF8D02}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{6BE50A6C-CBEA-4D32-8BA3-D2D2A3D58C21}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{771D2AEA-C7C4-4762-A9DE-6AEB6646AF7A}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{7BC31985-6367-4709-9FBC-D4E2B0E7B76A}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{9D77DBDF-EAF4-4C2D-9D16-E4F9891FA1A9}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{D118918F-D623-42BD-9F75-FE4D3B9750C2}
Successfully deleted: [Empty Folder] C:\Users\Lynda Nicole\appdata\local\{E20F420D-8B14-457F-84C8-1BFA11C7CB2A}
~~~ Chrome
Dumping contents of C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\background.js
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\ContentScript.js
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadcddgedadgdbgcdjdbdegfggdcdfdd\manifest.json
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\background.js
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\ContentScript.js
C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default\aadggcgcgegdggggdbdidbgfdegddbgc\manifest.json
Successfully deleted: [Folder] C:\Users\Lynda Nicole\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/28/2014 at 20:20:48.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lynda Nicole (administrator) on QUALITYREVIEWS on 28-03-2014 20:23:53
Running from C:\Users\Lynda Nicole\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-07-30] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-06-24] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [L09AXLRD_28746959] - "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Desktop Software] - "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Facebook Update] - C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Google Update] - C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {0b58a8cb-9e70-11e0-8f58-e0699516ab3b} - F:\LiteAuto.exe
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {8800261d-46d3-11e3-acbc-e0699516ab3b} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Lynda Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 143.61.195.18 d2000-okc
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://xfinity.comcast.net/?cid=insDate09282012
CHR DefaultSearchKeyword: ask
CHR DefaultSearchProvider: Norton Safe Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lynda Nicole\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Lynda Nicole\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Users\Lynda Nicole\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-30]
CHR Extension: (YouTube) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-29]
CHR Extension: (Google Search) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-29]
CHR Extension: (Cloud Reader) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-06-15]
CHR Extension: (Skype Click to Call) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Norton Identity Protection) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-26]
CHR Extension: (Google Wallet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-29]
CHR Extension: (Space Planet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-02-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\LYNDAN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
==================== Services (Whitelisted) =================
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [125552 2010-07-30] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-05-07] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2011-05-07] ()
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.)
==================== Drivers (Whitelisted) ====================
R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-29] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-03-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-03-26] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-03-28 20:23 - 2014-03-28 20:24 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
2014-03-28 19:50 - 2014-03-28 20:00 - 00000000 ____D () C:\AdwCleaner
2014-03-27 21:46 - 2014-03-27 22:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:11 - 2009-07-13 20:41 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-03-27 20:58 - 2014-03-27 21:22 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
2014-03-23 13:46 - 2014-03-28 19:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
2014-03-23 11:37 - 2014-03-23 13:24 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
2014-03-21 17:02 - 2014-03-22 04:34 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
2014-03-16 15:19 - 2014-03-27 21:22 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
2014-03-13 02:45 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 02:45 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 02:45 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 02:45 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 02:45 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 02:45 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 02:45 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 02:45 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 02:45 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 02:45 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 02:45 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 02:45 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 02:45 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 02:45 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 02:45 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 02:45 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 02:45 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 02:45 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 02:45 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 02:45 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 02:45 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 02:45 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 02:45 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 02:45 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 02:45 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 02:45 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 02:45 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 02:45 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 02:45 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 02:45 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 02:45 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 02:45 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 02:45 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 02:45 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 02:45 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 02:45 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 02:45 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 02:45 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 02:45 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 02:45 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 02:45 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 02:45 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 02:45 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 02:45 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 02:44 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 02:44 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 02:44 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 02:44 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
2014-03-09 07:18 - 2014-03-09 07:19 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
==================== One Month Modified Files and Folders =======
2014-03-28 20:24 - 2014-03-28 20:23 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
2014-03-28 20:19 - 2012-05-29 18:16 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:11 - 2012-08-12 08:58 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\ID Vault
2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
2014-03-28 20:07 - 2010-12-07 17:06 - 01722626 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 20:05 - 2012-07-03 12:36 - 00000000 ___RD () C:\Users\Lynda Nicole\Google Drive
2014-03-28 20:03 - 2012-07-03 12:33 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 20:02 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 20:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 20:02 - 2009-07-13 23:51 - 00085730 _____ () C:\Windows\setupact.log
2014-03-28 20:00 - 2014-03-28 19:50 - 00000000 ____D () C:\AdwCleaner
2014-03-28 19:46 - 2014-03-23 13:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
2014-03-28 19:34 - 2012-07-03 12:33 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 19:04 - 2011-09-14 20:54 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
2014-03-28 17:28 - 2012-08-12 08:56 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-03-28 16:19 - 2012-05-29 18:16 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
2014-03-28 16:14 - 2012-05-29 18:16 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA
2014-03-28 16:14 - 2012-05-29 18:16 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core
2014-03-28 16:04 - 2011-09-14 20:54 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
2014-03-27 22:14 - 2014-03-27 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:22 - 2014-03-27 20:58 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
2014-03-27 21:22 - 2014-03-16 15:19 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
2014-03-27 20:40 - 2011-09-27 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-27 19:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-27 15:29 - 2012-07-03 12:33 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 15:29 - 2012-07-03 12:33 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
2014-03-26 22:53 - 2011-06-08 17:01 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\Windows Live Writer
2014-03-25 05:07 - 2009-07-14 00:13 - 00796550 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 18:26 - 2012-08-26 19:51 - 00000464 _____ () C:\Windows\demdata.txt
2014-03-23 18:21 - 2013-04-29 20:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\PDF Architect Files
2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
2014-03-23 13:24 - 2014-03-23 11:37 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-23 13:05 - 2013-07-13 21:15 - 27955810 _____ () C:\Users\Lynda Nicole\ovpntray.log
2014-03-23 12:14 - 2012-03-04 08:53 - 00039572 _____ () C:\aaw7boot.log
2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
2014-03-23 11:26 - 2014-01-30 20:53 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
2014-03-22 15:29 - 2011-03-28 09:39 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\BitTorrent
2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
2014-03-22 11:54 - 2010-12-07 21:02 - 01063120 _____ () C:\Windows\PFRO.log
2014-03-22 04:34 - 2014-03-21 17:02 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-21 21:09 - 2011-09-30 20:07 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-03-21 21:09 - 2011-09-30 20:07 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-21 15:54 - 2013-06-04 10:41 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\NPE
2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
2014-03-19 03:04 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2011-03-30 21:15 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:29 - 2011-10-25 18:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 17:29 - 2011-03-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
2014-03-16 14:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-15 15:19 - 2013-03-05 18:53 - 00002413 _____ () C:\Users\Lynda Nicole\Desktop\Google Chrome.lnk
2014-03-14 21:04 - 2011-09-27 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 03:26 - 2009-07-13 23:45 - 00499064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:04 - 2011-10-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
2014-03-09 07:29 - 2012-05-27 09:08 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Digital Editions
2014-03-09 07:19 - 2014-03-09 07:18 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
2014-03-09 06:07 - 2013-01-22 08:32 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\Corpsman Docs
2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
2014-03-04 18:28 - 2011-03-27 22:07 - 00000000 ____D () C:\Users\Lynda Nicole
2014-03-04 04:01 - 2011-07-19 17:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 04:01 - 2011-07-19 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 01:05 - 2014-03-13 02:45 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-13 02:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-13 02:45 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-13 02:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-13 02:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-13 02:45 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-13 02:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-13 02:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-13 02:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-13 02:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-13 02:45 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-13 02:45 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-13 02:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-13 02:45 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-13 02:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-13 02:45 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-13 02:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-13 02:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-13 02:45 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-13 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-13 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-13 02:45 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-13 02:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-13 02:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-13 02:45 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-13 02:45 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-13 02:45 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-13 02:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-13 02:45 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-13 02:45 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-13 02:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-13 02:45 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-13 02:45 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-13 02:45 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-13 02:45 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-13 02:45 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-13 02:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-13 02:45 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 04:02 - 2010-12-07 17:16 - 00788672 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Lynda Nicole\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-20 12:54
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lynda Nicole at 2014-03-28 20:25:05
Running from C:\Users\Lynda Nicole\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,261,0 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AntiLogger SDK version 1.6.6.296 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.13.1211.1 - Comcast)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
EA Download Manager (HKLM-x32\...\EADM) (Version: 8.0.3.427 - Electronic Arts, Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Finale PrintMusic 2008 (HKLM-x32\...\Finale PrintMusic 2008) (Version: 13.0.0.21 - MakeMusic)
Finale SongWriter 2012 (HKLM-x32\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4521 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3303 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.2.3303 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.00.180 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software (HKLM-x32\...\{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}) (Version: 1.18.17.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
Sibelius Scorch (all browsers) (HKLM-x32\...\{37EF63D9-3E31-45A9-A90F-BDE07CE88095}) (Version: 5.2.1 - Sibelius Software)
Sibelius Sounds Essentials for Sibelius 6 (HKLM-x32\...\{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1) (Version: 1.0.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
18-03-2014 12:28:48 Removed ooVoo
19-03-2014 08:00:11 Windows Update
23-03-2014 16:05:59 Removed ooVoo
23-03-2014 18:04:58 Removed OpenVPN Connect
23-03-2014 18:26:25 AA11
23-03-2014 18:33:48 AA11
28-03-2014 01:35:32 AA11
28-03-2014 02:21:13 No More Zekos
==================== Hosts content: ==========================
2009-07-13 21:34 - 2014-03-23 13:05 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
143.61.195.18 d2000-okc
==================== Scheduled Tasks (whitelisted) =============
Task: {1D736309-C9E7-439A-A3EF-A1DD3DC9416D} - System32\Tasks\{8B3B3F6A-9CA3-4AFE-A028-BAA9292A5F3A} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.115/fr/go/help.faq.installer?LastError=1618
Task: {23C3D838-7CDA-4A33-91C1-3E3B962D49AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29] (Google Inc.)
Task: {2DEFAB4D-B4C4-4ACD-A4FF-8F559C3D8F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {31B1606E-C363-43A3-A8CD-9C0B81AEB7DA} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {332900C9-F76B-4991-8299-9ED4C2221D5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {4C03DDD7-0EEC-48F2-B12A-F5C58765290E} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {718FFCFD-1DA1-45C8-BECE-A624A34766DF} - System32\Tasks\HPCeeScheduleForLynda Nicole => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8B2D98F3-E8FE-48E4-89CA-7EDC21826F99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {8B55AC2F-AD3E-4D66-B997-CDE37FB36B0D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-QUALITYREVIEWS => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {8DAD3730-2BD6-4918-B594-CBA0328000EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {95F3069C-FA68-4190-A585-2B15BB1502C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9743E41D-16F7-4C80-96B2-8D3D0DC7F285} - System32\Tasks\{37A4207D-4804-43CF-AFF4-A598EA5A917E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A66864E1-7730-4E92-8BCD-6219BBC854E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B3543041-9BDA-459D-B939-3DD206BC5FAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29] (Google Inc.)
Task: {C9EB6A5E-C032-4693-AD29-8CF0632B5DDC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {C9F769D8-A0EF-43DE-88AD-774575225625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {D9D2BBD3-0B7B-4F1D-876D-FB4505959AE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {DDD186A7-DAA3-4975-BAF6-70E656E9D6AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E3B6D793-D5C5-4D9D-8E79-C297F49B505A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {E623023A-00F5-43EA-8623-97EF5D7EE88E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {E6F76D5D-3A26-4908-B091-74525E9DCC63} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job => C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job => C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-12-07 18:03 - 2010-07-30 17:03 - 00125552 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2011-05-07 10:08 - 2011-05-07 10:08 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-05-07 10:08 - 2011-05-07 10:08 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2010-09-15 13:31 - 2010-09-15 13:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-07 17:34 - 2010-12-07 17:34 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-28 09:58 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-12-11 14:57 - 2013-12-11 14:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-03-28 20:04 - 2014-03-28 20:04 - 00098816 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32api.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00110080 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\PyWinTypes27.dll
2014-03-28 20:04 - 2014-03-28 20:04 - 00364544 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pythoncom27.dll
2014-03-28 20:04 - 2014-03-28 20:04 - 00044032 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_socket.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 01157120 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_ssl.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00320512 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32com.shell.shell.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00712192 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_hashlib.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 01175040 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._core_.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00805888 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._gdi_.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00811008 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._windows_.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 01062400 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._controls_.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00735232 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._misc_.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00128512 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_elementtree.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00127488 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pyexpat.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00557056 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\pysqlite2._sqlite.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00087040 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_ctypes.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00119808 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32file.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00108544 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32security.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00018432 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32event.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00038912 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32inet.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00122368 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._wizard.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00070656 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\wx._html2.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00026624 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\_multiprocessing.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00010240 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\select.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00024064 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32pipe.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00686080 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\unicodedata.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00025600 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32pdh.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00525640 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\windows._lib_cacheinvalidation.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00011264 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32crypt.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00035840 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32process.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00017408 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32profile.pyd
2014-03-28 20:04 - 2014-03-28 20:04 - 00022528 _____ () C:\Users\Lynda Nicole\AppData\Local\Temp\_MEI37522\win32ts.pyd
2010-12-07 18:03 - 2010-05-25 12:29 - 00014856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD
==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Darksiders => rundll32 "C:\Users\Lynda Nicole\AppData\Local\{A1D52FFE-40D7-4DEA-AC3B-032AE3D1E515}\Darksiders\ymdcicq.dll",OpenRootStorageEx
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: GameSpy => rundll32 "C:\Users\Lynda Nicole\AppData\Local\Activision\GameSpy\kictt.dll",RFCOM_FreeUnusedNow
MSCONFIG\startupreg: Temp => rundll32 "C:\Users\Lynda Nicole\AppData\Local\Research In Motion\Temp\drowv.dll",DllRegisterServerW
==================== Faulty Device Manager Devices =============
Name: 802.11n Wireless LAN Card #2
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3839.3 MB
Available physical RAM: 2281.37 MB
Total Pagefile: 7676.79 MB
Available Pagefile: 5852.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.39 GB) (Free:231.75 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.27 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 75484273)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.8 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Lynda Nicole at 2014-03-30 11:15:53 Run:1
Running from C:\Users\Lynda Nicole\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {0b58a8cb-9e70-11e0-8f58-e0699516ab3b} - F:\LiteAuto.exe
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {8800261d-46d3-11e3-acbc-e0699516ab3b} - F:\HTC_Sync_Manager_PC.exe
CHR Plugin: (Native Client) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
2014-03-16 15:19 - 2014-03-27 21:22 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
C:\Users\Lynda Nicole\AppData\Roaming\skype.ini
C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
*****************
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b58a8cb-9e70-11e0-8f58-e0699516ab3b} => Key deleted successfully.
HKCR\CLSID\{0b58a8cb-9e70-11e0-8f58-e0699516ab3b} => Key not found.
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8800261d-46d3-11e3-acbc-e0699516ab3b} => Key deleted successfully.
HKCR\CLSID\{8800261d-46d3-11e3-acbc-e0699516ab3b} => Key not found.
C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll not found.
C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Windows\system32\tcpufx.iut => Moved successfully.
C:\Windows\system32\buueg.zya => Moved successfully.
C:\Windows\system32\rusus.hsn => Moved successfully.
Could not move "C:\Windows\system32\qcymkf.gpf" => Scheduled to move on reboot.
C:\Users\Lynda Nicole\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe => Moved successfully.
C:\ProgramData\Temp => ":C8B8CEBD" ADS removed successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-30 11:18:36)<=
C:\Windows\system32\qcymkf.gpf => Is moved successfully.
==== End of Fixlog ====
 
By the way, you are amazing, but you probably already knew that. I cannot hypothesize the amount of time I have spent searching (mostly in the dark) for solutions to this issue. Who knows how many more hours would have been wasted before finding you. Thank you so much!
 
I'm assuming the issues are gone? :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Blizzard continues to pour gasoline on its Overwatch 2 dumpster fire
Replies
19
Views
1K
Bamda
Bamda
A
PC turns on, but no display. No power to mouse and keyboard.
Replies
5
Views
13K
Kshipper
Kshipper
GGGos
Free November games on Epic's Store, Amazon Prime include Control, Dragon Age: Inquisition...
Replies
0
Views
953
GGGos
GGGos

Latest posts

Back