historybuff77

July 22, 2014

Hi,

I'm travelling at the moment. I'm not sure if this is related, but shortly after signing on to the hotel's unsecured wifi my computer put up a blue screen saying my computer ran into an error and it was collecting information for an error report. It said to search DRIVER_IRQL_NOT_LESS_OR_EQual (tcpip.sys) error. I usually use Chrome, but it stopped working since I first saw this message. Fire Fox is also crashing. Malwarebytes scan turns up nothing. Is this a hardware issue or something else?

Thanks,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by User (administrator) on LAPTOP-PC on 21-07-2014 20:53:27
Running from C:\Users\User\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
HKU\S-1-5-21-3731889160-3860413392-410561627-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-30] (Google Inc.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {ECD5D19E-F577-4A6F-9DF0-BC36C80A769F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 10.255.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Firefox Old Version Update Hotfix - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn [2013-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn [2013-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013-10-09]

Chrome:
=======
CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-05-19]
CHR HKCU\...\Chrome\Extension: [pjddgeceaihfihcecdgfdiepikfbflpn] - C:\Users\User\AppData\Local\CRE\pjddgeceaihfihcecdgfdiepikfbflpn.crx [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [pjddgeceaihfihcecdgfdiepikfbflpn] - C:\Users\User\AppData\Local\CRE\pjddgeceaihfihcecdgfdiepikfbflpn.crx [2013-06-18]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-09] (Ralink Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140720.003\ENG64.SYS [126040 2013-11-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140720.003\EX64.SYS [2099288 2013-11-05] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-21 20:53 - 2014-07-21 20:53 - 00018725 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-21 20:51 - 2014-07-21 20:53 - 00000000 ____D () C:\FRST
2014-07-21 20:47 - 2014-07-21 20:47 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-21 20:36 - 2014-07-21 20:36 - 888812891 _____ () C:\Windows\MEMORY.DMP
2014-07-21 20:36 - 2014-07-21 20:36 - 00280928 _____ () C:\Windows\Minidump\072114-46410-01.dmp
2014-07-21 16:07 - 2014-07-21 20:35 - 00024618 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 09:44 - 2014-07-21 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 09:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 09:44 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-18 18:21 - 2014-07-18 18:21 - 00331224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 18:19 - 2014-07-20 16:49 - 00111092 ____H () C:\Users\User\Desktop\~WRL0006.tmp
2014-07-17 18:19 - 2014-07-17 18:41 - 00109725 ____H () C:\Users\User\Desktop\~WRL0003.tmp
2014-07-17 18:19 - 2014-07-17 18:19 - 00099404 ____H () C:\Users\User\Desktop\~WRL0005.tmp
2014-07-12 10:34 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 10:34 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 10:28 - 2014-07-12 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 18:36 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 18:36 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-10 18:36 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-10 18:36 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 18:36 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 18:36 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 18:36 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 18:36 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 18:36 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 18:36 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-10 18:36 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-10 18:36 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-10 18:36 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 18:36 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-10 18:36 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-10 18:36 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-10 18:36 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-10 18:36 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-10 18:36 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-10 18:36 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-10 18:36 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-10 18:36 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 18:36 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-10 18:36 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 18:36 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-10 18:35 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 18:35 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 18:35 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-10 18:35 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-10 18:35 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 18:35 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 18:35 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 18:35 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 18:35 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 18:35 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 18:35 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 18:35 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 18:35 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 18:35 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 18:35 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 18:35 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 18:35 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 18:35 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 18:35 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 18:35 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-10 18:35 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 18:35 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 18:35 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June.xlsx
2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June (1).xlsx

==================== One Month Modified Files and Folders =======

2014-07-21 20:53 - 2014-07-21 20:53 - 00018725 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-21 20:53 - 2014-07-21 20:51 - 00000000 ____D () C:\FRST
2014-07-21 20:47 - 2014-07-21 20:47 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-21 20:40 - 2012-11-21 00:34 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-07-21 20:40 - 2012-08-10 21:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-07-21 20:38 - 2014-07-20 09:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 20:37 - 2012-12-30 11:08 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 20:37 - 2012-11-21 00:34 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-07-21 20:36 - 2014-07-21 20:36 - 888812891 _____ () C:\Windows\MEMORY.DMP
2014-07-21 20:36 - 2014-07-21 20:36 - 00280928 _____ () C:\Windows\Minidump\072114-46410-01.dmp
2014-07-21 20:36 - 2013-03-28 21:57 - 00000000 ____D () C:\Windows\Minidump
2014-07-21 20:36 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 20:35 - 2014-07-21 16:07 - 00024618 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 20:33 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 16:05 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\User\Desktop\Desktop Stuff
2014-07-21 16:05 - 2012-12-30 11:08 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 14:00 - 2013-01-03 17:44 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-07-21 12:41 - 2012-12-30 23:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-21 12:41 - 2012-12-30 23:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 20:59 - 2012-08-25 15:38 - 00877348 _____ () C:\Windows\system32\perfh00C.dat
2014-07-20 20:59 - 2012-08-25 15:38 - 00191806 _____ () C:\Windows\system32\perfc00C.dat
2014-07-20 20:59 - 2012-07-26 03:28 - 01994362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 16:57 - 2012-12-30 00:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3731889160-3860413392-410561627-1002
2014-07-20 16:49 - 2014-07-17 18:19 - 00111092 ____H () C:\Users\User\Desktop\~WRL0006.tmp
2014-07-20 16:36 - 2013-12-31 16:13 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job
2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 09:44 - 2013-06-27 09:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 09:44 - 2013-06-27 09:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-20 09:44 - 2013-03-31 14:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-07-20 09:44 - 2013-03-31 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 19:20 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-07-18 19:14 - 2012-11-21 01:02 - 00000000 ____D () C:\ProgramData\Norton
2014-07-18 19:06 - 2013-01-28 22:45 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-07-18 18:25 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-18 18:21 - 2014-07-18 18:21 - 00331224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 08:08 - 2013-05-28 22:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 18:41 - 2014-07-17 18:19 - 00109725 ____H () C:\Users\User\Desktop\~WRL0003.tmp
2014-07-17 18:19 - 2014-07-17 18:19 - 00099404 ____H () C:\Users\User\Desktop\~WRL0005.tmp
2014-07-16 22:33 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-12 10:31 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-12 10:28 - 2014-07-12 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 10:28 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:28 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:27 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-12 10:27 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 19:10 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 19:07 - 2013-07-27 10:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 18:59 - 2012-12-30 01:50 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June.xlsx
2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June (1).xlsx
2014-06-30 18:42 - 2014-07-10 18:36 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 18:42 - 2014-07-10 18:36 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 18:42 - 2014-07-10 18:36 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-27 23:35 - 2014-07-10 18:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 16:53 - 2014-07-12 10:34 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:53 - 2014-07-12 10:34 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-22 11:00 - 2012-12-30 11:08 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 11:00 - 2012-12-30 11:08 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-21 12:53

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by User at 2014-07-21 20:54:16
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Machete Lite 3.8 (HKLM-x32\...\{F05CE84D-4C4C-4EA7-840B-BAB0C72B60E2}) (Version: 3.8.44 - MacheteSoft)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 20.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 20.0 (x86 en-US)) (Version: 20.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

04-07-2014 15:44:12 Scheduled Checkpoint
10-07-2014 22:52:51 Windows Update
18-07-2014 22:59:08 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 01:26 - 2013-04-01 11:53 - 00000841 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15E0C7A0-4E9F-432C-9C3F-D643FE08C45A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.)
Task: {1A7A079C-4515-45C2-B628-65C48C41F693} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22E98269-0506-4889-BCBE-C8BA84ED9998} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3300C023-8EB7-45B8-822B-CA03EA4DB4D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {388A8419-D192-4B75-80FA-128E354DA970} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {3D926D8E-2B79-40FA-AFE9-8283253C463A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {436CD868-280C-45D4-99D6-E10665FCF9AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4F115C4B-8435-404C-9BD7-83552DC75F78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {5DCD6C1C-382B-433B-9C33-87427DE28232} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
Task: {5EC436B9-217F-4421-8208-5E7C73489FE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {729E65E8-3623-4CB7-86B4-6DB3015E5C04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.)
Task: {77BE5FA3-3C9F-42C3-B6B6-85BA06674F21} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {838E7F27-B353-4A72-A7E3-1B81F6BBD4FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {89AA0674-32C8-4783-9CD6-AF730A6E93AE} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {90AEFC8C-F020-43E8-8966-DB49069E152E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BBE82260-855B-4F57-B2EC-D9FAFDB2A36D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BCC4E8C6-9BB9-4251-BEAE-96B9BF9A342E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6FF3260-57D6-4D13-BD54-313FB470C431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {CB1C1C75-7F32-43D2-B054-12364EA309E6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {EA34FEE4-DBEC-4B74-A5D3-DE58886243AC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F17F3ADE-18EA-42C8-B411-84575E748249} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-08-10] (Hewlett-Packard Company)
Task: {F93882CA-95A5-4C92-B033-7F61C1D2DDC7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-08 14:36 - 2012-08-08 14:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-07-27 18:51 - 2012-07-27 18:51 - 00346112 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-07-10 22:09 - 2012-07-10 22:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 22:09 - 2012-07-10 22:09 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-08-10 14:55 - 2012-08-10 14:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 21:28 - 2012-05-02 21:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-06-18 10:07 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2014-05-01 19:14 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll
2012-11-21 00:48 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-04-02 11:25 - 2013-03-26 22:18 - 03143576 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-07-10 22:14 - 2012-07-10 22:14 - 00072192 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-07-27 18:51 - 2012-07-27 18:51 - 00346112 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2012-10-15 02:03 - 2012-10-15 02:03 - 00108960 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2012-10-15 02:08 - 2012-10-15 02:08 - 00031648 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2012-10-01 14:18 - 2012-10-01 14:18 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2012-10-01 14:18 - 2012-10-01 14:18 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2010-04-20 13:22 - 2010-04-20 13:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 13:22 - 2010-04-20 13:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\User\Downloads\Fwd Pulsamerica is looking for news writers - message for circulation.eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Downloads\Tweet from LU Rowing (@LU_Rowing).eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Downloads\Update to Reservation# 31324797 Delta Ottawa City Centre Arr Monday, June 10, 2013.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18509388.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83886476.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18509388.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83886476.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 08:48:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
   (HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   0x8e5e0210 (0x8e5e0210)

Error: (07/21/2014 08:38:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (488) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00333.log.

Error: (07/21/2014 04:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x10c4
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5

System errors:
=============
Error: (07/21/2014 08:39:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/21/2014 08:39:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/21/2014 08:38:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/21/2014 08:38:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/21/2014 08:38:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/21/2014 08:38:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749126

Error: (07/21/2014 08:36:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x000000000000000a, 0x0000000000000002, 0x0000000000000000, 0xfffff88001ccf9a0)C:\Windows\MEMORY.DMP072114-46410-01

Error: (07/21/2014 08:36:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:43:32 PM on ‎2014-‎07-‎21 was unexpected.

Error: (07/21/2014 04:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly. It has done this 2 time(s).

Error: (07/21/2014 01:47:05 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-PC)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-07-21 20:50:56.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-21 20:50:45.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 20:59:28.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 20:57:42.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 16:42:24.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 16:39:09.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 14:38:18.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 10:08:43.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 09:52:05.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-20 09:43:39.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 7650.26 MB
Available physical RAM: 5774.04 MB
Total Pagefile: 15330.26 MB
Available Pagefile: 13442.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.46 GB) (Free:493.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.07 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 33044D6F)

Partition: GPT Partition Type.

==================== End Of Log ============================

February 4, 2014

I've reset Chrome. I'll keep an eye on how it's acting and I will start a new topic if there are still problems. Everything else seems to be working fine. Thanks for all your help!

February 3, 2014

The problem when opening Chrome and getting the error message "Chrome cannot read your preferences" has returned.

February 3, 2014

Here's the log. Thanks!

Results of screen317's Security Check version 0.99.61

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Mozilla Firefox (20.0)

Google Chrome 32.0.1700.102

Google Chrome 32.0.1700.76

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

February 2, 2014

Okay, I was able to rename it. So far, so good. Should we keep this thread open or should I start a new one if I run into any more problems? Everything else seems to be working normally. Thanks very much for your help!

February 1, 2014

It won't let me rename the file. Do I need to do something like close the Chrome browser first?

Thanks!

January 31, 2014

I wrote too soon. I just opened Chrome and had another pop up saying that my preferences could not be read. When this happens and I close Chrome without first closing this message Chrome crashes.

January 31, 2014

Hi MrC,

I think the post can be closed. I haven't had the same problem since the cleaning. Thanks very much for your help!

January 29, 2014

Hi MrC,

Here are my two logs:

# AdwCleaner v3.018 - Report created 28/01/2014 at 17:51:15

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8 (64 bits)

# Username : User - LAPTOP-PC

# Running from : C:\Users\User\Desktop\adwcleaner (1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Notation

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v20.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\prefs.js ]

Line Deleted : user_pref("CT3287823.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823.embeddedsData", "[{\"appId\":\"130058557034802204\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Line Deleted : user_pref("CT3287823.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3287823.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3287823%26octid%3DCT3287823%26SearchSource%3D61%26CUI%3DUN2[...]

Line Deleted : user_pref("CT3287823.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287823\"}");

Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V9\"}");

Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3287823_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366591499766,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3474 octets] - [28/01/2014 17:47:28]

AdwCleaner[s0].txt - [3435 octets] - [28/01/2014 17:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3495 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.01.28.09

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

User :: LAPTOP-PC [administrator]

2014-01-28 5:59:01 PM

mbam-log-2014-01-28 (17-59-01).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 456987

Time elapsed: 1 hour(s), 43 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Google\Chrome\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\User\AppData\Roaming\SpeedTestAnalysis (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully.

Files Detected: 1

C:\Users\User\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully.

(end)

January 28, 2014

Hi MrCharlie,

Here's my log. I use CCleaner to remove cookies/browsing history after every Internet session. Is it okay to still run this while you're searching for malware?

Thanks!

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Scan -- Date : 01/27/2014 20:58:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD075 SATA Disk Device +++++

--- User ---

[MBR] 9c9b2669875350b52edfd94c450c6197

[bSP] 1f18f6bde0f1cc21fbbaaa1891dbc946 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_01272014_205830.txt >>

January 26, 2014

Hi,

I have Norton 360 and did a Malwarebytes scan which turned up nothing. But lately Chrome has not been shutting down properly and I get an unusual message that pops up saying it can't read my preferences. I also notice Speed Test Analysis keeps trying to enable itself on Chrome. Here are my logs. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by User at 16:20:03 on 2014-01-26

Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.7650.5737 [GMT -5:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\dashost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\System32\RuntimeBroker.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: Speed Test Analysis: {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{0327BF37-553C-4D09-8230-9F5D50667E24} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\1557965647D41676E6F6C69616 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\342716A797E45696768626F65727 : DHCPNameServer = 64.71.255.204 64.71.255.198

TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\84963747F6279724576666 : DHCPNameServer = 192.168.0.1

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]

R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]

R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1404000.028\symds64.sys [2013-6-9 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1404000.028\symefa64.sys [2013-6-9 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-9 169048]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\Drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-20 92536]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-25 521944]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\ironx64.sys [2013-6-9 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-6-9 433752]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]

R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-11-20 199008]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-20 2451456]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-27 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-27 701512]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]

R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2012-10-15 14752]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]

R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]

R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-9 48736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-13 137648]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-27 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-20 269968]

R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2012-8-9 695392]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-20 690832]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-11-20 57000]

R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]

S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symelam.sys [2013-6-9 23448]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]

S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-21 41272]

S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-21 43832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2014-01-24 22:48:00 246960 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin

2014-01-15 00:47:43 915968 ----a-w- C:\Windows\System32\MPSSVC.dll

2014-01-15 00:47:43 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll

2014-01-15 00:47:43 588288 ----a-w- C:\Windows\System32\SHCore.dll

2014-01-15 00:47:41 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll

2014-01-15 00:47:41 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll

2014-01-15 00:47:41 227840 ----a-w- C:\Windows\System32\WebClnt.dll

2014-01-15 00:47:41 100696 ----a-w- C:\Windows\System32\drivers\disk.sys

2014-01-15 00:47:40 199168 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2014-01-15 00:47:39 104448 ----a-w- C:\Windows\System32\davclnt.dll

2014-01-15 00:47:38 86016 ----a-w- C:\Windows\SysWow64\davclnt.dll

2014-01-15 00:47:35 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys

2014-01-15 00:46:13 688640 ----a-w- C:\Windows\System32\WSShared.dll

2014-01-15 00:46:12 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll

2014-01-15 00:46:12 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 00:46:12 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

.

==================== Find3M ====================

.

2014-01-09 08:02:07 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-09 08:02:07 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys

2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll

2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll

.

============= FINISH: 16:20:15.02 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 2012-12-29 11:43:44 PM

System Uptime: 2014-01-24 7:25:23 PM (45 hours ago)

.

Motherboard: Hewlett-Packard | | 1849

Processor: AMD A10-4600M APU with Radeon HD Graphics | Socket FT1 | 2300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 672 GiB total, 520.378 GiB free.

D: is FIXED (NTFS) - 25 GiB total, 2.922 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP81: 2014-01-11 11:16:36 AM - Scheduled Checkpoint

RP82: 2014-01-14 9:01:41 PM - Windows Update

RP83: 2014-01-19 9:59:25 PM - Windows Update

.

==== Installed Programs ======================

.

4 Elements II

7 Wonders II

Adobe Shockwave Player 11.6

Aloha TriPeaks

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Quick Stream

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Bonjour

Build-a-lot 4 - Power Source

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chuzzle Deluxe

Connect

Cradle of Rome 2

Crazy Chicken Soccer

CyberLink LabelPrint

CyberLink Media Suite 10

CyberLink PhotoDirector

CyberLink Power2Go 8

CyberLink PowerDirector 10

CyberLink PowerDVD

CyberLink YouCam

D3DX10

Energy Star

Farm Frenzy

Final Drive Fury

FlatOut 2

Foxit Reader

Galerie de photos Windows Live

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.2.0.0

Hoyle Card Games

HP 3D DriveGuard

HP Connected Music (Meridian - installer)

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MyRoom

HP Postscript Converter

HP Quick Launch

HP Recovery Manager

HP Registration Service

HP Software Framework

HP Support Assistant

HP Utility Center

HP Wireless Button Driver

iCloud

IDT Audio

iTunes

Jewel Match 3

John Deere Drive Green

Letters from Nowhere 2

Luxor Evolved

Machete Lite 3.8

Mahjongg Dimensions Deluxe: Tiles in Time

Malwarebytes Anti-Malware version 1.75.0.1300

Memeo AutoSync

Memeo Instant Backup

Microsoft Application Error Reporting

Microsoft Office

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 20.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Norton 360

Norton Identity Safe

Peggle Nights

Penguins!

Polar Bowler

Polar Golfer

QuickTime

Ralink Bluetooth Stack64

Ralink RT3290 802.11bgn Wi-Fi Adapter

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Roads of Rome 3

Seagate Dashboard

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

Speed Test Analysis

swMSM

Synaptics Pointing Device Driver

The Treasures of Mystery Island: The Ghost Ship

TouchFreeze

Trinklit Supreme

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

VLC media player 2.0.5

WildTangent Games

WildTangent Games App

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

2014-01-21 6:31:52 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

2014-01-21 6:31:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2014-01-21 6:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2014-01-21 6:30:18 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2014-01-21 6:30:18 PM, Error: Service Control Manager [7024] -

.

==== End Of File ===========================

June 30, 2013

Hi Gringo,

Everything appears fine. Thanks so much for your help!

All the best

June 29, 2013

Hi Gringo,

Here it is. It turned up quite a few threats:

C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A application

C:\Users\User\Desktop\cbsidlm-tr1_9-Machete_Video_Editor_Lite-ORG-75326879.exe multiple threats

C:\Users\User\Desktop\sa_setup.exe a variant of Win32/InstallBrain.W application

C:\Users\User\Desktop\Old Desktop\SoftonicDownloader_for_photoscape.exe Win32/SoftonicDownloader.D application

C:\Users\User\Desktop\Old Desktop\youtube-to-mp3-converter_72.exe Win32/OpenCandy application

C:\Users\User\Downloads\SoftonicDownloader_for_quarkxpress (1).exe a variant of Win32/SoftonicDownloader.E application

C:\Users\User\Downloads\SoftonicDownloader_for_quarkxpress.exe a variant of Win32/SoftonicDownloader.E application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\uninstall.exe Win32/Conduit.SearchProtect.A application

C:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application

C:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application

June 29, 2013

Thanks, I will try it on Firefox and let you know.

June 29, 2013

Hi Gringo,

I couldn't because IE doesn't work. It's a catch-22.

June 28, 2013

Hi Gringo,

The IE problem is a minor one and next time I have to bring in my computer for some reason I'll ask about it. Thanks for all of your help with the other problems. You've been great!

June 27, 2013

Hi Gringo,

One other thing. I've noticed this file pops up on Norton while I'm browsing even though I don't know that I've downloaded anything. It's happened a couple of times. Not sure if this is normal:

Filename: pepflashplayer.dll

Full Path: c:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.94\pepflashplayer.dll

____________________________

Details

Stability Unknown, Very Few Users, Very New, Good

Origin

Downloaded from Unknown

Activity

Actions performed: Suspicious actions performed: None

____________________________

Developers Adobe Systems Incorporated

Version 11.8.800.94

Identified 2013-06-27 at 2:42:42 PM

Last Used Not Available

Startup Item No

____________________________

Unknown

This program crash history is not known.

Very Few Users

Fewer than 5 users in the Norton Community have used this file.

Very New

This file was released less than 1 week ago.

Good

Norton has given this file a good rating.

____________________________

Source File:

pepflashplayer.dll

____________________________

File Thumbprint - SHA:

bd721fe5d119de32576ac734c32b6cb6fabd0fe626360a2f07593058a0f8a82e

File Thumbprint - MD5:

Not available

June 27, 2013

Hi Gringo,

I ran the scans and my logs are below. IE is still not working. It opens a window when I click on it but there doesn't appear to be any connectivity to the web or even an error message. My other browsers work. This only reason I would like IE to work is that it's the default program for some software that links to 'help pages' online and I don't know how to access those pages on other browsers since the web address doesn't appear when the window opens. I've reinstalled it before without it working. Should I try again?

Thanks for all of your help with this.

Here are my logs:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.27.05

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16599

User :: LAPTOP-PC [administrator]

2013-06-27 9:32:34 AM

mbam-log-2013-06-27 (09-32-34).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 214708

Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:42:31 AM, on 2013-06-27

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll

O4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"

O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: @oem22.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11030 bytes

June 25, 2013

Hi Gringo,

I've been ill and will be travelling over the next few days. I will complete these scans asap, but could you please leave this thread open for several days even if I haven't responded?

Many thanks!

June 24, 2013

Hi Gringo,

Everything else seems mostly fine. Chrome seems a little weird. Sometimes it looks like there's another window open for a split second after I close my browser, but I can't be sure. IE hasn't worked for a long time.

Thanks!

June 22, 2013

Hi Gringo,

Here's the RK report. I'm attaching the other. Still no luck with IE working.

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Remove -- Date : 06/22/2013 11:21:37

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SATA Disk Device +++++

--- User ---

[MBR] 9c9b2669875350b52edfd94c450c6197

[bSP] 1f18f6bde0f1cc21fbbaaa1891dbc946 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_D_06222013_112137.txt >>

RKreport[0]_S_06222013_112104.txt

TDSSKiller.2.8.16.0_22.06.2013_11.03.28_log.txt

June 21, 2013

Hi Gringo,

The rootkit tool was run and found nothing, but IE still doesn't work (other browsers do). It looks like Firewall and Windows Update is working (although it said a maintenance operation was in progress). Here's my log:

Run date: 2013-06-03 13:37:55

-----------------------------

13:37:55.825 OS Version: Windows x64 6.2.9200

13:37:55.826 Number of processors: 4 586 0x1001

13:37:55.827 ComputerName: LAPTOP-PC UserName: User

13:37:55.829 Initialze error 1

13:39:13.120 AVAST engine defs: 13060301

13:43:52.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039

13:43:52.250 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11

13:43:52.259 Disk 0 MBR read successfully

13:43:52.262 Disk 0 MBR scan

13:43:52.268 Disk 0 unknown MBR code

13:43:52.280 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1

13:43:52.286 Disk 0 scanning C:\Windows\system32\drivers

13:43:52.289 Service scanning

13:43:53.053 Modules scanning

13:43:53.058 Disk 0 trace - called modules:

13:43:53.070 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

13:43:53.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ed6060]

13:43:53.078 3 CLASSPNP.SYS[fffff88000b31fea] -> nt!IofCallDriver -> [0xfffffa8008336b10]

13:43:53.084 5 hpdskflt.sys[fffff88001c78339] -> nt!IofCallDriver -> [0xfffffa8007d69a00]

13:43:53.090 7 amd_xata.sys[fffff8800134c634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa8007db87f0]

13:43:53.095 AVAST engine scan C:\Windows

13:43:53.100 AVAST engine scan C:\Windows\system32

13:43:53.105 AVAST engine scan C:\Windows\system32\drivers

13:43:53.110 AVAST engine scan C:\Users\User

13:43:53.116 AVAST engine scan C:\ProgramData

13:43:53.121 Scan finished successfully

13:44:03.419 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"

13:44:03.424 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Run date: 2013-06-21 17:29:29

-----------------------------

17:29:29.951 OS Version: Windows x64 6.2.9200

17:29:29.951 Number of processors: 4 586 0x1001

17:29:29.953 ComputerName: LAPTOP-PC UserName: User

17:29:30.454 Initialze error 1

17:31:07.017 AVAST engine defs: 13062102

17:31:17.357 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b

17:31:17.359 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11

17:31:17.380 Disk 0 MBR read successfully

17:31:17.382 Disk 0 MBR scan

17:31:17.399 Disk 0 unknown MBR code

17:31:17.403 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1

17:31:17.417 Disk 0 scanning C:\Windows\system32\drivers

17:31:17.420 Service scanning

17:31:18.086 Modules scanning

17:31:18.093 Disk 0 trace - called modules:

17:31:18.123 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

17:31:18.130 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800819a060]

17:31:18.138 3 CLASSPNP.SYS[fffff88001401fea] -> nt!IofCallDriver -> [0xfffffa80080f0b10]

17:31:18.149 5 hpdskflt.sys[fffff88001c02339] -> nt!IofCallDriver -> [0xfffffa8007da9b20]

17:31:18.154 7 amd_xata.sys[fffff880012a8634] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa8007dcb7f0]

17:31:18.160 AVAST engine scan C:\Windows

17:31:18.170 AVAST engine scan C:\Windows\system32

17:31:18.175 AVAST engine scan C:\Windows\system32\drivers

17:31:18.180 AVAST engine scan C:\Users\User

17:31:18.186 AVAST engine scan C:\ProgramData

17:31:18.190 Scan finished successfully

17:31:31.245 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"

17:31:31.286 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Thanks!

June 16, 2013

Hello,

I followed the steps in the link and deleted browsing history and all the rest of the boxes. Internet Explorer still does not work and the Internet Options link still appears in grayscale when I try to do the first steps you suggested. Not sure what to do. I tried a full reinstall of IE before and it still wasn't working.

Thanks.

June 13, 2013

Thanks. I will retry tonight once I'm home.

One thing I have noticed, and I don't know if it's related to the issues I was having with malware before, is this: "TiWorker.exe Windows Modules Installer Worker" sometimes taking up 99% of my Disk usage in my Task Manager. This has been happening over the last few days since I've done a Windows update. Is it something to be concerned about?

Thanks again.

June 13, 2013

Hi Gringo,

Sorry for the delay. I've been away. I tried following the steps in the link but once I click on 'control panel' it brings me to a different screen without the option shown on the link.

Thanks

Events

Profiles

Forums

Posts posted by historybuff77

Important Information