Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Extremly Slow System Performance, System Freezing... [Solved]

Started by paren12 , Jun 15 2014 08:49 PM

This topic is locked

#16
Satchfan

Posted 27 June 2014 - 10:42 AM

Trusted Helper

Malware Removal
624 posts

We have stopped a lot of programs from starting up automatically and Malwarebytes presence is fine and not affecting your computer.

Forget about the scroll problem for now as this is unrelated to anything we've done and may be able to deal with that later. If malware is ruled out, and we can't sort it out here, I'll give you a link to another part of our forum where you can get help with it.

I'd like you to try a different scan just to rule something out.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download RogueKiller to your desktop.

For 64-bit systems download it from here

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

Satchfan

#17
paren12

Posted 27 June 2014 - 07:08 PM

Member

Topic Starter
Member
78 posts

Find scan results below.

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 06/27/2014 19:05:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ca3470bef92587 -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ca3470bef92587 -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ca3470bef92587 -> FOUND
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{31AF6009-F492-4AD7-A635-C36BF027C9A9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Debbie\AppData\Local\Temp\Toolbaren.exe -d C:\Users\Debbie\Desktop -c -s -a /auto) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 46 ¤¤¤
[SSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x885689d8
[SSDT:Addr] NtAlertThread[14] : Unknown @ 0x88568a70
[SSDT:Addr] NtAllocateVirtualMemory[18] : Unknown @ 0x8821f500
[SSDT:Addr] NtAlpcConnectPort[21] : Unknown @ 0x88110368
[SSDT:Addr] NtAssignProcessToJobObject[42] : Unknown @ 0x88809c78
[SSDT:Addr] NtCreateMutant[67] : Unknown @ 0x88568800
[SSDT:Addr] NtCreateSymbolicLinkObject[77] : Unknown @ 0x88809a70
[SSDT:Addr] NtCreateThread[78] : Unknown @ 0x8884be80
[SSDT:Addr] NtDebugActiveProcess[116] : Unknown @ 0x88809d10
[SSDT:Addr] NtDuplicateObject[129] : Unknown @ 0x8834e488
[SSDT:Addr] NtFreeVirtualMemory[147] : Unknown @ 0x88568f60
[SSDT:Addr] NtImpersonateAnonymousToken[156] : Unknown @ 0x885688a8
[SSDT:Addr] NtImpersonateThread[158] : Unknown @ 0x88568940
[SSDT:Addr] NtLoadDriver[165] : Unknown @ 0x88004358
[SSDT:Addr] NtMapViewOfSection[177] : Unknown @ 0x88568ea8
[SSDT:Addr] NtOpenEvent[184] : Unknown @ 0x88809f90
[SSDT:Addr] NtOpenProcess[194] : Unknown @ 0x88758c50
[SSDT:Addr] NtOpenProcessToken[195] : Unknown @ 0x8821f588
[SSDT:Addr] NtOpenSection[197] : Unknown @ 0x88809e60
[SSDT:Addr] NtOpenThread[201] : Unknown @ 0x8834e4d0
[SSDT:Addr] NtProtectVirtualMemory[210] : Unknown @ 0x88809bd0
[SSDT:Addr] NtResumeThread[282] : Unknown @ 0x88568b08
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x88568cd0
[SSDT:Addr] NtSetInformationProcess[305] : Unknown @ 0x88568d68
[SSDT:Addr] NtSetSystemInformation[317] : Unknown @ 0x88809da8
[SSDT:Addr] NtSuspendProcess[330] : Unknown @ 0x88809ef8
[SSDT:Addr] NtSuspendThread[331] : Unknown @ 0x88568ba0
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x88249ca0
[SSDT:Addr] NtTerminateThread[335] : Unknown @ 0x88568c38
[SSDT:Addr] NtUnmapViewOfSection[348] : Unknown @ 0x88568e10
[SSDT:Addr] NtWriteVirtualMemory[358] : Unknown @ 0x8821f438
[SSDT:Addr] NtCreateThreadEx[382] : Unknown @ 0x88809b18
[ShwSSDT:Addr] NtUserAttachThreadInput[317] : Unknown @ 0x882d5fd0
[ShwSSDT:Addr] NtUserGetAsyncKeyState[397] : Unknown @ 0x88a6c230
[ShwSSDT:Addr] NtUserGetKeyboardState[428] : Unknown @ 0x88a6c1b8
[ShwSSDT:Addr] NtUserGetKeyState[430] : Unknown @ 0x88a6c2a8
[ShwSSDT:Addr] NtUserGetRawInputData[442] : Unknown @ 0x88a9ec08
[ShwSSDT:Addr] NtUserMessageCall[479] : Unknown @ 0x88a6e738
[ShwSSDT:Addr] NtUserPostMessage[497] : Unknown @ 0x88a6c130
[ShwSSDT:Addr] NtUserPostThreadMessage[498] : Unknown @ 0x88a6c0a8
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a760e0
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x89043248
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllCanUnloadNow : C:\Windows\System32\EhStorAPI.dll @ 0x6b85664f
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllGetClassObject : C:\Windows\System32\EhStorAPI.dll @ 0x6b858884
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllRegisterServer : C:\Windows\System32\EhStorAPI.dll @ 0x6b8592e6
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllUnregisterServer : C:\Windows\System32\EhStorAPI.dll @ 0x6b8592fa

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] acc76ebff8e8f1e6134c09d25a8df097
[BSP] 780bc60244ab4bd5e87d5088e289d37e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 226251 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 463362795 | Size: 12221 MB
User = LL1 ... OK
User = LL2 ... OK

#18
Satchfan

Posted 28 June 2014 - 02:24 AM

Trusted Helper

Malware Removal
624 posts

You must be offline to complete the following steps.

Please restart your computer in safe mode, (How to start Windows in Safe Mode - Windows 7/Vista)

Run RK again.

when the pre-scan finishes hit the Scan button.
when the scan completes, remove the check mark next to these entries:

[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
hit the Delete button.
click on "Report" and copy/paste the content of the Notepad into your next reply.
the log should be found as RKreport[1].txt on your Desktop

Please restart your computer and run RogueKiller again and send the result of that log also.

Satchfan

#19
paren12

Posted 28 June 2014 - 01:10 PM

Member

Topic Starter
Member
78 posts

Reports below.

ogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Debbie [Admin rights]
Mode : Remove -- Date : 06/28/2014 12:54:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ca3470bef92587 -> DELETED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ca3470bef92587 -> DELETED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ca3470bef92587 -> DELETED
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

============================================
RKreport_SCN_06272014_190504.log - RKreport_SCN_06282014_124110.log

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 06/28/2014 13:06:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 42 ¤¤¤
[SSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x8825d3d8
[SSDT:Addr] NtAlertThread[14] : Unknown @ 0x8825d470
[SSDT:Addr] NtAllocateVirtualMemory[18] : Unknown @ 0x8825c170
[SSDT:Addr] NtAlpcConnectPort[21] : Unknown @ 0x88183510
[SSDT:Addr] NtAssignProcessToJobObject[42] : Unknown @ 0x8825ce08
[SSDT:Addr] NtCreateMutant[67] : Unknown @ 0x8825d200
[SSDT:Addr] NtCreateSymbolicLinkObject[77] : Unknown @ 0x8825cc00
[SSDT:Addr] NtCreateThread[78] : Unknown @ 0x8825c4c8
[SSDT:Addr] NtDebugActiveProcess[116] : Unknown @ 0x8825cea0
[SSDT:Addr] NtDuplicateObject[129] : Unknown @ 0x8825c2b0
[SSDT:Addr] NtFreeVirtualMemory[147] : Unknown @ 0x8825d960
[SSDT:Addr] NtImpersonateAnonymousToken[156] : Unknown @ 0x8825d2a8
[SSDT:Addr] NtImpersonateThread[158] : Unknown @ 0x8825d340
[SSDT:Addr] NtLoadDriver[165] : Unknown @ 0x88065c58
[SSDT:Addr] NtMapViewOfSection[177] : Unknown @ 0x8825d8a8
[SSDT:Addr] NtOpenEvent[184] : Unknown @ 0x8825d168
[SSDT:Addr] NtOpenProcess[194] : Unknown @ 0x8825c400
[SSDT:Addr] NtOpenProcessToken[195] : Unknown @ 0x8825c218
[SSDT:Addr] NtOpenSection[197] : Unknown @ 0x8825cfd0
[SSDT:Addr] NtOpenThread[201] : Unknown @ 0x8825c358
[SSDT:Addr] NtProtectVirtualMemory[210] : Unknown @ 0x8825cd60
[SSDT:Addr] NtResumeThread[282] : Unknown @ 0x8825d508
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x8825d6d0
[SSDT:Addr] NtSetInformationProcess[305] : Unknown @ 0x8825d768
[SSDT:Addr] NtSetSystemInformation[317] : Unknown @ 0x8825cf38
[SSDT:Addr] NtSuspendProcess[330] : Unknown @ 0x8825d0d0
[SSDT:Addr] NtSuspendThread[331] : Unknown @ 0x8825d5a0
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x881b4be0
[SSDT:Addr] NtTerminateThread[335] : Unknown @ 0x8825d638
[SSDT:Addr] NtUnmapViewOfSection[348] : Unknown @ 0x8825d810
[SSDT:Addr] NtWriteVirtualMemory[358] : Unknown @ 0x8825d008
[SSDT:Addr] NtCreateThreadEx[382] : Unknown @ 0x8825cca8
[ShwSSDT:Addr] NtUserAttachThreadInput[317] : Unknown @ 0x88a86a00
[ShwSSDT:Addr] NtUserGetAsyncKeyState[397] : Unknown @ 0x88a84a80
[ShwSSDT:Addr] NtUserGetKeyboardState[428] : Unknown @ 0x88a84a08
[ShwSSDT:Addr] NtUserGetKeyState[430] : Unknown @ 0x88a84af8
[ShwSSDT:Addr] NtUserGetRawInputData[442] : Unknown @ 0x88a84b70
[ShwSSDT:Addr] NtUserMessageCall[479] : Unknown @ 0x88a84870
[ShwSSDT:Addr] NtUserPostMessage[497] : Unknown @ 0x88a84980
[ShwSSDT:Addr] NtUserPostThreadMessage[498] : Unknown @ 0x88a848f8
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a84c38
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x88a89950

¤¤¤ Web browsers : 0 ¤¤¤

============================================
RKreport_DEL_06282014_125435.log - RKreport_SCN_06272014_190504.log - RKreport_SCN_06282014_124110.log

#20
Satchfan

Posted 28 June 2014 - 02:59 PM

Trusted Helper

Malware Removal
624 posts

We’re getting there but let’s have a scan that will look at what’s left:

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
press Scan button
it will produce a log called FRST.txt in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Satchfan

#21
paren12

Posted 28 June 2014 - 06:03 PM

Member

Topic Starter
Member
78 posts

Reports below.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Debbie (administrator) on DEBS-LAPTOP on 28-06-2014 17:52:09
Running from C:\Users\Debbie\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [Norton Download Manager{N360211018-SHPD-FSD40014}] => C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe /m
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1509237336-2105009817-796031365-1000\...\MountPoints2: {b76f8b33-aaf6-11e3-ab47-001d72433463} - "E:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Debbie\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-13]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-28]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-08]
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Debbie\Program Files\DNA
FF Extension: DNA - C:\Users\Debbie\Program Files\DNA [2009-06-17]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-13]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - c:\program files\google\chrome\application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - c:\program files\google\chrome\application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (No Name) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\koejgfpmmpnbibkihplhfhjbpdgchjhk [2014-01-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-04-12]
CHR Extension: (Google Wallet) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-05]

========================== Services (Whitelisted) =================

S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-07-06] ()
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-10] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)
S3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] (Hewlett-Packard Development Company, L.P.) [File not signed]
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSvix86.sys [395992 2014-06-04] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-07-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\NAVENG.SYS [93272 2014-06-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\NAVEX15.SYS [1612376 2014-06-05] (Symantec Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2008-10-13] (VSO Software) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1503000.00C\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
S3 zsi_fmw; C:\Windows\System32\Drivers\zsi_fmw.sys [34176 2007-07-16] ()
S3 zsi_zap; C:\Windows\System32\Drivers\zsi_zap.sys [16896 2007-07-16] ()
U1 eabfiltr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-28 17:52 - 2014-06-28 17:52 - 00020623 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-28 17:50 - 2014-06-28 17:52 - 00000000 ____D () C:\FRST
2014-06-28 17:49 - 2014-06-28 17:49 - 01073664 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2014-06-28 13:07 - 2014-06-28 13:07 - 00005917 _____ () C:\Users\Debbie\Desktop\REreport[2].txt
2014-06-28 12:56 - 2014-06-28 12:56 - 00003494 _____ () C:\Users\Debbie\Desktop\REreport[1].txt
2014-06-28 12:29 - 2014-06-28 12:29 - 00002267 _____ () C:\Users\Debbie\Desktop\RK Steps.txt
2014-06-27 18:58 - 2014-06-28 13:01 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-27 18:58 - 2014-06-27 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-27 18:53 - 2014-06-27 18:53 - 04721240 _____ () C:\Users\Debbie\Desktop\RogueKiller.exe
2014-06-25 18:57 - 2014-06-25 18:57 - 00000273 _____ () C:\Users\Debbie\Desktop\ESETScan.txt
2014-06-24 21:15 - 2014-06-24 21:15 - 00000000 ____D () C:\Users\Debbie\Desktop\backups
2014-06-22 16:30 - 2014-06-22 16:30 - 00004489 _____ () C:\Users\Debbie\Desktop\uninstall_list.txt
2014-06-22 16:28 - 2014-06-22 16:28 - 00011780 _____ () C:\Users\Debbie\Desktop\hijackthis.log
2014-06-22 16:24 - 2014-06-22 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Debbie\Desktop\HijackThis.exe
2014-06-21 22:52 - 2014-06-21 22:54 - 00001992 _____ () C:\Users\Debbie\Desktop\MBAM.txt
2014-06-21 22:39 - 2014-06-28 16:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 22:39 - 2014-06-21 22:39 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 22:39 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 22:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 22:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 22:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 20:23 - 2014-06-21 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 20:19 - 2014-06-21 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 20:16 - 2014-06-21 20:16 - 00000991 _____ () C:\Users\Debbie\Desktop\checkup.txt
2014-06-21 20:08 - 2014-06-21 20:08 - 00854390 _____ () C:\Users\Debbie\Desktop\SecurityCheck.exe
2014-06-21 20:05 - 2014-06-21 20:05 - 00024072 _____ () C:\Users\Debbie\Desktop\OTL2.txt
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\_OTL
2014-06-18 21:44 - 2014-06-18 21:44 - 00086352 _____ () C:\Users\Debbie\Desktop\OTL.Txt
2014-06-18 21:20 - 2014-06-18 21:20 - 00121319 _____ () C:\Users\Debbie\Desktop\JRT.txt
2014-06-18 21:12 - 2014-06-18 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 21:08 - 2014-06-18 21:08 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-06-18 21:04 - 2014-06-18 21:04 - 00006293 _____ () C:\Users\Debbie\Desktop\AdwCleaner[S0].txt
2014-06-18 20:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-18 20:56 - 2014-06-18 20:59 - 00000000 ____D () C:\AdwCleaner
2014-06-18 20:54 - 2014-06-18 20:55 - 01333465 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.212.exe
2014-06-15 20:16 - 2014-06-15 20:16 - 00069964 _____ () C:\Users\Debbie\Desktop\Extras.Txt
2014-06-15 19:58 - 2014-06-15 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Debbie\Desktop\OTL.exe
2014-06-10 20:48 - 2014-06-10 20:48 - 00000934 _____ () C:\Users\Public\Desktop\Comet Player.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000788 _____ () C:\Users\Public\Desktop\MpcStar.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
2014-06-10 20:47 - 2014-06-10 20:52 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\tigerplayer
2014-06-10 20:47 - 2014-06-10 20:49 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\CometPlayer
2014-06-10 20:47 - 2014-06-10 20:48 - 00000000 ____D () C:\Program Files\MpcStar
2014-06-10 20:17 - 2014-05-28 10:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 20:17 - 2014-05-28 10:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 20:17 - 2014-05-28 10:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 20:17 - 2014-05-28 10:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 20:17 - 2014-05-28 10:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 20:17 - 2014-05-28 10:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 20:17 - 2014-05-28 10:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-10 20:17 - 2014-05-28 10:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 20:17 - 2014-05-28 10:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 20:17 - 2014-05-28 10:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-10 20:17 - 2014-05-28 10:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-10 20:17 - 2014-05-28 10:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 20:17 - 2014-04-26 10:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 20:17 - 2014-04-04 20:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 20:17 - 2014-03-09 19:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 20:17 - 2014-03-09 19:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-09 21:29 - 2014-06-22 08:50 - 00000000 ____D () C:\Program Files\BitComet
2014-06-09 21:17 - 2014-06-15 23:07 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\BitComet
2014-06-07 19:05 - 2014-06-07 19:05 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-07 19:00 - 2014-06-07 19:02 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Debbie\Desktop\SkypeSetup.exe
2014-06-05 13:33 - 2014-06-05 13:33 - 00000000 ____D () C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
2014-06-05 13:31 - 2014-06-05 13:41 - 00000077 _____ () C:\Users\Debbie\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-05 13:19 - 2014-06-05 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2014-06-05 13:18 - 2014-06-05 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2014-06-05 13:18 - 2012-12-10 13:48 - 00035840 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial.sys
2014-06-05 13:16 - 2014-06-05 13:16 - 00002158 _____ () C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
2014-06-05 13:16 - 2014-06-05 13:16 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-06-05 13:15 - 2014-06-05 13:16 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-06-05 10:24 - 2014-03-25 07:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-05 10:23 - 2014-02-05 19:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-06-28 17:52 - 2014-06-28 17:52 - 00020623 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-28 17:52 - 2014-06-28 17:50 - 00000000 ____D () C:\FRST
2014-06-28 17:49 - 2014-06-28 17:49 - 01073664 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2014-06-28 17:31 - 2009-09-13 06:50 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Skype
2014-06-28 17:19 - 2012-04-07 06:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 17:19 - 2009-09-13 07:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 16:42 - 2014-06-21 22:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 16:37 - 2009-09-05 18:33 - 00031966 _____ () C:\ProgramData\nvModes.001
2014-06-28 16:37 - 2009-01-10 10:39 - 00000329 _____ () C:\ProgramData\hpqp.ini
2014-06-28 16:34 - 2007-12-30 23:07 - 01589365 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 16:34 - 2006-11-02 04:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 16:30 - 2006-11-02 06:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-28 16:29 - 2009-09-13 07:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 16:28 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 16:28 - 2006-11-02 06:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 16:28 - 2006-11-02 06:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 14:14 - 2009-12-26 07:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-28 14:14 - 2006-11-02 07:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 13:07 - 2014-06-28 13:07 - 00005917 _____ () C:\Users\Debbie\Desktop\REreport[2].txt
2014-06-28 13:01 - 2014-06-27 18:58 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-28 12:59 - 2009-09-05 18:33 - 00031966 _____ () C:\ProgramData\nvModes.dat
2014-06-28 12:56 - 2014-06-28 12:56 - 00003494 _____ () C:\Users\Debbie\Desktop\REreport[1].txt
2014-06-28 12:29 - 2014-06-28 12:29 - 00002267 _____ () C:\Users\Debbie\Desktop\RK Steps.txt
2014-06-27 18:58 - 2014-06-27 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-27 18:53 - 2014-06-27 18:53 - 04721240 _____ () C:\Users\Debbie\Desktop\RogueKiller.exe
2014-06-26 21:45 - 2011-03-27 12:01 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\HpUpdate
2014-06-26 21:28 - 2009-12-31 16:44 - 00000000 ____D () C:\Users\Debbie\AppData\Local\CrashDumps
2014-06-25 19:01 - 2014-01-15 22:19 - 00018224 _____ () C:\Windows\PFRO.log
2014-06-25 18:57 - 2014-06-25 18:57 - 00000273 _____ () C:\Users\Debbie\Desktop\ESETScan.txt
2014-06-25 09:29 - 2014-03-12 18:08 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-06-24 21:15 - 2014-06-24 21:15 - 00000000 ____D () C:\Users\Debbie\Desktop\backups
2014-06-24 20:53 - 2013-02-09 21:42 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-22 16:30 - 2014-06-22 16:30 - 00004489 _____ () C:\Users\Debbie\Desktop\uninstall_list.txt
2014-06-22 16:28 - 2014-06-22 16:28 - 00011780 _____ () C:\Users\Debbie\Desktop\hijackthis.log
2014-06-22 16:24 - 2014-06-22 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Debbie\Desktop\HijackThis.exe
2014-06-22 08:50 - 2014-06-09 21:29 - 00000000 ____D () C:\Program Files\BitComet
2014-06-21 22:54 - 2014-06-21 22:52 - 00001992 _____ () C:\Users\Debbie\Desktop\MBAM.txt
2014-06-21 22:39 - 2014-06-21 22:39 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 22:39 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 20:23 - 2014-06-21 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 20:21 - 2014-06-21 20:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 20:16 - 2014-06-21 20:16 - 00000991 _____ () C:\Users\Debbie\Desktop\checkup.txt
2014-06-21 20:08 - 2014-06-21 20:08 - 00854390 _____ () C:\Users\Debbie\Desktop\SecurityCheck.exe
2014-06-21 20:05 - 2014-06-21 20:05 - 00024072 _____ () C:\Users\Debbie\Desktop\OTL2.txt
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\_OTL
2014-06-21 19:58 - 2009-05-11 05:27 - 00000000 ____D () C:\Users\Debbie\AppData\Temp
2014-06-18 21:59 - 2014-03-03 09:05 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-18 21:44 - 2014-06-18 21:44 - 00086352 _____ () C:\Users\Debbie\Desktop\OTL.Txt
2014-06-18 21:20 - 2014-06-18 21:20 - 00121319 _____ () C:\Users\Debbie\Desktop\JRT.txt
2014-06-18 21:12 - 2014-06-18 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 21:08 - 2014-06-18 21:08 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-06-18 21:04 - 2014-06-18 21:04 - 00006293 _____ () C:\Users\Debbie\Desktop\AdwCleaner[S0].txt
2014-06-18 20:59 - 2014-06-18 20:56 - 00000000 ____D () C:\AdwCleaner
2014-06-18 20:55 - 2014-06-18 20:54 - 01333465 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.212.exe
2014-06-15 23:07 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\BitComet
2014-06-15 20:16 - 2014-06-15 20:16 - 00069964 _____ () C:\Users\Debbie\Desktop\Extras.Txt
2014-06-15 19:58 - 2014-06-15 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Debbie\Desktop\OTL.exe
2014-06-10 22:01 - 2013-07-29 05:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 21:51 - 2006-11-02 04:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 20:52 - 2014-06-10 20:47 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\tigerplayer
2014-06-10 20:49 - 2014-06-10 20:47 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\CometPlayer
2014-06-10 20:48 - 2014-06-10 20:48 - 00000934 _____ () C:\Users\Public\Desktop\Comet Player.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000788 _____ () C:\Users\Public\Desktop\MpcStar.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
2014-06-10 20:48 - 2014-06-10 20:47 - 00000000 ____D () C:\Program Files\MpcStar
2014-06-08 16:49 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-07 19:05 - 2014-06-07 19:05 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-07 19:04 - 2009-09-13 06:49 - 00000000 ___RD () C:\Program Files\Skype
2014-06-07 19:04 - 2009-09-13 06:49 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 19:02 - 2014-06-07 19:00 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Debbie\Desktop\SkypeSetup.exe
2014-06-05 13:41 - 2014-06-05 13:31 - 00000077 _____ () C:\Users\Debbie\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-05 13:41 - 2011-01-24 21:01 - 00000385 _____ () C:\Users\Debbie\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-05 13:38 - 2014-01-19 20:44 - 00010522 _____ () C:\Windows\setupact.log
2014-06-05 13:33 - 2014-06-05 13:33 - 00000000 ____D () C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
2014-06-05 13:27 - 2013-12-08 16:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-06-05 13:26 - 2010-12-12 17:59 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-06-05 13:19 - 2014-06-05 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2014-06-05 13:19 - 2008-01-21 20:04 - 00000000 ____D () C:\Users\Debbie
2014-06-05 13:18 - 2014-06-05 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2014-06-05 13:18 - 2011-01-24 19:32 - 00003392 _____ () C:\Users\Debbie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-06-05 13:16 - 2014-06-05 13:16 - 00002158 _____ () C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
2014-06-05 13:16 - 2014-06-05 13:16 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-06-05 13:16 - 2014-06-05 13:15 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-06-05 13:16 - 2009-10-04 13:20 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-06-05 13:16 - 2009-10-04 13:19 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2014-06-05 11:20 - 2012-04-07 06:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-05 11:20 - 2011-05-17 11:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 10:05 - 2012-01-09 17:56 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-05 10:04 - 2008-03-12 08:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe

Files to move or delete:
====================
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
C:\ProgramData\PKP_DLdu.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 16:35

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Debbie at 2014-06-28 17:53:19
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AGEIA PhysX v6.12.02 (HKLM\...\{7032E73F-68A0-48F9-8100-E70E79169BAE}) (Version: 6.12.02 - AGEIA Technologies, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Broadcom Corporation)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.2.01.02240 - Sony Corporation)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
ESU for Microsoft Vista (HKLM\...\{68471BF2-F1F7-4C89-BBBA-400B94996596}) (Version: 2.0.10.1 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.7508 - Hewlett-Packard)
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Solutions Framework (HKLM\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HP User Guides 0090 (HKLM\...\{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
KODAK EASYSHARE Gallery Upload ActiveX Control (HKLM\...\OfotoEZUpload) (Version: - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mindful Clock (HKLM\...\{875CC76F-58AC-45BB-AFF7-46F988DDF92C}) (Version: 3.2 - SteigerSoft)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version: - )
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.9 - Hewlett-Packard)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
MyMailList & AddressBook (HKLM\...\{DD78A3E4-4C62-4CE4-8CF5-136F29BBA0B4}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
Pinnacle TVCenter Pro (HKLM\...\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}) (Version: 4.70.1426 - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sirius Device Recovery (HKLM\...\InstallShield_{CC23F0EF-15E9-4264-8165-272A5AA2B873}) (Version: 1.00.0007 - Sirius)
Sirius Device Recovery (Version: 1.00.0007 - Sirius) Hidden
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\0D5930BD8653120870DA6E7F2150CA8AB1CF22A5) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Restore Points =========================

14-06-2014 03:41:55 Scheduled Checkpoint
16-06-2014 03:56:33 Scheduled Checkpoint
20-06-2014 04:49:13 Scheduled Checkpoint
22-06-2014 03:58:02 Scheduled Checkpoint
23-06-2014 04:04:24 Scheduled Checkpoint
25-06-2014 06:56:35 Scheduled Checkpoint
27-06-2014 04:50:31 Removed Bing Bar

==================== Hosts content: ==========================

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {019FDD61-0D3C-40C8-9367-AC6A5DDA8644} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F85AF63-0C15-4F7D-AE2E-776A4A749308} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {52DBE431-27F2-439D-AE7B-CA8B16DF74B3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {56F0A357-06E5-455E-B67F-2F7DE155EE79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05] (Adobe Systems Incorporated)
Task: {6E5D4B9C-DE9F-4377-86BA-CCBB9EE3139C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {830CE82D-F331-4209-AA86-877F3FF46B81} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe
Task: {C5E72B9D-A19C-4034-B466-8652F01430FE} - System32\Tasks\Western Digital\SmartWare\____Volume_30171835_c90a_11dc_8492_806e6f6e6963______Volume_b76f8b35_aaf6_11e3_ab47_001d72433463__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe
Task: {C8EE78EC-62C8-48FF-9680-06F40E424122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13] (Google Inc.)
Task: {C943DD5C-D9EF-4070-AB20-AE04D3DB5BBD} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {CCDAF767-428E-4907-9BDE-0382482FFCCF} - System32\Tasks\{6AA0613B-040C-41CF-9A81-8D20B3D705BB} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {D4C2EF9B-3F05-42F0-9178-7FBE8FDD0992} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EFCC439B-E33C-4193-9A58-72EFAE6C9A1C} - System32\Tasks\Microsoft\Windows\RestartManager\{6704D7CE-C25B-4567-A5D6-83C7ACC233BC} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F10E06ED-F3BC-4481-B4E5-60A9C0779421} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {F578E4B4-08E4-43B6-8D01-7D2A008AA809} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {F905E85E-0546-4B72-ADC4-3F08FDAABE27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FF81AE14-B5F1-473C-A88F-21EA4A2AF45F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Debbie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-17 07:55 - 2009-04-17 04:52 - 00049152 _____ () C:\Windows\System32\LXEAPMON.DLL
2010-01-17 07:55 - 2009-01-13 07:15 - 04485120 _____ () C:\Windows\System32\LXEAOEM.DLL
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00292216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2014-01-20 06:43 - 2010-03-08 14:31 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00116080 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2007-11-02 03:30 - 2007-01-09 04:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2009-10-12 15:18 - 2009-08-16 15:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: LightScribeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Debbie\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: PMCLoader => C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
MSCONFIG\startupreg: PMCRemote => C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2014 02:14:10 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (06/28/2014 00:36:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2014 09:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mmc.exe, version 6.0.6002.18005, time stamp 0x49e01c0a, faulting module mmcndmgr.dll_unloaded, version 0.0.0.0, time stamp 0x49e0375c, exception code 0xc0000005, fault offset 0x5acf69c0,
process id 0x11b8, application start time 0xmmc.exe0.

Error: (06/25/2014 09:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1764
Start Time: 01cf90f05e6f71e9
Termination Time: 122

Error: (06/25/2014 09:40:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a54
Start Time: 01cf90f009e74719
Termination Time: 27

Error: (06/25/2014 06:34:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d74
Start Time: 01cf9023b0400527
Termination Time: 0

Error: (06/24/2014 09:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c, exception code 0xc0000005, fault offset 0x00048562,
process id 0xccc, application start time 0xiexplore.exe0.

Error: (06/21/2014 10:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module QtCore4.dll, version 4.8.4.0, time stamp 0x51352df8, exception code 0xc0000005, fault offset 0x0010ebb3,
process id 0x114c, application start time 0xmbam.exe0.

Error: (06/21/2014 07:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module AcroPDF.dll_unloaded, version 0.0.0.0, time stamp 0x536b5ec7, exception code 0xc0000005, fault offset 0x64e097e3,
process id 0x119c, application start time 0xiexplore.exe0.

Error: (06/20/2014 09:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 87c
Start Time: 01cf8d045a70d7a0
Termination Time: 28

System errors:
=============
Error: (06/28/2014 04:37:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}

Error: (06/28/2014 04:29:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/28/2014 01:07:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}

Error: (06/28/2014 00:59:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
BHDrvx86
ccSet_N360
DfsC
eeCtrl
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIM
SymIRON
SYMTDIv
Tcpip
tdx
Wanarpv6

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================
Error: (06/28/2014 02:14:10 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context: Application, SystemIndex Catalog

Error: (06/28/2014 00:36:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2014 09:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmc.exe6.0.6002.1800549e01c0ammcndmgr.dll_unloaded0.0.0.049e0375cc00000055acf69c011b801cf91b7aa7890c8

Error: (06/25/2014 09:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555176401cf90f05e6f71e9122

Error: (06/25/2014 09:40:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555a5401cf90f009e7471927

Error: (06/25/2014 06:34:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555d7401cf9023b04005270

Error: (06/24/2014 09:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63RPCRT4.dll6.0.6002.1888251dd2d9cc000000500048562ccc01cf90240c7732a7

Error: (06/21/2014 10:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532QtCore4.dll4.8.4.051352df8c00000050010ebb3114c01cf8dc1129f6df7

Error: (06/21/2014 07:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63AcroPDF.dll_unloaded0.0.0.0536b5ec7c000000564e097e3119c01cf8dbb0ffb6e01

Error: (06/20/2014 09:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1655587c01cf8d045a70d7a028

CodeIntegrity Errors:
===================================
Date: 2014-06-28 17:53:11.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:10.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:09.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:09.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:08.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:07.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:06.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:53:05.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:52:36.465
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2014-06-28 17:52:35.671
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3006.18 MB
Available physical RAM: 1354.46 MB
Total Pagefile: 6228.86 MB
Available Pagefile: 4509.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.95 GB) (Free:137.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9BCA9BCA)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#22
Satchfan

Posted 30 June 2014 - 04:30 AM

Trusted Helper

Malware Removal
624 posts

Sorry about the delay but we had a “blip” with the Internet connection yesterday.

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.


SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Program Files\HappinessInfusion_5w
C:\Users\Debbie\AppData\Local\Temp

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work – ie it must be saved in C:\Users\Debbie\Desktop
run FRST then click Fix just once and wait
it will create a log (Fixlog.txt); please post it to your reply.

================================================

Can you tell me if you have recently installed a Lexmark printer.

Satchfan

#23
paren12

Posted 30 June 2014 - 09:24 PM

Member

Topic Starter
Member
78 posts

Satchfan,

I have not tryed to install any printers since receiving the computer. Find fixlog below.

paren12

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Debbie at 2014-06-30 21:01:11 Run:1
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Program Files\HappinessInfusion_5w
C:\Users\Debbie\AppData\Local\Temp
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52D7C069-0A9F-4BF2-9B5C-75C583951204}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{52D7C069-0A9F-4BF2-9B5C-75C583951204}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully.
'HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} => value deleted successfully.
'HKCR\CLSID\{4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}' => Key deleted successfully.
'HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}' => Key Deleted successfully.
C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll not found.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"C:\Program Files\HappinessInfusion_5w" => File/Directory not found.

"C:\Users\Debbie\AppData\Local\Temp" directory move:

C:\Users\Debbie\AppData\Local\Temp\225B3A87-F73E-4546-99A5-91AD4DFD41C5.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\4379CD5C-74C4-4DBC-BB24-44A7BD18B28A.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\73F65432-591A-4B63-8BED-B0DAAEE9AB7F.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\C9FB4EC0-5EC3-4387-AD11-3945FC697EA8.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Debbie.bmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\EB07A17D-06A1-4EA2-91E8-BC28331FF874.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\F8C30E29-7D14-4F45-9C4D-D9BF456B6F51.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\~DF9131.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\~DF9A0E.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\MYRPCLC3\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\JWHD0RUD\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\EMCWY475\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\04KC553V\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat431D.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat5FC0.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat6E3F.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Debbie\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-30 21:13:30)<=

C:\Users\Debbie\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

#24
Satchfan

Posted 01 July 2014 - 02:01 AM

Trusted Helper

Malware Removal
624 posts

I know that you have run a couple of these before but I’d like an up-to-date look at the logs now that we’ve cleaned some stuff up.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Run McAfee removal tool

There were some remnants of McAfee showing in one of the logs and we need to remove them.

Download and run McAfee Removal Tool

===================================================

Run AdwCleaner

I’d like you to run this again.

run AdwCleaner
when it has finished, select Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run OTL

open OTL again, click on Extra Registry -> Use Safelist
then click Run Scan
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Please post back with the AdwCleaner log and the two OTL logs.

Thanks

Satchfan

#25
paren12

Posted 01 July 2014 - 03:44 PM

Member

Topic Starter
Member
78 posts

Satchfan,

Find requested logs below.

# AdwCleaner v3.214 - Report created 01/07/2014 at 15:22:46
# Updated 29/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Debbie - DEBS-LAPTOP
# Running from : C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6401 octets] - [18/06/2014 20:57:32]
AdwCleaner[R1].txt - [1641 octets] - [01/07/2014 15:21:19]
AdwCleaner[S0].txt - [6293 octets] - [18/06/2014 20:59:19]
AdwCleaner[S1].txt - [1576 octets] - [01/07/2014 15:22:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1636 octets] ##########

OTL logfile created on: 01/07/2014 3:28:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Debbie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.23% Memory free
6.07 Gb Paging File | 4.68 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.95 Gb Total Space | 140.22 Gb Free Space | 63.46% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.49 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

Computer Name: DEBS-LAPTOP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/15 19:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
PRC - [2014/03/06 13:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2009/08/16 15:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2014/06/05 11:20:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/04/03 18:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/06 13:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/18 15:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2014/07/01 15:25:44 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/10 20:25:46 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/10 20:25:45 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/05 04:34:28 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140630.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/06/05 04:34:28 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140630.008\NAVENG.SYS -- (NAVENG)
DRV - [2014/06/04 13:54:50 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140630.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/05/09 19:07:24 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/03/03 22:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symefa.sys -- (SymEFA)
DRV - [2014/02/17 19:32:41 | 000,384,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2014/02/12 19:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1503000.00C\srtsp.sys -- (SRTSP)
DRV - [2013/12/08 15:55:14 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 20:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 20:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 20:47:43 | 000,063,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013/09/09 20:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symds.sys -- (SymDS)
DRV - [2013/09/09 19:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\srtspx.sys -- (SRTSPX)
DRV - [2013/08/06 14:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/06 13:39:02 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/06 13:39:01 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/24 09:38:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/18 10:01:06 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/06 14:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 09:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 18:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 09:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/16 14:48:50 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zsi_fmw.sys -- (zsi_fmw)
DRV - [2007/07/16 14:48:50 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zsi_zap.sys -- (zsi_zap)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/07 14:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/15 19:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/29 19:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 19:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Debbie\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Debbie\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 17:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/07/01 15:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/03/12 12:55:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Debbie\Program Files\DNA [2010/01/17 10:33:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 17:42:53 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A0225E-0DFA-4F13-AF9F-BA3E7B5C6895}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB92756-9CDA-46EE-95EE-1074DAE26A56}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/02 03:06:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b76f8b33-aaf6-11e3-ab47-001d72433463}\Shell - "" = AutoRun
O33 - MountPoints2\{b76f8b33-aaf6-11e3-ab47-001d72433463}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/01 15:07:21 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
[2014/06/30 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Temp
[2014/06/28 17:50:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/28 17:49:08 | 001,073,664 | ---- | C] (Farbar) -- C:\Users\Debbie\Desktop\FRST.exe
[2014/06/27 18:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/24 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Debbie\Desktop\backups
[2014/06/22 16:24:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Debbie\Desktop\HijackThis.exe
[2014/06/21 22:39:47 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/21 22:39:22 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/21 22:39:22 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/21 22:39:22 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/21 22:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/21 20:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/21 20:19:24 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
[2014/06/21 19:58:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/18 21:12:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/18 21:08:51 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Debbie\Desktop\JRT.exe
[2014/06/18 20:58:09 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/18 20:56:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/15 19:58:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2014/06/10 20:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2014/06/10 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\CometPlayer
[2014/06/10 20:47:58 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\tigerplayer
[2014/06/10 20:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2014/06/10 20:17:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/10 20:17:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/06/10 20:17:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/10 20:17:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/06/10 20:17:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/10 20:17:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/06/10 20:17:22 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/10 20:17:22 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/10 20:17:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/10 20:17:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/10 20:17:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/10 20:17:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/09 21:30:35 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/06/09 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2014/06/09 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\BitComet
[2014/06/07 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Skype
[2014/06/07 19:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/07 19:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/06/07 19:00:33 | 001,677,440 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Debbie\Desktop\SkypeSetup.exe
[2014/06/05 13:33:16 | 000,000,000 | ---D | C] -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
[2014/06/05 13:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2014/06/05 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2009/01/10 10:41:01 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/01/10 10:41:01 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/01/10 10:41:01 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/01/10 10:41:01 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/01/10 10:41:01 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/10/13 14:38:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Debbie\AppData\Roaming\pcouffin.sys
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Debbie\Desktop\*.tmp files -> C:\Users\Debbie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/01 15:33:41 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/07/01 15:32:21 | 000,647,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/01 15:32:21 | 000,124,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/01 15:25:44 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/01 15:25:36 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/07/01 15:25:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/01 15:24:42 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/01 15:24:42 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/01 15:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/01 15:23:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/07/01 15:20:02 | 001,346,519 | ---- | M] () -- C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
[2014/07/01 15:19:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/01 15:19:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/01 15:09:54 | 000,000,329 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/01 15:07:58 | 003,480,040 | ---- | M] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
[2014/06/28 17:49:08 | 001,073,664 | ---- | M] (Farbar) -- C:\Users\Debbie\Desktop\FRST.exe
[2014/06/28 13:01:25 | 000,035,152 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/27 18:53:08 | 004,721,240 | ---- | M] () -- C:\Users\Debbie\Desktop\RogueKiller.exe
[2014/06/26 22:28:38 | 000,040,057 | ---- | M] () -- C:\Windows\System32\drivers\N360\1503000.00C\VT20140626.025
[2014/06/25 19:08:37 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/06/23 21:29:27 | 001,188,238 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00019.jpg
[2014/06/23 21:28:52 | 001,130,128 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00017.jpg
[2014/06/23 21:28:35 | 001,173,818 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00016.jpg
[2014/06/23 21:28:13 | 001,078,715 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00011.jpg
[2014/06/23 21:27:49 | 001,789,696 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00015.jpg
[2014/06/23 21:27:34 | 001,480,485 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00010.jpg
[2014/06/23 21:27:16 | 000,256,609 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00009.jpg
[2014/06/22 16:24:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Debbie\Desktop\HijackThis.exe
[2014/06/21 22:39:25 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/21 20:21:24 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
[2014/06/21 20:08:55 | 000,854,390 | ---- | M] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
[2014/06/18 21:59:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/18 21:08:51 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Debbie\Desktop\JRT.exe
[2014/06/15 19:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2014/06/12 20:48:43 | 000,089,495 | ---- | M] () -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\40A80908-114E-4ABD-932B-0FCB95E515C9.jpg
[2014/06/10 20:48:21 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2014/06/10 20:48:21 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2014/06/10 20:16:40 | 002,734,109 | ---- | M] () -- C:\Windows\System32\drivers\N360\1503000.00C\Cat.DB
[2014/06/07 19:04:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/07 19:02:52 | 001,677,440 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Debbie\Desktop\SkypeSetup.exe
[2014/06/05 13:19:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2014/06/05 13:18:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2014/06/05 13:16:57 | 000,002,158 | ---- | M] () -- C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
[2014/06/05 11:20:20 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/05 11:20:20 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Debbie\Desktop\*.tmp files -> C:\Users\Debbie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/01 15:19:00 | 001,346,519 | ---- | C] () -- C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
[2014/06/27 18:58:33 | 000,035,152 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/27 18:53:08 | 004,721,240 | ---- | C] () -- C:\Users\Debbie\Desktop\RogueKiller.exe
[2014/06/23 21:29:26 | 001,188,238 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00019.jpg
[2014/06/23 21:28:51 | 001,130,128 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00017.jpg
[2014/06/23 21:28:35 | 001,173,818 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00016.jpg
[2014/06/23 21:28:13 | 001,078,715 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00011.jpg
[2014/06/23 21:27:49 | 001,789,696 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00015.jpg
[2014/06/23 21:27:34 | 001,480,485 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00010.jpg
[2014/06/23 21:27:16 | 000,256,609 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00009.jpg
[2014/06/21 22:39:25 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/21 20:08:55 | 000,854,390 | ---- | C] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
[2014/06/12 20:48:43 | 000,089,495 | ---- | C] () -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\40A80908-114E-4ABD-932B-0FCB95E515C9.jpg
[2014/06/10 20:48:21 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2014/06/10 20:48:21 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2014/06/07 19:04:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/05 13:19:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2014/06/05 13:18:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2014/06/05 13:16:56 | 000,002,158 | ---- | C] () -- C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
[2014/03/31 19:20:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\Workflows
[2014/03/30 07:26:28 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2014/03/13 17:13:58 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2014/01/22 06:49:04 | 000,139,252 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/25 16:29:44 | 000,005,190 | ---- | C] () -- C:\Users\Debbie\Debbies E Mail Contacts.rar
[2011/01/24 18:10:06 | 000,024,175 | ---- | C] () -- C:\Users\Debbie\Debbies E Mail Contacts.csv
[2010/04/25 06:28:44 | 000,023,234 | ---- | C] () -- C:\Users\Debbie\WLMContacts.csv
[2009/10/04 14:23:11 | 000,150,628 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\UserTile.png
[2009/09/13 07:01:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/05 18:33:52 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/05 18:33:35 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/19 08:15:35 | 000,000,552 | ---- | C] () -- C:\Users\Debbie\AppData\Local\d3d8caps.dat
[2009/01/25 19:28:40 | 000,001,044 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\vso_ts_preview.xml
[2009/01/10 10:39:46 | 000,000,329 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/11/19 07:48:13 | 000,000,000 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\wklnhst.dat
[2008/10/13 14:38:17 | 000,087,608 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\inst.exe
[2008/10/13 14:38:17 | 000,007,887 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\pcouffin.cat
[2008/10/13 14:38:17 | 000,001,144 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\pcouffin.inf
[2008/07/05 18:44:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/07/05 18:44:30 | 000,000,000 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\howto
[2008/02/29 20:09:08 | 000,923,136 | -HS- | C] () -- C:\Users\Debbie\ehthumbs_vista.db
[2008/01/23 21:38:34 | 000,039,936 | ---- | C] () -- C:\Users\Debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 18:12:07 | 000,001,356 | ---- | C] () -- C:\Users\Debbie\AppData\Local\d3d9caps.dat
[2008/01/21 22:49:58 | 000,027,430 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\nvModes.001
[2008/01/21 22:49:56 | 000,027,430 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 07:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/10/18 20:02:40 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?@?=lotserviceruntime.log) -- C:\Windows\System32\노@=lotserviceruntime.log
[2013/10/18 20:02:40 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?@?=lotserviceruntime.log) -- C:\Windows\System32\노@=lotserviceruntime.log
[2013/07/30 07:13:29 | 000,000,056 | ---- | M] ()(C:\Windows\System32\?]?[lotserviceruntime.log) -- C:\Windows\System32\ᷨ][lotserviceruntime.log
[2013/07/30 07:13:29 | 000,000,056 | ---- | C] ()(C:\Windows\System32\?]?[lotserviceruntime.log) -- C:\Windows\System32\ᷨ][lotserviceruntime.log
[2013/02/18 17:38:45 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?6?8lotserviceruntime.log) -- C:\Windows\System32\矠68lotserviceruntime.log
[2013/02/18 17:38:45 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?6?8lotserviceruntime.log) -- C:\Windows\System32\矠68lotserviceruntime.log
[2013/01/04 15:48:00 | 000,000,156 | ---- | M] ()(C:\Windows\System32\?2?;lotserviceruntime.log) -- C:\Windows\System32\놀2;lotserviceruntime.log
[2013/01/04 15:48:00 | 000,000,156 | ---- | C] ()(C:\Windows\System32\?2?;lotserviceruntime.log) -- C:\Windows\System32\놀2;lotserviceruntime.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

OTL Extras logfile created on: 01/07/2014 3:28:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Debbie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.23% Memory free
6.07 Gb Paging File | 4.68 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.95 Gb Total Space | 140.22 Gb Free Space | 63.46% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.49 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

Computer Name: DEBS-LAPTOP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035088AD-3233-4399-9098-16E21F5EFE7A}" = lport=139 | protocol=6 | dir=in | app=system |
"{194A310D-B718-4CF3-9972-E03E12EBB858}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C6B79B7-B360-42D6-B3B7-CFA360A2E9CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{28C8DC48-6265-4534-9537-317E7854C6CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{29F9664A-97A0-4989-ADCC-E947A4FDA4DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3218D098-9019-4DA2-9150-CF330407198A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FFB5AAE-D82D-49A4-86BE-131CF12497D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46159883-BB72-4612-B330-E9AA8527610B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{52BBEC53-101E-41BF-A70C-A3B9DEC6EBC3}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{581C4B53-6FEB-43BE-901C-956E8C0F519C}" = rport=137 | protocol=17 | dir=out | app=system |
"{682E5EDB-0F4E-4465-A311-097C0783FABA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6AC5B757-EB36-4592-95FF-1942916253C6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{6CAA3B67-234E-4970-85FB-772F0A2CA59A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{70D8D593-AAA9-4FCC-BCC6-74FB9111A4BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{82F75127-3337-4861-93EF-82BDF6284A0C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{870C63AC-6AAE-4A7E-AAA4-D0529E46AB43}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{8A4F61DE-63D6-44FB-97EB-39DA5A82E43D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8C72685B-1303-4129-90E0-B37C8EDB3403}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D78ED71-8173-4714-AF44-7C6B32286D23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{912FA217-23D7-4B90-9AEF-2FA7EDF93C26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A36CEA14-3156-4580-861E-9ECB156DB929}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A89DC239-C372-4422-AFDC-3DCC5047B508}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB6B13FA-3C9C-446E-972F-FE60DFE7C299}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E3AD16F4-6F07-4036-A763-2A91F953E658}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC77DC05-E619-4C65-A898-759F03DB9E40}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083883F2-8F64-4DDF-A37D-824404841F24}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{0A8AD4C5-8D3F-45B5-93EC-F65EAEC97D85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0AD5B223-8147-4E9A-B40B-8DF3ECAA4298}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D1A302D-8F2B-415C-86F9-DA1542419F2D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0E9C5C5D-607E-4B43-AFE5-2E7DE44CAE06}" = dir=in | app=c:\users\debbie\appdata\local\tnt2\2.0.0.1702\tnt2user.exe |
"{0F413AE5-3AFE-4B80-91F1-899BD12F4877}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1F877F1F-92DD-49C8-95A0-A68D2F2BD8DD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2290F097-3C1C-42D8-B182-B11DFC714D79}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{263EDD16-E744-4DC0-B8E5-30904A1D3FAF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2667C912-6000-4E8E-9B93-5E6803AAABB6}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{28C3ABFA-31CF-4625-9894-78C32C773282}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2BDB99B8-7BD6-4577-A766-5F4675361C44}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2F3B6431-EE85-4D3E-BCA7-E1357A917395}" = protocol=6 | dir=in | app=c:\windows\system32\dlcgcoms.exe |
"{31BF28D1-EEFB-4D77-8A28-84B4E5C257E9}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3720EF9C-457B-403D-A2A3-650F0BCB5C3D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{37444776-53DA-4C91-9DC2-1D86AED57E93}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{384B3AE0-FD1C-4D89-BCCB-99B742EF806C}" = protocol=6 | dir=out | app=system |
"{3D3F58D0-7FF2-461A-8DFF-03AD539C9EB9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{45AEBAB3-743C-4A9F-A278-BA597C8B0134}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4B66EB38-DE15-4CFA-BD64-BF5152CF0C77}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{4D630C61-B791-4168-9D33-4A64A5F7450F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4EB4603D-1628-4DC2-A214-942E2867B328}" = protocol=1 | dir=out | [email protected],-28544 |
"{53030F0B-7825-4420-B18E-86AED46D07D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{540BDCAC-E800-4664-914F-7E8398238E4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5558BBA0-923C-4666-A370-B7A1EF7E264A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A55DCB-2730-478E-98EB-6CC3C4E96661}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5E2291EF-C681-406A-9386-3E38EE0B1BDE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5E2E28C3-9871-4FE0-901B-B5B59F8498A3}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{62436851-C002-4FCE-848C-40DABCD05FE0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6F7BB34E-3B5E-48AE-80DE-6FDA62F3964C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{71D8A380-632D-41E9-B2CF-FEC32600AD40}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7F4D586F-1FB1-4F87-978D-12AB0058D589}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80B679C8-1366-400E-9340-1D08038DCA9F}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{82BDC15F-DF1B-465C-81B4-1B9C035370D6}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{82F3116D-19E3-422E-B67F-7A8AF04E8EDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{842AF2E1-8BDE-42FA-9405-3F1FD07BBE02}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8EDE6277-ECFF-49B7-9010-4D0AFF5DCB0C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8F781A7F-1A1A-411B-BE9A-DBD5218CE3B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F96A033-C107-4059-B309-EF34092D92F5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{91D340FD-2951-4E5B-87C2-57F25A5923BC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{91D8A8F8-415E-4782-977E-9C1EB4D31F32}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{97FC2888-0F83-456D-B694-B39264C88932}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B3C03DC5-31E4-46FB-9DE9-F0ABAE648A1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{C4087E55-79DD-482E-9648-47492899F2F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C533B496-5E78-42D4-9150-0A2D060FA72A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CDD3B385-150A-46C2-A64D-35340CDD8940}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D03E6D96-2E82-4B3C-B1C8-48029A001DF0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D28B9847-D1C0-4EFA-8060-E9B31DFE5A36}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{DF1C8007-2A3C-4EA1-BCD0-F32622C3643B}" = protocol=1 | dir=in | [email protected],-28543 |
"{E4564704-7F6D-409F-A462-25EB99B06302}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{EE5A09FC-B782-45DB-8F64-D0A7465224D1}" = protocol=58 | dir=in | [email protected],-28545 |
"{F21F42F4-6D57-46A1-84DF-46FEDBE13306}" = protocol=17 | dir=in | app=c:\windows\system32\dlcgcoms.exe |
"{F7154241-96D0-42B5-B906-82DB4145DE91}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{43601DCB-B8ED-42BF-AFF9-A2F7B7FE7386}C:\users\debbie\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\debbie\program files\dna\btdna.exe |
"UDP Query User{5936D354-A47B-4259-8AE3-6CF624ABE218}C:\users\debbie\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\debbie\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81E14A67-42ED-4DD0-AE08-366FE3D3102E}" = HP Support Solutions Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{875CC76F-58AC-45BB-AFF7-46F988DDF92C}" = Mindful Clock
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD78A3E4-4C62-4CE4-8CF5-136F29BBA0B4}" = MyMailList & AddressBook
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0D5930BD8653120870DA6E7F2150CA8AB1CF22A5" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MpcStar" = MpcStar 5.4
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/06/2014 11:54:34 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 87c Start Time: 01cf8d045a70d7a0 Termination Time: 28

Error - 21/06/2014 9:41:48 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16555, time stamp
0x53860f63, faulting module AcroPDF.dll_unloaded, version 0.0.0.0, time stamp 0x536b5ec7,
exception code 0xc0000005, fault offset 0x64e097e3, process id 0x119c, application
start time 0x01cf8dbb0ffb6e01.

Error - 22/06/2014 12:35:25 AM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532,
faulting module QtCore4.dll, version 4.8.4.0, time stamp 0x51352df8, exception
code 0xc0000005, fault offset 0x0010ebb3, process id 0x114c, application start time
0x01cf8dc1129f6df7.

Error - 24/06/2014 11:28:46 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16555, time stamp
0x53860f63, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c,
exception code 0xc0000005, fault offset 0x00048562, process id 0xccc, application
start time 0x01cf90240c7732a7.

Error - 25/06/2014 8:34:20 AM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d74 Start Time: 01cf9023b0400527 Termination Time: 0

Error - 25/06/2014 11:40:26 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a54 Start Time: 01cf90f009e74719 Termination Time: 27

Error - 25/06/2014 11:42:22 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1764 Start Time: 01cf90f05e6f71e9 Termination Time: 122

Error - 26/06/2014 11:28:52 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application mmc.exe, version 6.0.6002.18005, time stamp 0x49e01c0a,
faulting module mmcndmgr.dll_unloaded, version 0.0.0.0, time stamp 0x49e0375c,
exception code 0xc0000005, fault offset 0x5acf69c0, process id 0x11b8, application
start time 0x01cf91b7aa7890c8.

Error - 28/06/2014 2:36:32 PM | Computer Name = Debs-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 28/06/2014 4:14:10 PM | Computer Name = Debs-Laptop | Source = Windows Search Service | ID = 3024
Description =

[ System Events ]
Error - 29/06/2014 11:06:17 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =

Error - 30/06/2014 10:31:53 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 30/06/2014 10:39:52 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =

Error - 30/06/2014 11:13:17 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 30/06/2014 11:21:31 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =

Error - 01/07/2014 5:02:09 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 01/07/2014 5:10:07 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =

Error - 01/07/2014 5:16:22 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 01/07/2014 5:26:07 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 01/07/2014 5:34:16 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =

< End of report >

#26
Satchfan

Posted 02 July 2014 - 01:31 AM

Trusted Helper

Malware Removal
624 posts

That’s looking good: just a few stragglers to clear up.

Run OTL

double click on the icon to run it.

copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL
[2014/07/01 15:07:21 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
O4 - HKLM..\Run: []  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ECF54A0E

:Files
ipconfig /flushdns /c
C:\Users\Debbie\Desktop\MCPR.exe

:Commands
[purity]
[emptytemp]
[Reboot]

click the Run Fix button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log.

Can you tell me if there are any remaining problems.

Satchfan

#27
paren12

Posted 02 July 2014 - 08:37 PM

Member

Topic Starter
Member
78 posts

Satchfan,

After the last two scans things have got much better. Start up is much quicker and the choppyness on the internet and when using programs is almost none existent now.

Below is the OTL log.

parent12

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Debbie\Desktop\MCPR.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Debbie\Desktop\cmd.bat deleted successfully.
C:\Users\Debbie\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Debbie\Desktop\MCPR.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Debbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58498622 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 833 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mstest

User: mstest.Debs-Laptop

User: Public

User: TEMP

User: TEMP.Debs-Laptop

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 602478 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11780 bytes

Total Files Cleaned = 56.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07022014_200916

Files\Folders moved on Reboot...
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TEJ2GHAL\postmessageRelay[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NA6K3O75\PRmiXeptR36kaC0GEAetxrFt29aCHKT7otDW9l62Aag[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9APKIQQ\DhmkJ2TR0QN[2].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9APKIQQ\fastbutton[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJGZP1FZ\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6SVNUYK\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\like[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\page-2[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\xjAJXh38I15wypJXxuGMBmfQcKutQXcIrRfyR5jdjY8[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#28
Satchfan

Posted 03 July 2014 - 01:12 AM

Trusted Helper

Malware Removal
624 posts

I am pretty sure that the problem was some remnants of McAfee still running and Norton, (although somewhat better than it was), is still a bit of a resource hog and would have been fighting with McAfee.

Has the scrolling problem also gone?

If all is well I'll send instructions to tidy up and remove the tools we've used which will also get rid of the quarantined files that Eset found.

Satchfan

#29
paren12

Posted 04 July 2014 - 05:35 PM

Member

Topic Starter
Member
78 posts

Satchfan,

Sorry for the delay. Is it advisable to just uninstall Norton? I have also noticed that any time it is running, everything slows down. It is just left over from before I recieved the computer and I will not be renewing anyway.

As to your quesiton, the scroll on the mouse pad still no longer works (not a huge deal).

Othewise the computer seems to be running much better still.

Paren12

#30
Satchfan

Posted 05 July 2014 - 12:24 PM

Trusted Helper

Malware Removal
624 posts

I also apologise for the delay but I am away from home at the moment busy with family stuff.

I would uninstall Norton but not before you have downloaded another antivirus that is ready to be installed.

If you decide to do this, I would recommend Free Avast Home Edition.

When you have downloaded it, uninstall Norton.

Install Avast then run the Norton Removal Tool to make sure that there are no remnants left behind.

Next, you need to enable Windows firewall.

To turn on Windows firewall:

open Windows Firewall by clicking Start, Control Panel, Security, and then Windows Firewall.
click Turn Windows Firewall on or off. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
click On (recommended), and then OK.

Let me know how that goes and if there is any improvement.

Satchfan