Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremly Slow System Performance, System Freezing... [Solved]


  • This topic is locked This topic is locked

#16
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

We have stopped a lot of programs from starting up automatically and Malwarebytes presence is fine and not affecting your computer.

Forget about the scroll problem for now as this is unrelated to anything we've done and may be able to deal with that later. If malware is ruled out, and we can't sort it out here, I'll give you a link to another part of our forum where you can get help with it.


I'd like you to try a different scan just to rule something out.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop.

For 64-bit systems download it from here
 

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

Satchfan
 

 


  • 0

Advertisements


#17
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Find scan results below.

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 06/27/2014  19:05:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ca3470bef92587 -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ca3470bef92587 -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ca3470bef92587 -> FOUND
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{31AF6009-F492-4AD7-A635-C36BF027C9A9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Debbie\AppData\Local\Temp\Toolbaren.exe -d C:\Users\Debbie\Desktop -c -s -a /auto) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 46 ¤¤¤
[SSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x885689d8
[SSDT:Addr] NtAlertThread[14] : Unknown @ 0x88568a70
[SSDT:Addr] NtAllocateVirtualMemory[18] : Unknown @ 0x8821f500
[SSDT:Addr] NtAlpcConnectPort[21] : Unknown @ 0x88110368
[SSDT:Addr] NtAssignProcessToJobObject[42] : Unknown @ 0x88809c78
[SSDT:Addr] NtCreateMutant[67] : Unknown @ 0x88568800
[SSDT:Addr] NtCreateSymbolicLinkObject[77] : Unknown @ 0x88809a70
[SSDT:Addr] NtCreateThread[78] : Unknown @ 0x8884be80
[SSDT:Addr] NtDebugActiveProcess[116] : Unknown @ 0x88809d10
[SSDT:Addr] NtDuplicateObject[129] : Unknown @ 0x8834e488
[SSDT:Addr] NtFreeVirtualMemory[147] : Unknown @ 0x88568f60
[SSDT:Addr] NtImpersonateAnonymousToken[156] : Unknown @ 0x885688a8
[SSDT:Addr] NtImpersonateThread[158] : Unknown @ 0x88568940
[SSDT:Addr] NtLoadDriver[165] : Unknown @ 0x88004358
[SSDT:Addr] NtMapViewOfSection[177] : Unknown @ 0x88568ea8
[SSDT:Addr] NtOpenEvent[184] : Unknown @ 0x88809f90
[SSDT:Addr] NtOpenProcess[194] : Unknown @ 0x88758c50
[SSDT:Addr] NtOpenProcessToken[195] : Unknown @ 0x8821f588
[SSDT:Addr] NtOpenSection[197] : Unknown @ 0x88809e60
[SSDT:Addr] NtOpenThread[201] : Unknown @ 0x8834e4d0
[SSDT:Addr] NtProtectVirtualMemory[210] : Unknown @ 0x88809bd0
[SSDT:Addr] NtResumeThread[282] : Unknown @ 0x88568b08
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x88568cd0
[SSDT:Addr] NtSetInformationProcess[305] : Unknown @ 0x88568d68
[SSDT:Addr] NtSetSystemInformation[317] : Unknown @ 0x88809da8
[SSDT:Addr] NtSuspendProcess[330] : Unknown @ 0x88809ef8
[SSDT:Addr] NtSuspendThread[331] : Unknown @ 0x88568ba0
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x88249ca0
[SSDT:Addr] NtTerminateThread[335] : Unknown @ 0x88568c38
[SSDT:Addr] NtUnmapViewOfSection[348] : Unknown @ 0x88568e10
[SSDT:Addr] NtWriteVirtualMemory[358] : Unknown @ 0x8821f438
[SSDT:Addr] NtCreateThreadEx[382] : Unknown @ 0x88809b18
[ShwSSDT:Addr] NtUserAttachThreadInput[317] : Unknown @ 0x882d5fd0
[ShwSSDT:Addr] NtUserGetAsyncKeyState[397] : Unknown @ 0x88a6c230
[ShwSSDT:Addr] NtUserGetKeyboardState[428] : Unknown @ 0x88a6c1b8
[ShwSSDT:Addr] NtUserGetKeyState[430] : Unknown @ 0x88a6c2a8
[ShwSSDT:Addr] NtUserGetRawInputData[442] : Unknown @ 0x88a9ec08
[ShwSSDT:Addr] NtUserMessageCall[479] : Unknown @ 0x88a6e738
[ShwSSDT:Addr] NtUserPostMessage[497] : Unknown @ 0x88a6c130
[ShwSSDT:Addr] NtUserPostThreadMessage[498] : Unknown @ 0x88a6c0a8
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a760e0
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x89043248
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllCanUnloadNow : C:\Windows\System32\EhStorAPI.dll @ 0x6b85664f
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllGetClassObject : C:\Windows\System32\EhStorAPI.dll @ 0x6b858884
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllRegisterServer : C:\Windows\System32\EhStorAPI.dll @ 0x6b8592e6
[EAT:Addr] (explorer.exe) SYNCENG.dll - DllUnregisterServer : C:\Windows\System32\EhStorAPI.dll @ 0x6b8592fa

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] acc76ebff8e8f1e6134c09d25a8df097
[BSP] 780bc60244ab4bd5e87d5088e289d37e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 226251 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 463362795 | Size: 12221 MB
User = LL1 ... OK
User = LL2 ... OK


  • 0

#18
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

You must be offline to complete the following steps.

 

Please restart your computer in safe mode, (How to start Windows in Safe Mode - Windows 7/Vista)

 

Run RK again.

  • when the pre-scan finishes hit the Scan button.
  • when the scan completes, remove the check mark next to these entries:

    [PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
    [PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
    [PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
    [PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

     
  • hit the Delete button.
  • click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the log should be found as RKreport[1].txt on your Desktop

Please restart your computer and run RogueKiller again and send the result of that log also.

Satchfan


  • 0

#19
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Reports below.

 

ogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Debbie [Admin rights]
Mode : Remove -- Date : 06/28/2014  12:54:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ca3470bef92587 -> DELETED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ca3470bef92587 -> DELETED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ca3470bef92587 -> DELETED
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> NOT SELECTED
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] acc76ebff8e8f1e6134c09d25a8df097
[BSP] 780bc60244ab4bd5e87d5088e289d37e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 226251 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 463362795 | Size: 12221 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06272014_190504.log - RKreport_SCN_06282014_124110.log

 

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 06/28/2014  13:06:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1509237336-2105009817-796031365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{31AF6009-F492-4AD7-A635-C36BF027C9A9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Debbie\AppData\Local\Temp\Toolbaren.exe -d C:\Users\Debbie\Desktop -c -s -a /auto) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 42 ¤¤¤
[SSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x8825d3d8
[SSDT:Addr] NtAlertThread[14] : Unknown @ 0x8825d470
[SSDT:Addr] NtAllocateVirtualMemory[18] : Unknown @ 0x8825c170
[SSDT:Addr] NtAlpcConnectPort[21] : Unknown @ 0x88183510
[SSDT:Addr] NtAssignProcessToJobObject[42] : Unknown @ 0x8825ce08
[SSDT:Addr] NtCreateMutant[67] : Unknown @ 0x8825d200
[SSDT:Addr] NtCreateSymbolicLinkObject[77] : Unknown @ 0x8825cc00
[SSDT:Addr] NtCreateThread[78] : Unknown @ 0x8825c4c8
[SSDT:Addr] NtDebugActiveProcess[116] : Unknown @ 0x8825cea0
[SSDT:Addr] NtDuplicateObject[129] : Unknown @ 0x8825c2b0
[SSDT:Addr] NtFreeVirtualMemory[147] : Unknown @ 0x8825d960
[SSDT:Addr] NtImpersonateAnonymousToken[156] : Unknown @ 0x8825d2a8
[SSDT:Addr] NtImpersonateThread[158] : Unknown @ 0x8825d340
[SSDT:Addr] NtLoadDriver[165] : Unknown @ 0x88065c58
[SSDT:Addr] NtMapViewOfSection[177] : Unknown @ 0x8825d8a8
[SSDT:Addr] NtOpenEvent[184] : Unknown @ 0x8825d168
[SSDT:Addr] NtOpenProcess[194] : Unknown @ 0x8825c400
[SSDT:Addr] NtOpenProcessToken[195] : Unknown @ 0x8825c218
[SSDT:Addr] NtOpenSection[197] : Unknown @ 0x8825cfd0
[SSDT:Addr] NtOpenThread[201] : Unknown @ 0x8825c358
[SSDT:Addr] NtProtectVirtualMemory[210] : Unknown @ 0x8825cd60
[SSDT:Addr] NtResumeThread[282] : Unknown @ 0x8825d508
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x8825d6d0
[SSDT:Addr] NtSetInformationProcess[305] : Unknown @ 0x8825d768
[SSDT:Addr] NtSetSystemInformation[317] : Unknown @ 0x8825cf38
[SSDT:Addr] NtSuspendProcess[330] : Unknown @ 0x8825d0d0
[SSDT:Addr] NtSuspendThread[331] : Unknown @ 0x8825d5a0
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x881b4be0
[SSDT:Addr] NtTerminateThread[335] : Unknown @ 0x8825d638
[SSDT:Addr] NtUnmapViewOfSection[348] : Unknown @ 0x8825d810
[SSDT:Addr] NtWriteVirtualMemory[358] : Unknown @ 0x8825d008
[SSDT:Addr] NtCreateThreadEx[382] : Unknown @ 0x8825cca8
[ShwSSDT:Addr] NtUserAttachThreadInput[317] : Unknown @ 0x88a86a00
[ShwSSDT:Addr] NtUserGetAsyncKeyState[397] : Unknown @ 0x88a84a80
[ShwSSDT:Addr] NtUserGetKeyboardState[428] : Unknown @ 0x88a84a08
[ShwSSDT:Addr] NtUserGetKeyState[430] : Unknown @ 0x88a84af8
[ShwSSDT:Addr] NtUserGetRawInputData[442] : Unknown @ 0x88a84b70
[ShwSSDT:Addr] NtUserMessageCall[479] : Unknown @ 0x88a84870
[ShwSSDT:Addr] NtUserPostMessage[497] : Unknown @ 0x88a84980
[ShwSSDT:Addr] NtUserPostThreadMessage[498] : Unknown @ 0x88a848f8
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a84c38
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x88a89950

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] acc76ebff8e8f1e6134c09d25a8df097
[BSP] 780bc60244ab4bd5e87d5088e289d37e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 226251 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 463362795 | Size: 12221 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_06282014_125435.log - RKreport_SCN_06272014_190504.log - RKreport_SCN_06282014_124110.log


  • 0

#20
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

We’re getting there but let’s have a scan that will look at what’s left:

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Satchfan

 


  • 0

#21
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Reports below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Debbie (administrator) on DEBS-LAPTOP on 28-06-2014 17:52:09
Running from C:\Users\Debbie\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [Norton Download Manager{N360211018-SHPD-FSD40014}] => C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe /m
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1509237336-2105009817-796031365-1000\...\MountPoints2: {b76f8b33-aaf6-11e3-ab47-001d72433463} - "E:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.3.0.12\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Debbie\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-13]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-28]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-08]
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Debbie\Program Files\DNA
FF Extension: DNA - C:\Users\Debbie\Program Files\DNA [2009-06-17]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-13]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - c:\program files\google\chrome\application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - c:\program files\google\chrome\application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (No Name) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\koejgfpmmpnbibkihplhfhjbpdgchjhk [2014-01-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-04-12]
CHR Extension: (Google Wallet) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-05]

========================== Services (Whitelisted) =================

S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-07-06] ()
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-10] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)
S3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] (Hewlett-Packard Development Company, L.P.) [File not signed]
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSvix86.sys [395992 2014-06-04] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-07-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\NAVENG.SYS [93272 2014-06-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\NAVEX15.SYS [1612376 2014-06-05] (Symantec Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2008-10-13] (VSO Software) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1503000.00C\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
S3 zsi_fmw; C:\Windows\System32\Drivers\zsi_fmw.sys [34176 2007-07-16] ()
S3 zsi_zap; C:\Windows\System32\Drivers\zsi_zap.sys [16896 2007-07-16] ()
U1 eabfiltr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-28 17:52 - 2014-06-28 17:52 - 00020623 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-28 17:50 - 2014-06-28 17:52 - 00000000 ____D () C:\FRST
2014-06-28 17:49 - 2014-06-28 17:49 - 01073664 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2014-06-28 13:07 - 2014-06-28 13:07 - 00005917 _____ () C:\Users\Debbie\Desktop\REreport[2].txt
2014-06-28 12:56 - 2014-06-28 12:56 - 00003494 _____ () C:\Users\Debbie\Desktop\REreport[1].txt
2014-06-28 12:29 - 2014-06-28 12:29 - 00002267 _____ () C:\Users\Debbie\Desktop\RK Steps.txt
2014-06-27 18:58 - 2014-06-28 13:01 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-27 18:58 - 2014-06-27 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-27 18:53 - 2014-06-27 18:53 - 04721240 _____ () C:\Users\Debbie\Desktop\RogueKiller.exe
2014-06-25 18:57 - 2014-06-25 18:57 - 00000273 _____ () C:\Users\Debbie\Desktop\ESETScan.txt
2014-06-24 21:15 - 2014-06-24 21:15 - 00000000 ____D () C:\Users\Debbie\Desktop\backups
2014-06-22 16:30 - 2014-06-22 16:30 - 00004489 _____ () C:\Users\Debbie\Desktop\uninstall_list.txt
2014-06-22 16:28 - 2014-06-22 16:28 - 00011780 _____ () C:\Users\Debbie\Desktop\hijackthis.log
2014-06-22 16:24 - 2014-06-22 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Debbie\Desktop\HijackThis.exe
2014-06-21 22:52 - 2014-06-21 22:54 - 00001992 _____ () C:\Users\Debbie\Desktop\MBAM.txt
2014-06-21 22:39 - 2014-06-28 16:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 22:39 - 2014-06-21 22:39 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 22:39 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 22:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 22:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 22:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 20:23 - 2014-06-21 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 20:19 - 2014-06-21 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 20:16 - 2014-06-21 20:16 - 00000991 _____ () C:\Users\Debbie\Desktop\checkup.txt
2014-06-21 20:08 - 2014-06-21 20:08 - 00854390 _____ () C:\Users\Debbie\Desktop\SecurityCheck.exe
2014-06-21 20:05 - 2014-06-21 20:05 - 00024072 _____ () C:\Users\Debbie\Desktop\OTL2.txt
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\_OTL
2014-06-18 21:44 - 2014-06-18 21:44 - 00086352 _____ () C:\Users\Debbie\Desktop\OTL.Txt
2014-06-18 21:20 - 2014-06-18 21:20 - 00121319 _____ () C:\Users\Debbie\Desktop\JRT.txt
2014-06-18 21:12 - 2014-06-18 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 21:08 - 2014-06-18 21:08 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-06-18 21:04 - 2014-06-18 21:04 - 00006293 _____ () C:\Users\Debbie\Desktop\AdwCleaner[S0].txt
2014-06-18 20:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-18 20:56 - 2014-06-18 20:59 - 00000000 ____D () C:\AdwCleaner
2014-06-18 20:54 - 2014-06-18 20:55 - 01333465 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.212.exe
2014-06-15 20:16 - 2014-06-15 20:16 - 00069964 _____ () C:\Users\Debbie\Desktop\Extras.Txt
2014-06-15 19:58 - 2014-06-15 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Debbie\Desktop\OTL.exe
2014-06-10 20:48 - 2014-06-10 20:48 - 00000934 _____ () C:\Users\Public\Desktop\Comet Player.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000788 _____ () C:\Users\Public\Desktop\MpcStar.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
2014-06-10 20:47 - 2014-06-10 20:52 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\tigerplayer
2014-06-10 20:47 - 2014-06-10 20:49 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\CometPlayer
2014-06-10 20:47 - 2014-06-10 20:48 - 00000000 ____D () C:\Program Files\MpcStar
2014-06-10 20:17 - 2014-05-28 10:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 20:17 - 2014-05-28 10:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 20:17 - 2014-05-28 10:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 20:17 - 2014-05-28 10:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 20:17 - 2014-05-28 10:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 20:17 - 2014-05-28 10:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 20:17 - 2014-05-28 10:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-10 20:17 - 2014-05-28 10:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 20:17 - 2014-05-28 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 20:17 - 2014-05-28 10:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 20:17 - 2014-05-28 10:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 20:17 - 2014-05-28 10:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-10 20:17 - 2014-05-28 10:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-10 20:17 - 2014-05-28 10:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 20:17 - 2014-04-26 10:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 20:17 - 2014-04-04 20:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 20:17 - 2014-03-09 19:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 20:17 - 2014-03-09 19:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-09 21:29 - 2014-06-22 08:50 - 00000000 ____D () C:\Program Files\BitComet
2014-06-09 21:17 - 2014-06-15 23:07 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\BitComet
2014-06-07 19:05 - 2014-06-07 19:05 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-07 19:00 - 2014-06-07 19:02 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Debbie\Desktop\SkypeSetup.exe
2014-06-05 13:33 - 2014-06-05 13:33 - 00000000 ____D () C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
2014-06-05 13:31 - 2014-06-05 13:41 - 00000077 _____ () C:\Users\Debbie\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-05 13:19 - 2014-06-05 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2014-06-05 13:18 - 2014-06-05 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2014-06-05 13:18 - 2012-12-10 13:48 - 00035840 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial.sys
2014-06-05 13:16 - 2014-06-05 13:16 - 00002158 _____ () C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
2014-06-05 13:16 - 2014-06-05 13:16 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-06-05 13:15 - 2014-06-05 13:16 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-06-05 10:24 - 2014-03-25 07:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-05 10:23 - 2014-02-05 19:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-06-28 17:52 - 2014-06-28 17:52 - 00020623 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-28 17:52 - 2014-06-28 17:50 - 00000000 ____D () C:\FRST
2014-06-28 17:49 - 2014-06-28 17:49 - 01073664 _____ (Farbar) C:\Users\Debbie\Desktop\FRST.exe
2014-06-28 17:31 - 2009-09-13 06:50 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Skype
2014-06-28 17:19 - 2012-04-07 06:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 17:19 - 2009-09-13 07:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 16:42 - 2014-06-21 22:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 16:37 - 2009-09-05 18:33 - 00031966 _____ () C:\ProgramData\nvModes.001
2014-06-28 16:37 - 2009-01-10 10:39 - 00000329 _____ () C:\ProgramData\hpqp.ini
2014-06-28 16:34 - 2007-12-30 23:07 - 01589365 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 16:34 - 2006-11-02 04:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 16:30 - 2006-11-02 06:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-28 16:29 - 2009-09-13 07:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 16:28 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 16:28 - 2006-11-02 06:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 16:28 - 2006-11-02 06:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 14:14 - 2009-12-26 07:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-28 14:14 - 2006-11-02 07:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 13:07 - 2014-06-28 13:07 - 00005917 _____ () C:\Users\Debbie\Desktop\REreport[2].txt
2014-06-28 13:01 - 2014-06-27 18:58 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-28 12:59 - 2009-09-05 18:33 - 00031966 _____ () C:\ProgramData\nvModes.dat
2014-06-28 12:56 - 2014-06-28 12:56 - 00003494 _____ () C:\Users\Debbie\Desktop\REreport[1].txt
2014-06-28 12:29 - 2014-06-28 12:29 - 00002267 _____ () C:\Users\Debbie\Desktop\RK Steps.txt
2014-06-27 18:58 - 2014-06-27 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-27 18:53 - 2014-06-27 18:53 - 04721240 _____ () C:\Users\Debbie\Desktop\RogueKiller.exe
2014-06-26 21:45 - 2011-03-27 12:01 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\HpUpdate
2014-06-26 21:28 - 2009-12-31 16:44 - 00000000 ____D () C:\Users\Debbie\AppData\Local\CrashDumps
2014-06-25 19:01 - 2014-01-15 22:19 - 00018224 _____ () C:\Windows\PFRO.log
2014-06-25 18:57 - 2014-06-25 18:57 - 00000273 _____ () C:\Users\Debbie\Desktop\ESETScan.txt
2014-06-25 09:29 - 2014-03-12 18:08 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-06-24 21:15 - 2014-06-24 21:15 - 00000000 ____D () C:\Users\Debbie\Desktop\backups
2014-06-24 20:53 - 2013-02-09 21:42 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-22 16:30 - 2014-06-22 16:30 - 00004489 _____ () C:\Users\Debbie\Desktop\uninstall_list.txt
2014-06-22 16:28 - 2014-06-22 16:28 - 00011780 _____ () C:\Users\Debbie\Desktop\hijackthis.log
2014-06-22 16:24 - 2014-06-22 16:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Debbie\Desktop\HijackThis.exe
2014-06-22 08:50 - 2014-06-09 21:29 - 00000000 ____D () C:\Program Files\BitComet
2014-06-21 22:54 - 2014-06-21 22:52 - 00001992 _____ () C:\Users\Debbie\Desktop\MBAM.txt
2014-06-21 22:39 - 2014-06-21 22:39 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 22:39 - 2014-06-21 22:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 20:23 - 2014-06-21 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 20:21 - 2014-06-21 20:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 20:16 - 2014-06-21 20:16 - 00000991 _____ () C:\Users\Debbie\Desktop\checkup.txt
2014-06-21 20:08 - 2014-06-21 20:08 - 00854390 _____ () C:\Users\Debbie\Desktop\SecurityCheck.exe
2014-06-21 20:05 - 2014-06-21 20:05 - 00024072 _____ () C:\Users\Debbie\Desktop\OTL2.txt
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\_OTL
2014-06-21 19:58 - 2009-05-11 05:27 - 00000000 ____D () C:\Users\Debbie\AppData\Temp
2014-06-18 21:59 - 2014-03-03 09:05 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-18 21:44 - 2014-06-18 21:44 - 00086352 _____ () C:\Users\Debbie\Desktop\OTL.Txt
2014-06-18 21:20 - 2014-06-18 21:20 - 00121319 _____ () C:\Users\Debbie\Desktop\JRT.txt
2014-06-18 21:12 - 2014-06-18 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 21:08 - 2014-06-18 21:08 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-06-18 21:04 - 2014-06-18 21:04 - 00006293 _____ () C:\Users\Debbie\Desktop\AdwCleaner[S0].txt
2014-06-18 20:59 - 2014-06-18 20:56 - 00000000 ____D () C:\AdwCleaner
2014-06-18 20:55 - 2014-06-18 20:54 - 01333465 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.212.exe
2014-06-15 23:07 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\BitComet
2014-06-15 20:16 - 2014-06-15 20:16 - 00069964 _____ () C:\Users\Debbie\Desktop\Extras.Txt
2014-06-15 19:58 - 2014-06-15 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Debbie\Desktop\OTL.exe
2014-06-10 22:01 - 2013-07-29 05:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 21:51 - 2006-11-02 04:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 20:52 - 2014-06-10 20:47 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\tigerplayer
2014-06-10 20:49 - 2014-06-10 20:47 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\CometPlayer
2014-06-10 20:48 - 2014-06-10 20:48 - 00000934 _____ () C:\Users\Public\Desktop\Comet Player.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000788 _____ () C:\Users\Public\Desktop\MpcStar.lnk
2014-06-10 20:48 - 2014-06-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
2014-06-10 20:48 - 2014-06-10 20:47 - 00000000 ____D () C:\Program Files\MpcStar
2014-06-08 16:49 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-07 19:05 - 2014-06-07 19:05 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-07 19:04 - 2014-06-07 19:04 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-07 19:04 - 2009-09-13 06:49 - 00000000 ___RD () C:\Program Files\Skype
2014-06-07 19:04 - 2009-09-13 06:49 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 19:02 - 2014-06-07 19:00 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Debbie\Desktop\SkypeSetup.exe
2014-06-05 13:41 - 2014-06-05 13:31 - 00000077 _____ () C:\Users\Debbie\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-05 13:41 - 2011-01-24 21:01 - 00000385 _____ () C:\Users\Debbie\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-05 13:38 - 2014-01-19 20:44 - 00010522 _____ () C:\Windows\setupact.log
2014-06-05 13:33 - 2014-06-05 13:33 - 00000000 ____D () C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
2014-06-05 13:27 - 2013-12-08 16:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-06-05 13:26 - 2010-12-12 17:59 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-06-05 13:19 - 2014-06-05 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2014-06-05 13:19 - 2008-01-21 20:04 - 00000000 ____D () C:\Users\Debbie
2014-06-05 13:18 - 2014-06-05 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2014-06-05 13:18 - 2011-01-24 19:32 - 00003392 _____ () C:\Users\Debbie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-06-05 13:16 - 2014-06-05 13:16 - 00002158 _____ () C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
2014-06-05 13:16 - 2014-06-05 13:16 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-06-05 13:16 - 2014-06-05 13:15 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-06-05 13:16 - 2009-10-04 13:20 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-06-05 13:16 - 2009-10-04 13:19 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2014-06-05 11:20 - 2012-04-07 06:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-05 11:20 - 2011-05-17 11:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 10:05 - 2012-01-09 17:56 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-05 10:04 - 2008-03-12 08:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe

Files to move or delete:
====================
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
C:\ProgramData\PKP_DLdu.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 16:35

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Debbie at 2014-06-28 17:53:19
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AGEIA PhysX v6.12.02 (HKLM\...\{7032E73F-68A0-48F9-8100-E70E79169BAE}) (Version: 6.12.02 - AGEIA Technologies, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Broadcom Corporation)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.2.01.02240 - Sony Corporation)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
ESU for Microsoft Vista (HKLM\...\{68471BF2-F1F7-4C89-BBBA-400B94996596}) (Version: 2.0.10.1 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.7508 - Hewlett-Packard)
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Solutions Framework (HKLM\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HP User Guides 0090 (HKLM\...\{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
KODAK EASYSHARE Gallery Upload ActiveX Control (HKLM\...\OfotoEZUpload) (Version:  - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
LightScribe System Software  1.10.13.1 (Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mindful Clock (HKLM\...\{875CC76F-58AC-45BB-AFF7-46F988DDF92C}) (Version: 3.2 - SteigerSoft)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.9 - Hewlett-Packard)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
MyMailList & AddressBook (HKLM\...\{DD78A3E4-4C62-4CE4-8CF5-136F29BBA0B4}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
Pinnacle TVCenter Pro (HKLM\...\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}) (Version: 4.70.1426 - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sirius Device Recovery (HKLM\...\InstallShield_{CC23F0EF-15E9-4264-8165-272A5AA2B873}) (Version: 1.00.0007 - Sirius)
Sirius Device Recovery (Version: 1.00.0007 - Sirius) Hidden
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\0D5930BD8653120870DA6E7F2150CA8AB1CF22A5) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

14-06-2014 03:41:55 Scheduled Checkpoint
16-06-2014 03:56:33 Scheduled Checkpoint
20-06-2014 04:49:13 Scheduled Checkpoint
22-06-2014 03:58:02 Scheduled Checkpoint
23-06-2014 04:04:24 Scheduled Checkpoint
25-06-2014 06:56:35 Scheduled Checkpoint
27-06-2014 04:50:31 Removed Bing Bar

==================== Hosts content: ==========================

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {019FDD61-0D3C-40C8-9367-AC6A5DDA8644} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F85AF63-0C15-4F7D-AE2E-776A4A749308} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {52DBE431-27F2-439D-AE7B-CA8B16DF74B3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {56F0A357-06E5-455E-B67F-2F7DE155EE79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05] (Adobe Systems Incorporated)
Task: {6E5D4B9C-DE9F-4377-86BA-CCBB9EE3139C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {830CE82D-F331-4209-AA86-877F3FF46B81} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe
Task: {C5E72B9D-A19C-4034-B466-8652F01430FE} - System32\Tasks\Western Digital\SmartWare\____Volume_30171835_c90a_11dc_8492_806e6f6e6963______Volume_b76f8b35_aaf6_11e3_ab47_001d72433463__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe
Task: {C8EE78EC-62C8-48FF-9680-06F40E424122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13] (Google Inc.)
Task: {C943DD5C-D9EF-4070-AB20-AE04D3DB5BBD} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {CCDAF767-428E-4907-9BDE-0382482FFCCF} - System32\Tasks\{6AA0613B-040C-41CF-9A81-8D20B3D705BB} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {D4C2EF9B-3F05-42F0-9178-7FBE8FDD0992} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-13] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EFCC439B-E33C-4193-9A58-72EFAE6C9A1C} - System32\Tasks\Microsoft\Windows\RestartManager\{6704D7CE-C25B-4567-A5D6-83C7ACC233BC} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F10E06ED-F3BC-4481-B4E5-60A9C0779421} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {F578E4B4-08E4-43B6-8D01-7D2A008AA809} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {F905E85E-0546-4B72-ADC4-3F08FDAABE27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FF81AE14-B5F1-473C-A88F-21EA4A2AF45F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Debbie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-17 07:55 - 2009-04-17 04:52 - 00049152 _____ () C:\Windows\System32\LXEAPMON.DLL
2010-01-17 07:55 - 2009-01-13 07:15 - 04485120 _____ () C:\Windows\System32\LXEAOEM.DLL
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00292216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2014-01-20 06:43 - 2010-03-08 14:31 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2014-01-20 06:43 - 2010-03-08 14:31 - 00116080 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2007-11-02 03:30 - 2007-01-09 04:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2009-10-12 15:18 - 2009-08-16 15:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: LightScribeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Debbie\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: PMCLoader => C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
MSCONFIG\startupreg: PMCRemote => C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2014 02:14:10 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (06/28/2014 00:36:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2014 09:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mmc.exe, version 6.0.6002.18005, time stamp 0x49e01c0a, faulting module mmcndmgr.dll_unloaded, version 0.0.0.0, time stamp 0x49e0375c, exception code 0xc0000005, fault offset 0x5acf69c0,
process id 0x11b8, application start time 0xmmc.exe0.

Error: (06/25/2014 09:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1764
Start Time: 01cf90f05e6f71e9
Termination Time: 122

Error: (06/25/2014 09:40:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a54
Start Time: 01cf90f009e74719
Termination Time: 27

Error: (06/25/2014 06:34:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d74
Start Time: 01cf9023b0400527
Termination Time: 0

Error: (06/24/2014 09:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c, exception code 0xc0000005, fault offset 0x00048562,
process id 0xccc, application start time 0xiexplore.exe0.

Error: (06/21/2014 10:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module QtCore4.dll, version 4.8.4.0, time stamp 0x51352df8, exception code 0xc0000005, fault offset 0x0010ebb3,
process id 0x114c, application start time 0xmbam.exe0.

Error: (06/21/2014 07:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module AcroPDF.dll_unloaded, version 0.0.0.0, time stamp 0x536b5ec7, exception code 0xc0000005, fault offset 0x64e097e3,
process id 0x119c, application start time 0xiexplore.exe0.

Error: (06/20/2014 09:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 87c
Start Time: 01cf8d045a70d7a0
Termination Time: 28

System errors:
=============
Error: (06/28/2014 04:37:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}

Error: (06/28/2014 04:29:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/28/2014 01:07:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}

Error: (06/28/2014 00:59:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
BHDrvx86
ccSet_N360
DfsC
eeCtrl
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIM
SymIRON
SYMTDIv
Tcpip
tdx
Wanarpv6

Error: (06/28/2014 00:37:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================
Error: (06/28/2014 02:14:10 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (06/28/2014 00:36:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2014 09:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmc.exe6.0.6002.1800549e01c0ammcndmgr.dll_unloaded0.0.0.049e0375cc00000055acf69c011b801cf91b7aa7890c8

Error: (06/25/2014 09:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555176401cf90f05e6f71e9122

Error: (06/25/2014 09:40:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555a5401cf90f009e7471927

Error: (06/25/2014 06:34:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16555d7401cf9023b04005270

Error: (06/24/2014 09:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63RPCRT4.dll6.0.6002.1888251dd2d9cc000000500048562ccc01cf90240c7732a7

Error: (06/21/2014 10:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532QtCore4.dll4.8.4.051352df8c00000050010ebb3114c01cf8dc1129f6df7

Error: (06/21/2014 07:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63AcroPDF.dll_unloaded0.0.0.0536b5ec7c000000564e097e3119c01cf8dbb0ffb6e01

Error: (06/20/2014 09:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1655587c01cf8d045a70d7a028

CodeIntegrity Errors:
===================================
  Date: 2014-06-28 17:53:11.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:10.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:09.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:09.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:08.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:07.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:06.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:53:05.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:52:36.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 17:52:35.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3006.18 MB
Available physical RAM: 1354.46 MB
Total Pagefile: 6228.86 MB
Available Pagefile: 4509.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.95 GB) (Free:137.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9BCA9BCA)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#22
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Sorry about the delay but we had a “blip” with the Internet connection yesterday.


Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Program Files\HappinessInfusion_5w
C:\Users\Debbie\AppData\Local\Temp

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work – ie it must be saved in C:\Users\Debbie\Desktop
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Can you tell me if you have recently installed a Lexmark printer.

Satchfan

 

 


  • 0

#23
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Satchfan,

 

I have not tryed to install any printers since receiving the computer. Find fixlog below.

 

paren12

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Debbie at 2014-06-30 21:01:11 Run:1
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {52D7C069-0A9F-4BF2-9B5C-75C583951204} URL =
SearchScopes: HKCU - {5b50c4e8-dbbf-4810-8ddb-494b10f695bb} URL =
SearchScopes: HKCU - {7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A} URL =
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Program Files\HappinessInfusion_5w
C:\Users\Debbie\AppData\Local\Temp
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52D7C069-0A9F-4BF2-9B5C-75C583951204}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{52D7C069-0A9F-4BF2-9B5C-75C583951204}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7FA0C47D-0B2C-431F-AEB3-3EF15BC9D31A}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully.
'HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD} => value deleted successfully.
'HKCR\CLSID\{4939A6A5-AE8A-4ED1-B808-689A6DA9EFDD}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}' => Key deleted successfully.
'HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}' => Key Deleted successfully.
C:\Program Files\HappinessInfusion_5w\bar\1.bin\NP5wStub.dll not found.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"C:\Program Files\HappinessInfusion_5w" => File/Directory not found.

"C:\Users\Debbie\AppData\Local\Temp" directory move:

C:\Users\Debbie\AppData\Local\Temp\225B3A87-F73E-4546-99A5-91AD4DFD41C5.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\4379CD5C-74C4-4DBC-BB24-44A7BD18B28A.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\73F65432-591A-4B63-8BED-B0DAAEE9AB7F.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\C9FB4EC0-5EC3-4387-AD11-3945FC697EA8.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Debbie.bmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\EB07A17D-06A1-4EA2-91E8-BC28331FF874.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\F8C30E29-7D14-4F45-9C4D-D9BF456B6F51.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\~DF9131.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\~DF9A0E.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\MYRPCLC3\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\JWHD0RUD\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\EMCWY475\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\04KC553V\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat431D.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat5FC0.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Low\dat6E3F.tmp => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Debbie\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Debbie\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-30 21:13:30)<=

C:\Users\Debbie\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====


  • 0

#24
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

I know that you have run a couple of these before but I’d like an up-to-date look at the logs now that we’ve cleaned some stuff up.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Run McAfee removal tool
 

There were some remnants of McAfee showing in one of the logs and we need to remove them.

 

Download and run McAfee Removal Tool

===================================================

Run AdwCleaner

I’d like you to run this again.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run OTL

  • open OTL again, click on Extra Registry -> Use Safelist
  • then click Run Scan
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Please post back with the AdwCleaner log and the two OTL logs.

Thanks

Satchfan

 


  • 0

#25
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Satchfan,

 

Find requested logs below.

 

 

 

# AdwCleaner v3.214 - Report created 01/07/2014 at 15:22:46
# Updated 29/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Debbie - DEBS-LAPTOP
# Running from : C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6401 octets] - [18/06/2014 20:57:32]
AdwCleaner[R1].txt - [1641 octets] - [01/07/2014 15:21:19]
AdwCleaner[S0].txt - [6293 octets] - [18/06/2014 20:59:19]
AdwCleaner[S1].txt - [1576 octets] - [01/07/2014 15:22:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1636 octets] ##########

 

 

OTL logfile created on: 01/07/2014 3:28:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Debbie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
2.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.23% Memory free
6.07 Gb Paging File | 4.68 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.95 Gb Total Space | 140.22 Gb Free Space | 63.46% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.49 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
 
Computer Name: DEBS-LAPTOP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/15 19:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
PRC - [2014/03/06 13:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/08/16 15:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/06/05 11:20:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/04/03 18:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/06 13:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/18 15:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/07/01 15:25:44 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/10 20:25:46 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/10 20:25:45 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/05 04:34:28 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140630.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/06/05 04:34:28 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140630.008\NAVENG.SYS -- (NAVENG)
DRV - [2014/06/04 13:54:50 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140630.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/05/09 19:07:24 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/03/03 22:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symefa.sys -- (SymEFA)
DRV - [2014/02/17 19:32:41 | 000,384,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2014/02/12 19:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1503000.00C\srtsp.sys -- (SRTSP)
DRV - [2013/12/08 15:55:14 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 20:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 20:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 20:47:43 | 000,063,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013/09/09 20:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\symds.sys -- (SymDS)
DRV - [2013/09/09 19:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1503000.00C\srtspx.sys -- (SRTSPX)
DRV - [2013/08/06 14:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/06 13:39:02 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/06 13:39:01 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/24 09:38:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/18 10:01:06 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/06 14:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 09:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 18:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 09:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/16 14:48:50 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zsi_fmw.sys -- (zsi_fmw)
DRV - [2007/07/16 14:48:50 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zsi_zap.sys -- (zsi_zap)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/07 14:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/15 19:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/29 19:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 19:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Debbie\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Debbie\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 17:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/07/01 15:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/03/12 12:55:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Debbie\Program Files\DNA [2010/01/17 10:33:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 17:42:53 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A0225E-0DFA-4F13-AF9F-BA3E7B5C6895}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A32D958-CDF4-4CC8-905C-D0F81C48E3AE}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB92756-9CDA-46EE-95EE-1074DAE26A56}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Debbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/02 03:06:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b76f8b33-aaf6-11e3-ab47-001d72433463}\Shell - "" = AutoRun
O33 - MountPoints2\{b76f8b33-aaf6-11e3-ab47-001d72433463}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/01 15:07:21 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
[2014/06/30 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Temp
[2014/06/28 17:50:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/28 17:49:08 | 001,073,664 | ---- | C] (Farbar) -- C:\Users\Debbie\Desktop\FRST.exe
[2014/06/27 18:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/24 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Debbie\Desktop\backups
[2014/06/22 16:24:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Debbie\Desktop\HijackThis.exe
[2014/06/21 22:39:47 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/21 22:39:22 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/21 22:39:22 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/21 22:39:22 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/21 22:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/21 20:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/21 20:19:24 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
[2014/06/21 19:58:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/18 21:12:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/18 21:08:51 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Debbie\Desktop\JRT.exe
[2014/06/18 20:58:09 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/18 20:56:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/15 19:58:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2014/06/10 20:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2014/06/10 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\CometPlayer
[2014/06/10 20:47:58 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\tigerplayer
[2014/06/10 20:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2014/06/10 20:17:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/10 20:17:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/06/10 20:17:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/10 20:17:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/06/10 20:17:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/10 20:17:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/06/10 20:17:22 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/10 20:17:22 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/10 20:17:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/10 20:17:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/10 20:17:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/10 20:17:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/09 21:30:35 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/06/09 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2014/06/09 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\BitComet
[2014/06/07 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Skype
[2014/06/07 19:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/07 19:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/06/07 19:00:33 | 001,677,440 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Debbie\Desktop\SkypeSetup.exe
[2014/06/05 13:33:16 | 000,000,000 | ---D | C] -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\BlackBerry
[2014/06/05 13:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2014/06/05 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2009/01/10 10:41:01 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/01/10 10:41:01 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/01/10 10:41:01 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/01/10 10:41:01 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/01/10 10:41:01 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/10/13 14:38:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Debbie\AppData\Roaming\pcouffin.sys
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Debbie\Desktop\*.tmp files -> C:\Users\Debbie\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/01 15:33:41 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/07/01 15:32:21 | 000,647,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/01 15:32:21 | 000,124,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/01 15:25:44 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/01 15:25:36 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/07/01 15:25:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/01 15:24:42 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/01 15:24:42 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/01 15:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/01 15:23:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/07/01 15:20:02 | 001,346,519 | ---- | M] () -- C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
[2014/07/01 15:19:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/01 15:19:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/01 15:09:54 | 000,000,329 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/01 15:07:58 | 003,480,040 | ---- | M] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
[2014/06/28 17:49:08 | 001,073,664 | ---- | M] (Farbar) -- C:\Users\Debbie\Desktop\FRST.exe
[2014/06/28 13:01:25 | 000,035,152 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/27 18:53:08 | 004,721,240 | ---- | M] () -- C:\Users\Debbie\Desktop\RogueKiller.exe
[2014/06/26 22:28:38 | 000,040,057 | ---- | M] () -- C:\Windows\System32\drivers\N360\1503000.00C\VT20140626.025
[2014/06/25 19:08:37 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/06/23 21:29:27 | 001,188,238 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00019.jpg
[2014/06/23 21:28:52 | 001,130,128 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00017.jpg
[2014/06/23 21:28:35 | 001,173,818 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00016.jpg
[2014/06/23 21:28:13 | 001,078,715 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00011.jpg
[2014/06/23 21:27:49 | 001,789,696 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00015.jpg
[2014/06/23 21:27:34 | 001,480,485 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00010.jpg
[2014/06/23 21:27:16 | 000,256,609 | ---- | M] () -- C:\Users\Debbie\Desktop\IMG-20140621-00009.jpg
[2014/06/22 16:24:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Debbie\Desktop\HijackThis.exe
[2014/06/21 22:39:25 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/21 20:21:24 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Debbie\Desktop\mbam-setup-2.0.2.1012.exe
[2014/06/21 20:08:55 | 000,854,390 | ---- | M] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
[2014/06/18 21:59:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/18 21:08:51 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Debbie\Desktop\JRT.exe
[2014/06/15 19:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2014/06/12 20:48:43 | 000,089,495 | ---- | M] () -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\40A80908-114E-4ABD-932B-0FCB95E515C9.jpg
[2014/06/10 20:48:21 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2014/06/10 20:48:21 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2014/06/10 20:16:40 | 002,734,109 | ---- | M] () -- C:\Windows\System32\drivers\N360\1503000.00C\Cat.DB
[2014/06/07 19:04:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/07 19:02:52 | 001,677,440 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Debbie\Desktop\SkypeSetup.exe
[2014/06/05 13:19:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2014/06/05 13:18:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2014/06/05 13:16:57 | 000,002,158 | ---- | M] () -- C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
[2014/06/05 11:20:20 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/05 11:20:20 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[44 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Debbie\Desktop\*.tmp files -> C:\Users\Debbie\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/01 15:19:00 | 001,346,519 | ---- | C] () -- C:\Users\Debbie\Desktop\adwcleaner_3.214.exe
[2014/06/27 18:58:33 | 000,035,152 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/27 18:53:08 | 004,721,240 | ---- | C] () -- C:\Users\Debbie\Desktop\RogueKiller.exe
[2014/06/23 21:29:26 | 001,188,238 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00019.jpg
[2014/06/23 21:28:51 | 001,130,128 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00017.jpg
[2014/06/23 21:28:35 | 001,173,818 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00016.jpg
[2014/06/23 21:28:13 | 001,078,715 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00011.jpg
[2014/06/23 21:27:49 | 001,789,696 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00015.jpg
[2014/06/23 21:27:34 | 001,480,485 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00010.jpg
[2014/06/23 21:27:16 | 000,256,609 | ---- | C] () -- C:\Users\Debbie\Desktop\IMG-20140621-00009.jpg
[2014/06/21 22:39:25 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/21 20:08:55 | 000,854,390 | ---- | C] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
[2014/06/12 20:48:43 | 000,089,495 | ---- | C] () -- C:\Users\Debbie\{40b5ced1-56a9-4591-ac19-c5fd1142174a}\Documents\40A80908-114E-4ABD-932B-0FCB95E515C9.jpg
[2014/06/10 20:48:21 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2014/06/10 20:48:21 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2014/06/07 19:04:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/06/05 13:19:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2014/06/05 13:18:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2014/06/05 13:16:56 | 000,002,158 | ---- | C] () -- C:\Users\Debbie\Desktop\BlackBerry Desktop Software.lnk
[2014/03/31 19:20:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\Workflows
[2014/03/30 07:26:28 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2014/03/13 17:13:58 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2014/01/22 06:49:04 | 000,139,252 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/25 16:29:44 | 000,005,190 | ---- | C] () -- C:\Users\Debbie\Debbies E Mail Contacts.rar
[2011/01/24 18:10:06 | 000,024,175 | ---- | C] () -- C:\Users\Debbie\Debbies E Mail Contacts.csv
[2010/04/25 06:28:44 | 000,023,234 | ---- | C] () -- C:\Users\Debbie\WLMContacts.csv
[2009/10/04 14:23:11 | 000,150,628 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\UserTile.png
[2009/09/13 07:01:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/05 18:33:52 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/05 18:33:35 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/19 08:15:35 | 000,000,552 | ---- | C] () -- C:\Users\Debbie\AppData\Local\d3d8caps.dat
[2009/01/25 19:28:40 | 000,001,044 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\vso_ts_preview.xml
[2009/01/10 10:39:46 | 000,000,329 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/11/19 07:48:13 | 000,000,000 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\wklnhst.dat
[2008/10/13 14:38:17 | 000,087,608 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\inst.exe
[2008/10/13 14:38:17 | 000,007,887 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\pcouffin.cat
[2008/10/13 14:38:17 | 000,001,144 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\pcouffin.inf
[2008/07/05 18:44:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/07/05 18:44:30 | 000,000,000 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\howto
[2008/02/29 20:09:08 | 000,923,136 | -HS- | C] () -- C:\Users\Debbie\ehthumbs_vista.db
[2008/01/23 21:38:34 | 000,039,936 | ---- | C] () -- C:\Users\Debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 18:12:07 | 000,001,356 | ---- | C] () -- C:\Users\Debbie\AppData\Local\d3d9caps.dat
[2008/01/21 22:49:58 | 000,027,430 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\nvModes.001
[2008/01/21 22:49:56 | 000,027,430 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 07:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013/10/18 20:02:40 | 000,000,000 | ---- | M] ()(C:\Windows\System32\[email protected]?=lotserviceruntime.log) -- C:\Windows\System32\노@=lotserviceruntime.log
[2013/10/18 20:02:40 | 000,000,000 | ---- | C] ()(C:\Windows\System32\[email protected]?=lotserviceruntime.log) -- C:\Windows\System32\노@=lotserviceruntime.log
[2013/07/30 07:13:29 | 000,000,056 | ---- | M] ()(C:\Windows\System32\?]?[lotserviceruntime.log) -- C:\Windows\System32\ᷨ][lotserviceruntime.log
[2013/07/30 07:13:29 | 000,000,056 | ---- | C] ()(C:\Windows\System32\?]?[lotserviceruntime.log) -- C:\Windows\System32\ᷨ][lotserviceruntime.log
[2013/02/18 17:38:45 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?6?8lotserviceruntime.log) -- C:\Windows\System32\矠68lotserviceruntime.log
[2013/02/18 17:38:45 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?6?8lotserviceruntime.log) -- C:\Windows\System32\矠68lotserviceruntime.log
[2013/01/04 15:48:00 | 000,000,156 | ---- | M] ()(C:\Windows\System32\?2?;lotserviceruntime.log) -- C:\Windows\System32\놀2;lotserviceruntime.log
[2013/01/04 15:48:00 | 000,000,156 | ---- | C] ()(C:\Windows\System32\?2?;lotserviceruntime.log) -- C:\Windows\System32\놀2;lotserviceruntime.log
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

 

OTL Extras logfile created on: 01/07/2014 3:28:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Debbie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
2.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.23% Memory free
6.07 Gb Paging File | 4.68 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.95 Gb Total Space | 140.22 Gb Free Space | 63.46% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.49 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
 
Computer Name: DEBS-LAPTOP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035088AD-3233-4399-9098-16E21F5EFE7A}" = lport=139 | protocol=6 | dir=in | app=system |
"{194A310D-B718-4CF3-9972-E03E12EBB858}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C6B79B7-B360-42D6-B3B7-CFA360A2E9CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{28C8DC48-6265-4534-9537-317E7854C6CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{29F9664A-97A0-4989-ADCC-E947A4FDA4DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3218D098-9019-4DA2-9150-CF330407198A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FFB5AAE-D82D-49A4-86BE-131CF12497D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46159883-BB72-4612-B330-E9AA8527610B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{52BBEC53-101E-41BF-A70C-A3B9DEC6EBC3}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{581C4B53-6FEB-43BE-901C-956E8C0F519C}" = rport=137 | protocol=17 | dir=out | app=system |
"{682E5EDB-0F4E-4465-A311-097C0783FABA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6AC5B757-EB36-4592-95FF-1942916253C6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{6CAA3B67-234E-4970-85FB-772F0A2CA59A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{70D8D593-AAA9-4FCC-BCC6-74FB9111A4BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{82F75127-3337-4861-93EF-82BDF6284A0C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{870C63AC-6AAE-4A7E-AAA4-D0529E46AB43}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{8A4F61DE-63D6-44FB-97EB-39DA5A82E43D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8C72685B-1303-4129-90E0-B37C8EDB3403}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D78ED71-8173-4714-AF44-7C6B32286D23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{912FA217-23D7-4B90-9AEF-2FA7EDF93C26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A36CEA14-3156-4580-861E-9ECB156DB929}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A89DC239-C372-4422-AFDC-3DCC5047B508}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB6B13FA-3C9C-446E-972F-FE60DFE7C299}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E3AD16F4-6F07-4036-A763-2A91F953E658}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC77DC05-E619-4C65-A898-759F03DB9E40}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083883F2-8F64-4DDF-A37D-824404841F24}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{0A8AD4C5-8D3F-45B5-93EC-F65EAEC97D85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0AD5B223-8147-4E9A-B40B-8DF3ECAA4298}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D1A302D-8F2B-415C-86F9-DA1542419F2D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0E9C5C5D-607E-4B43-AFE5-2E7DE44CAE06}" = dir=in | app=c:\users\debbie\appdata\local\tnt2\2.0.0.1702\tnt2user.exe |
"{0F413AE5-3AFE-4B80-91F1-899BD12F4877}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1F877F1F-92DD-49C8-95A0-A68D2F2BD8DD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2290F097-3C1C-42D8-B182-B11DFC714D79}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{263EDD16-E744-4DC0-B8E5-30904A1D3FAF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2667C912-6000-4E8E-9B93-5E6803AAABB6}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{28C3ABFA-31CF-4625-9894-78C32C773282}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2BDB99B8-7BD6-4577-A766-5F4675361C44}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2F3B6431-EE85-4D3E-BCA7-E1357A917395}" = protocol=6 | dir=in | app=c:\windows\system32\dlcgcoms.exe |
"{31BF28D1-EEFB-4D77-8A28-84B4E5C257E9}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3720EF9C-457B-403D-A2A3-650F0BCB5C3D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{37444776-53DA-4C91-9DC2-1D86AED57E93}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{384B3AE0-FD1C-4D89-BCCB-99B742EF806C}" = protocol=6 | dir=out | app=system |
"{3D3F58D0-7FF2-461A-8DFF-03AD539C9EB9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{45AEBAB3-743C-4A9F-A278-BA597C8B0134}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4B66EB38-DE15-4CFA-BD64-BF5152CF0C77}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{4D630C61-B791-4168-9D33-4A64A5F7450F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4EB4603D-1628-4DC2-A214-942E2867B328}" = protocol=1 | dir=out | [email protected],-28544 |
"{53030F0B-7825-4420-B18E-86AED46D07D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{540BDCAC-E800-4664-914F-7E8398238E4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5558BBA0-923C-4666-A370-B7A1EF7E264A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A55DCB-2730-478E-98EB-6CC3C4E96661}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5E2291EF-C681-406A-9386-3E38EE0B1BDE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5E2E28C3-9871-4FE0-901B-B5B59F8498A3}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{62436851-C002-4FCE-848C-40DABCD05FE0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6F7BB34E-3B5E-48AE-80DE-6FDA62F3964C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{71D8A380-632D-41E9-B2CF-FEC32600AD40}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7F4D586F-1FB1-4F87-978D-12AB0058D589}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80B679C8-1366-400E-9340-1D08038DCA9F}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
"{82BDC15F-DF1B-465C-81B4-1B9C035370D6}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{82F3116D-19E3-422E-B67F-7A8AF04E8EDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{842AF2E1-8BDE-42FA-9405-3F1FD07BBE02}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8EDE6277-ECFF-49B7-9010-4D0AFF5DCB0C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8F781A7F-1A1A-411B-BE9A-DBD5218CE3B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F96A033-C107-4059-B309-EF34092D92F5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{91D340FD-2951-4E5B-87C2-57F25A5923BC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{91D8A8F8-415E-4782-977E-9C1EB4D31F32}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{97FC2888-0F83-456D-B694-B39264C88932}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B3C03DC5-31E4-46FB-9DE9-F0ABAE648A1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{C4087E55-79DD-482E-9648-47492899F2F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C533B496-5E78-42D4-9150-0A2D060FA72A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CDD3B385-150A-46C2-A64D-35340CDD8940}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D03E6D96-2E82-4B3C-B1C8-48029A001DF0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D28B9847-D1C0-4EFA-8060-E9B31DFE5A36}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{DF1C8007-2A3C-4EA1-BCD0-F32622C3643B}" = protocol=1 | dir=in | [email protected],-28543 |
"{E4564704-7F6D-409F-A462-25EB99B06302}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{EE5A09FC-B782-45DB-8F64-D0A7465224D1}" = protocol=58 | dir=in | [email protected],-28545 |
"{F21F42F4-6D57-46A1-84DF-46FEDBE13306}" = protocol=17 | dir=in | app=c:\windows\system32\dlcgcoms.exe |
"{F7154241-96D0-42B5-B906-82DB4145DE91}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{43601DCB-B8ED-42BF-AFF9-A2F7B7FE7386}C:\users\debbie\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\debbie\program files\dna\btdna.exe |
"UDP Query User{5936D354-A47B-4259-8AE3-6CF624ABE218}C:\users\debbie\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\debbie\program files\dna\btdna.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81E14A67-42ED-4DD0-AE08-366FE3D3102E}" = HP Support Solutions Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{875CC76F-58AC-45BB-AFF7-46F988DDF92C}" = Mindful Clock
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD78A3E4-4C62-4CE4-8CF5-136F29BBA0B4}" = MyMailList & AddressBook
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0D5930BD8653120870DA6E7F2150CA8AB1CF22A5" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MpcStar" = MpcStar 5.4
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/06/2014 11:54:34 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 87c  Start Time: 01cf8d045a70d7a0  Termination Time: 28
 
Error - 21/06/2014 9:41:48 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16555, time stamp
 0x53860f63, faulting module AcroPDF.dll_unloaded, version 0.0.0.0, time stamp 0x536b5ec7,
 exception code 0xc0000005, fault offset 0x64e097e3,  process id 0x119c, application
 start time 0x01cf8dbb0ffb6e01.
 
Error - 22/06/2014 12:35:25 AM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532,
 faulting module QtCore4.dll, version 4.8.4.0, time stamp 0x51352df8, exception
code 0xc0000005, fault offset 0x0010ebb3,  process id 0x114c, application start time
 0x01cf8dc1129f6df7.
 
Error - 24/06/2014 11:28:46 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16555, time stamp
 0x53860f63, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c,
 exception code 0xc0000005, fault offset 0x00048562,  process id 0xccc, application
 start time 0x01cf90240c7732a7.
 
Error - 25/06/2014 8:34:20 AM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: d74  Start Time: 01cf9023b0400527  Termination Time: 0
 
Error - 25/06/2014 11:40:26 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: a54  Start Time: 01cf90f009e74719  Termination Time: 27
 
Error - 25/06/2014 11:42:22 PM | Computer Name = Debs-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 1764  Start Time: 01cf90f05e6f71e9  Termination Time: 122
 
Error - 26/06/2014 11:28:52 PM | Computer Name = Debs-Laptop | Source = Application Error | ID = 1000
Description = Faulting application mmc.exe, version 6.0.6002.18005, time stamp 0x49e01c0a,
 faulting module mmcndmgr.dll_unloaded, version 0.0.0.0, time stamp 0x49e0375c,
exception code 0xc0000005, fault offset 0x5acf69c0,  process id 0x11b8, application
 start time 0x01cf91b7aa7890c8.
 
Error - 28/06/2014 2:36:32 PM | Computer Name = Debs-Laptop | Source = EventSystem | ID = 4609
Description =
 
Error - 28/06/2014 4:14:10 PM | Computer Name = Debs-Laptop | Source = Windows Search Service | ID = 3024
Description =
 
[ System Events ]
Error - 29/06/2014 11:06:17 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 30/06/2014 10:31:53 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30/06/2014 10:39:52 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 30/06/2014 11:13:17 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30/06/2014 11:21:31 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 01/07/2014 5:02:09 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/07/2014 5:10:07 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 01/07/2014 5:16:22 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/07/2014 5:26:07 PM | Computer Name = Debs-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/07/2014 5:34:16 PM | Computer Name = Debs-Laptop | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 


  • 0

Advertisements


#26
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

That’s looking good: just a few stragglers to clear up.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    [2014/07/01 15:07:21 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\Debbie\Desktop\MCPR.exe
    O4 - HKLM..\Run: []  File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ECF54A0E
    
    :Files
    ipconfig /flushdns /c
    C:\Users\Debbie\Desktop\MCPR.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log.

Can you tell me if there are any remaining problems.

Satchfan

 


  • 0

#27
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Satchfan,

 

After the last two scans things have got much better. Start up is much quicker and the choppyness on the internet and when using programs is almost none existent now.

Below is the OTL log.

 

parent12

 

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Debbie\Desktop\MCPR.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Debbie\Desktop\cmd.bat deleted successfully.
C:\Users\Debbie\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Debbie\Desktop\MCPR.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Debbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58498622 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 833 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mstest
 
User: mstest.Debs-Laptop
 
User: Public
 
User: TEMP
 
User: TEMP.Debs-Laptop
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 602478 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11780 bytes
 
Total Files Cleaned = 56.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07022014_200916

Files\Folders moved on Reboot...
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TEJ2GHAL\postmessageRelay[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NA6K3O75\PRmiXeptR36kaC0GEAetxrFt29aCHKT7otDW9l62Aag[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9APKIQQ\DhmkJ2TR0QN[2].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9APKIQQ\fastbutton[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJGZP1FZ\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6SVNUYK\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\like[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\page-2[1].htm moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJDLRIMY\xjAJXh38I15wypJXxuGMBmfQcKutQXcIrRfyR5jdjY8[1].eot moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#28
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

I am pretty sure that the problem was some remnants of McAfee still running and Norton, (although somewhat better than it was), is still a bit of a resource hog and would have been fighting with McAfee.

 

Has the scrolling problem also gone?

 

If all is well I'll send instructions to tidy up and remove the tools we've used which will also get rid of the quarantined files that Eset found.

 

Satchfan


  • 0

#29
paren12

paren12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Satchfan,

 

Sorry for the delay. Is it advisable to just uninstall Norton? I have also noticed that any time it is running, everything slows down.  It is just left over from before I recieved the computer and I will not be renewing anyway.

As to your quesiton, the scroll on the mouse pad still no longer works (not a huge deal).

Othewise the computer seems to be running much better still.

 

Paren12


  • 0

#30
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

I also apologise for the delay but I am away from home at the moment busy with family stuff.

I would uninstall Norton but not before you have downloaded another antivirus that is ready to be installed.

If you decide to do this, I would recommend Free Avast Home Edition.

When you have downloaded it, uninstall Norton.

Install Avast then run the Norton Removal Tool to make sure that there are no remnants left behind.

Next, you need to enable Windows firewall.

To turn on Windows firewall:

  • open Windows Firewall by clicking Start, Control Panel, Security, and then Windows Firewall.
  • click Turn Windows Firewall on or off. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • click On (recommended), and then OK.

Let me know how that goes and if there is any improvement.

Satchfan

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP