Jump to content

rivche1979

Honorary Members
  • Posts

    63
  • Joined

  • Last visited

Everything posted by rivche1979

  1. And here is the Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/16/2014 Scan Time: 10:55:26 PM Logfile: Malwarebytes Anti-Malware log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.17.03 Rootkit Database: v2014.07.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: ANNA Scan Type: Threat Scan Result: Completed Objects Scanned: 280577 Time Elapsed: 13 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Thanks!
  2. Here is the Java log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jul 16 22:21:13 2014 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_15 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_17 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_20 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_22 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_23 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_24 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_26 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_29 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_30 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_31 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.6.0_38 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.7.0_15 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.7.0_17 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.7.0_21 Found and removed: C:\Users\ANNA\AppData\LocalLow\Sun\Java\jre1.7.0_25 There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Software\Classes\JavaPlugin.160_30 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_SUN Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FA5D4CDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4ADB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4BDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4CDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52AAFD69654C07446983ADA1256FC7A9 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD9BB15F1AC776D49B768EDF5A02B896 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1215CC4312C58A4A8F9D630115FB457 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins
  3. Thank you! I will do the tests tomorrow night. I am on a work trip.
  4. Here is the Farbar logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014 Ran by ANNA (administrator) on ANNA-PC on 11-07-2014 06:15:06 Running from C:\Users\ANNA\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Kmaestro) C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\Kmaestro.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Koninklijke Philips Electronics N.V.) C:\Users\ANNA\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.) HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.) HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [btcMaestro] => C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe [344064 2007-10-22] (Kmaestro) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.) HKLM\...\Run: [hpqSRMon] => [X] HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13797920 2009-07-23] (NVIDIA Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard) HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {2bdbe6bb-e0a9-11de-931f-806e6f6e6963} - G:\WIN\setup.exe HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {38457520-41b8-11e2-9270-806e6f6e6963} - H:\MotoCastSetup.exe -a HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {d10824d2-7cfc-11e1-91fc-001f16714496} - G:\MotoCastSetup.exe -a HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {d2627f9d-9206-11e0-882b-001f16714496} - G:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\ANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Extension: Microsoft .NET Framework Assistant - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-31] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-10-11] ========================== Services (Whitelisted) ================= R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2009-08-22] (Symantec Corporation) R1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2011-10-10] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-27] (Symantec Corporation) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110729.030\IDSvix86.sys [367736 2011-06-25] (Symantec Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-11] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVENG.SYS [86008 2011-05-17] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVEX15.SYS [1542392 2011-05-17] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-08-22] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-08-22] (Symantec Corporation) S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [37248 2010-06-08] () R0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-08-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2009-09-10] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-08-22] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-21] (Symantec Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Nmea; system32\DRIVERS\pctnullport.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 PCASp50; System32\Drivers\PCASp50.sys [X] S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X] S3 SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS [X] S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMFW.SYS [X] S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [X] S3 SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\System32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303 C:\Windows\System32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE C:\Windows\System32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7 C:\Windows\System32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5 C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360 C:\Windows\System32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\System32\drivers\aliide.sys 3D76FDA1A10ACC3DC84728F55C29B6D4 C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578 C:\Windows\System32\drivers\amdide.sys 5B92E7839F5A1FBC1B39DE67758AD6F8 C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48 C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D C:\Windows\System32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522 C:\Windows\System32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945 C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\DRIVERS\athr.sys 600EFE56F37ADBD65A0FB076B50D1B8D C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys 76154FA6A742C613B44BB636B1A7C057 C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys 3182B846490DC4D71FABD4A8CB6B73EA C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56 C:\Windows\System32\drivers\cmdide.sys D36372A6EA6805EFBE8884D10772313F C:\Windows\System32\drivers\CHDRT32.sys 1ADF6F4852E7D7E2E8AC481BDB970586 C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410 C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys ==> MD5 is legit C:\Windows\System32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61 C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5 C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\System32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6 C:\Windows\System32\DRIVERS\HpqKbFiltr.sys 35956140E686D53BF676CF0C778880FC C:\Windows\System32\DRIVERS\HSX_DPV.sys CC267848CB3508E72762BE65734E764D C:\Windows\System32\DRIVERS\HSXHWAZL.sys A2882945CC4B6E3E4E9E825590438888 C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\System32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4 C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\System32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110729.030\IDSvix86.sys ==> MD5 is legit C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\intelide.sys DD512A049BD7B4BCE8A83554C5EFF2C1 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1 C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\System32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614 C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\System32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\System32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\System32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365 C:\Windows\System32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A C:\Windows\System32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3 C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76 C:\Windows\System32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879 C:\Windows\System32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99 C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\System32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6 C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\System32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys AA305CFF241DA187BD5077DE4A2A043D C:\Windows\System32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7 C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVENG.SYS ==> MD5 is legit C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVEX15.SYS ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\NETw3v32.sys 35D5458D9A1B26B2005ABFFBF4C1C5E7 C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\DRIVERS\nvmfdx32.sys AE78A7285DF03A277415FC62F8CE8F24 C:\Windows\System32\drivers\nvhda32v.sys B0DD52428BF564F5FC5EE331060BE2A6 C:\Windows\System32\DRIVERS\nvlddmkm.sys 9DAC05D828E56801FD6CE5FDFCED64AF C:\Windows\System32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101 C:\Windows\System32\DRIVERS\nvsmu.sys 0FB6BF3AB170FC5BD403D25E134EAFDE C:\Windows\System32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177 C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B C:\Windows\System32\DRIVERS\NWADIenum.sys 93213C7EC08E01E37A935BF144E75DF6 C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9 C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\System32\DRIVERS\processr.sys 2027293619DD0F047C584CF2E7DF4FFD C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\System32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6 C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\RimSerial.sys D9B34325EE5DF78B8F28A3DE9F577C7D C:\Windows\System32\Drivers\RootMdm.sys 75E8A6BFA7374ABA833AE92BF41AE4E6 C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\System32\drivers\RTSTOR.SYS 8DAB5975B5C7923D61506A48E251DBAD C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5 C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3 C:\Windows\System32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2 C:\Windows\System32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94 C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS E81F6CAEAB9AD5732E94C07C97866AA2 C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS E28DE499D942B08058BFFAC69D4122B6 C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\System32\DRIVERS\swmsflt.sys 3D4776AB6520240AE06D277AC45BF836 C:\Windows\System32\DRIVERS\swmx00.sys AF88AE62B84D016EB5BDC12DDF1005A3 C:\Windows\System32\DRIVERS\SWNC5E00.sys 24BCE62E4DA07C6488E3A7FF37A6B6AE C:\Windows\System32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS D0885F6E24259A6C65E68D6AD749910A C:\Windows\system32\Drivers\SYMEVENT.SYS A54FF04BD6E75DC4D8CB6F3E352635E0 C:\Windows\System32\DRIVERS\SymIMv.sys 34F1C9D5DCC19DF1E824D6B73767B8AF C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS 26BC80EC79D7BA478249C266CBDF17B4 C:\Windows\System32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\System32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 00B19F27858F56181EDB58B71A7C67A0 C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27 C:\Windows\System32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C C:\Windows\System32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\System32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE C:\Windows\System32\drivers\viaide.sys EA1AA6E3ABB3C194FEBA12A46DE8CF2C C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\System32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\HSX_CNXT.sys 0ACD399F5DB3DF1B58903CF4949AB5A8 C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B C:\Windows\System32\DRIVERS\yk60x86.sys 7D1F3B131D503EF43EE594B5A2B9B427 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-11 06:15 - 2014-07-11 06:15 - 00036073 _____ () C:\Users\ANNA\Downloads\FRST.txt 2014-07-11 06:14 - 2014-07-11 06:14 - 01075200 _____ (Farbar) C:\Users\ANNA\Downloads\FRST.exe 2014-07-11 06:12 - 2014-07-11 06:12 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-11 06:12 - 2014-07-11 06:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-11 06:09 - 2014-07-11 06:09 - 00000149 _____ () C:\Users\ANNA\Desktop\ESET Text.txt 2014-07-10 21:41 - 2014-07-10 21:41 - 00000000 ____D () C:\Program Files\ESET 2014-07-10 21:40 - 2014-07-10 21:40 - 02347384 _____ (ESET) C:\Users\ANNA\Downloads\esetsmartinstaller_enu.exe 2014-07-10 03:40 - 2014-07-10 03:40 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-07-09 20:57 - 2014-07-10 07:13 - 00000000 ____D () C:\AdwCleaner 2014-07-09 20:56 - 2014-07-09 20:56 - 01348263 _____ () C:\Users\ANNA\Downloads\adwcleaner_3.215.exe 2014-07-09 20:54 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-07-09 20:54 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-07-09 20:54 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-07-09 20:54 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-07-09 20:54 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-07-09 20:54 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-07-09 20:54 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-07-09 20:54 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-07-09 20:54 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-07-09 20:54 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-07-09 20:54 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-07-09 20:54 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-07-09 20:54 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-07-09 20:53 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 20:53 - 2014-04-04 19:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-07-09 20:53 - 2013-10-29 19:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-07-09 20:53 - 2013-10-29 18:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-07-09 20:53 - 2013-10-29 17:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-07-09 20:53 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-07-09 20:52 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 20:52 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 20:52 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-07-09 20:52 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-07-09 20:52 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-07-09 20:52 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-07-09 20:52 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-07-09 20:52 - 2011-05-05 06:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-07-09 20:51 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-07-09 20:51 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-07-09 20:50 - 2014-02-05 18:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-07-09 20:50 - 2013-10-10 19:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-07-09 20:50 - 2013-10-10 19:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-07-09 20:50 - 2013-10-10 19:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2014-07-09 20:50 - 2013-10-10 17:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-07-09 20:50 - 2013-10-10 17:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-07-09 20:50 - 2013-10-03 05:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-07-09 20:49 - 2013-10-22 00:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-07-09 20:49 - 2013-10-10 19:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-07-09 20:49 - 2013-10-10 19:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-07-09 20:49 - 2013-10-10 17:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF 2014-07-09 20:49 - 2013-10-03 05:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-07-09 20:49 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-07-09 20:48 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 20:48 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 20:48 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 20:48 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 20:48 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 20:48 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 20:48 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-09 20:48 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 20:48 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 20:48 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-09 20:48 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 20:48 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 20:48 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 20:48 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 20:48 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-09 20:48 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 20:48 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 20:48 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-09 20:48 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 20:48 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-07-09 20:48 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 20:48 - 2014-01-30 00:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-07-09 20:48 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-07-09 20:48 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-07-09 20:48 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-07-09 20:48 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-07-09 20:48 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-07-09 20:47 - 2013-11-12 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-07-09 20:39 - 2014-07-09 20:39 - 00000000 ____D () C:\Windows\ERUNT 2014-07-09 20:32 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\ANNA\Desktop\JRT_NEW.exe 2014-07-09 06:43 - 2014-07-09 06:43 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-09 06:43 - 2014-07-09 06:43 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-09 06:38 - 2014-07-09 06:39 - 04766808 _____ () C:\Users\ANNA\Downloads\RogueKiller.exe 2014-07-08 22:58 - 2014-07-08 22:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ANNA\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-08 22:57 - 2014-07-08 22:57 - 00000733 _____ () C:\Users\ANNA\Desktop\NTREGOPT.lnk 2014-07-08 22:57 - 2014-07-08 22:57 - 00000714 _____ () C:\Users\ANNA\Desktop\ERUNT.lnk 2014-07-08 22:57 - 2014-07-08 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-08 22:57 - 2014-07-08 22:57 - 00000000 ____D () C:\Program Files\ERUNT 2014-07-08 22:44 - 2014-07-08 22:44 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\ANNA\Downloads\rkill.exe 2014-07-06 15:03 - 2014-07-11 06:15 - 00000000 ____D () C:\FRST 2014-07-06 13:53 - 2014-07-11 06:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 13:51 - 2014-07-08 23:00 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-06 13:51 - 2014-07-08 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-06 13:51 - 2014-07-08 23:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-06 13:51 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-06 13:51 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 13:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== One Month Modified Files and Folders ======= 2014-07-11 06:15 - 2014-07-11 06:15 - 00036073 _____ () C:\Users\ANNA\Downloads\FRST.txt 2014-07-11 06:15 - 2014-07-06 15:03 - 00000000 ____D () C:\FRST 2014-07-11 06:14 - 2014-07-11 06:14 - 01075200 _____ (Farbar) C:\Users\ANNA\Downloads\FRST.exe 2014-07-11 06:12 - 2014-07-11 06:12 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-11 06:12 - 2014-07-11 06:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-11 06:12 - 2009-12-23 07:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-11 06:10 - 2014-07-06 13:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-11 06:09 - 2014-07-11 06:09 - 00000149 _____ () C:\Users\ANNA\Desktop\ESET Text.txt 2014-07-11 05:51 - 2009-03-12 06:37 - 01735793 _____ () C:\Windows\WindowsUpdate.log 2014-07-11 05:43 - 2013-02-24 03:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-11 05:37 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-11 05:37 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-10 22:58 - 2011-09-08 22:10 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-10 21:41 - 2014-07-10 21:41 - 00000000 ____D () C:\Program Files\ESET 2014-07-10 21:40 - 2014-07-10 21:40 - 02347384 _____ (ESET) C:\Users\ANNA\Downloads\esetsmartinstaller_enu.exe 2014-07-10 21:37 - 2009-06-06 19:53 - 00048032 _____ () C:\ProgramData\nvModes.001 2014-07-10 21:37 - 2009-06-06 19:52 - 00048032 _____ () C:\ProgramData\nvModes.dat 2014-07-10 07:22 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-10 07:16 - 2009-03-12 07:13 - 00000246 _____ () C:\ProgramData\hpqp.ini 2014-07-10 07:15 - 2008-01-20 19:47 - 00055796 _____ () C:\Windows\PFRO.log 2014-07-10 07:15 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-10 07:13 - 2014-07-09 20:57 - 00000000 ____D () C:\AdwCleaner 2014-07-10 07:13 - 2006-11-02 06:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-10 06:58 - 2011-09-08 22:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-10 04:42 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache 2014-07-10 04:40 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-10 04:25 - 2009-03-12 07:25 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-10 04:21 - 2006-11-02 05:47 - 00314048 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 04:20 - 2008-10-25 17:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-10 04:17 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 03:55 - 2008-10-25 16:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-10 03:40 - 2014-07-10 03:40 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-07-10 03:23 - 2013-07-31 21:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 03:11 - 2011-01-16 04:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-09 20:56 - 2014-07-09 20:56 - 01348263 _____ () C:\Users\ANNA\Downloads\adwcleaner_3.215.exe 2014-07-09 20:39 - 2014-07-09 20:39 - 00000000 ____D () C:\Windows\ERUNT 2014-07-09 20:29 - 2011-04-18 17:56 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-07-09 06:51 - 2009-05-31 14:19 - 00000000 ____D () C:\Users\ANNA\AppData\Local\Google 2014-07-09 06:43 - 2014-07-09 06:43 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-09 06:43 - 2014-07-09 06:43 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-09 06:39 - 2014-07-09 06:38 - 04766808 _____ () C:\Users\ANNA\Downloads\RogueKiller.exe 2014-07-08 23:43 - 2013-02-24 03:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-08 23:43 - 2011-09-08 22:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-08 23:00 - 2014-07-06 13:51 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-08 23:00 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-08 23:00 - 2014-07-06 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-08 22:59 - 2014-07-08 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ANNA\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-08 22:57 - 2014-07-08 22:57 - 00000733 _____ () C:\Users\ANNA\Desktop\NTREGOPT.lnk 2014-07-08 22:57 - 2014-07-08 22:57 - 00000714 _____ () C:\Users\ANNA\Desktop\ERUNT.lnk 2014-07-08 22:57 - 2014-07-08 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-08 22:57 - 2014-07-08 22:57 - 00000000 ____D () C:\Program Files\ERUNT 2014-07-08 22:44 - 2014-07-08 22:44 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\ANNA\Downloads\rkill.exe 2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-26 19:10 - 2008-10-25 16:41 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-06-26 17:38 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\ANNA\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\ANNA\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\ANNA\AppData\Local\Temp\HPQSi.exe C:\Users\ANNA\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\ANNA\AppData\Local\Temp\Quarantine.exe C:\Users\ANNA\AppData\Local\Temp\Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} displayorder {current} toolsdisplayorder {memdiag} timeout 30 resume No Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae2-0007e994107d} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {bootloadersettings} recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} nx OptIn Resume from Hibernate --------------------- identifier {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi LastRegBack: 2014-07-10 07:21 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-07-2014 Ran by ANNA at 2014-07-11 06:16:22 Running from C:\Users\ANNA\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden ActiveLink Connect (HKCU\...\ActiveLink Connect) (Version: 5.5.2.15857 - Koninklijke Philips Electronics N.V.) ActiveLink Connect (Version: 5.5.2.15857 - Koninklijke Philips Electronics N.V.) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant) CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden ffdshow (remove only) (HKLM\...\ffdshow) (Version: - ) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - ) HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard) HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP) HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP) HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard) HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company) HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP) HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard) HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP) HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard) HP Wireless Multimedia Keyboard and Mouse Driver V1.3 (HKLM\...\BtcMaestro) (Version: - ) HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company) IGT Slots Cleopatra II (HKLM\...\{3802A5D4-A02C-44B0-8CE0-5FE36A048004}) (Version: 1.00.0000 - Encore Software, Inc.) InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden iTunes (HKLM\...\{1B6C0E95-182C-48E0-9C4B-4F916308249C}) (Version: 11.0.0.163 - Apple Inc.) J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.300 - Sun Microsystems, Inc.) Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.) LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.) LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden Masque IGT Slots Little Green Men (HKLM\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.3 - Masque Publishing) Masque IGT Slots Lucky Larry's Lobstermania (HKLM\...\{08E9B665-BA03-4380-8494-B1E3E1693DDE}) (Version: 1.0.1 - Masque Publishing) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc) NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.) Norton Internet Security (HKLM\...\NIS) (Version: 16.8.3.6 - Symantec Corporation) Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP) Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.) Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.) PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP) SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts) Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics) Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) ==================== Restore Points ========================= 12-09-2013 10:00:17 Windows Update 12-09-2013 22:13:36 Scheduled Checkpoint 13-09-2013 21:56:03 Windows Update 18-09-2013 05:28:53 Scheduled Checkpoint 19-09-2013 06:15:42 Windows Update 24-09-2013 02:13:12 Scheduled Checkpoint 25-09-2013 05:29:02 Windows Update 27-09-2013 01:51:51 Scheduled Checkpoint 01-10-2013 11:47:25 Windows Update 03-10-2013 05:33:44 Scheduled Checkpoint 05-10-2013 02:37:31 Scheduled Checkpoint 06-10-2013 03:55:47 Scheduled Checkpoint 07-10-2013 02:33:26 Scheduled Checkpoint 08-10-2013 17:42:49 Scheduled Checkpoint 11-10-2013 03:33:21 Scheduled Checkpoint 12-10-2013 01:10:35 Scheduled Checkpoint 07-02-2014 04:09:38 Restore Operation 07-02-2014 04:21:15 Restore Operation 07-02-2014 04:37:41 Restore Operation 27-06-2014 02:09:42 Windows Update 06-07-2014 23:06:49 Scheduled Checkpoint 09-07-2014 07:55:47 Scheduled Checkpoint 09-07-2014 08:54:47 Windows Update 10-07-2014 06:40:00 Scheduled Checkpoint 10-07-2014 10:00:51 Windows Update 11-07-2014 06:47:13 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2EF01189-1884-41F7-AC39-1279C6F3FB0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {6A0BB839-CE02-4AC3-8E26-FD2B2E2D18CC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {93F3CB14-9DF2-42AC-A17C-5F2C384706E6} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {9FA893E1-8206-46CD-9369-5314BF217726} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {CD894EE1-298D-4AA2-A26F-5C8A84A4BF30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {D51E9496-3182-45B7-ADC4-CFFA8476B8AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {E784925C-16F7-427C-A5AD-E09AA06CDCF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2009-06-02 20:29 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll 2008-10-25 17:17 - 2008-10-06 09:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe 2008-10-25 17:17 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll 2008-10-25 17:09 - 2008-09-15 07:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2008-09-30 16:52 - 2008-09-30 16:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2008-09-30 16:56 - 2008-09-30 16:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll 2008-09-30 16:51 - 2008-09-30 16:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll 2008-09-30 16:51 - 2008-09-30 16:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll 2008-09-30 16:51 - 2008-09-30 16:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2008-09-30 16:51 - 2008-09-30 16:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2008-09-30 16:51 - 2008-09-30 16:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll 2008-09-30 16:52 - 2008-09-30 16:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll 2008-10-25 16:06 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2011-09-24 21:18 - 2014-07-11 06:12 - 01952696 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-07-08 23:43 - 2014-07-08 23:43 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #4 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/11/2014 06:12:19 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 6.0.2.4262 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1194 Start Time: 01cf9cc1f47df3b0 Termination Time: 188 Error: (07/10/2014 09:37:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 48167868 Error: (07/10/2014 09:37:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 48167868 Error: (07/10/2014 09:37:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/10/2014 08:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2200 Error: (07/10/2014 08:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2200 Error: (07/10/2014 08:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/10/2014 07:16:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 04:22:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 10:53:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/10/2014 07:17:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (07/10/2014 07:16:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/10/2014 07:15:53 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Error: (07/10/2014 04:24:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (07/10/2014 04:22:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/10/2014 03:55:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Search%%1053 Error: (07/10/2014 03:55:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Search Error: (07/10/2014 03:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Search%%1053 Error: (07/10/2014 03:50:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Search Error: (07/10/2014 03:42:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Search%%1053 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-11 06:16:17.014 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:16.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:15.165 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:14.242 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:13.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:12.206 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:11.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:16:10.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:15:46.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 06:15:46.034 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 1789.69 MB Available physical RAM: 900.13 MB Total Pagefile: 3827.9 MB Available Pagefile: 2438.04 MB Total Virtual: 2047.88 MB Available Virtual: 1905.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.01 GB) (Free:148.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.5 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (TRAVELDRIVE) (Removable) (Total:0.93 GB) (Free:0.46 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 2D900954) Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 953 MB) (Disk ID: 807AC3F5) Partition 1: (Active) - (Size=953 MB) - (Type=0E) ==================== End Of Log ============================
  5. Here is the ESET log: C:\$RECYCLE.BIN\S-1-5-21-947964275-3921658434-2580060958-1000\$R3H5F7B.exe Win32/AdInstaller potentially unwanted application deleted - quarantined
  6. Here is the malwarebytes log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/10/2014 Scan Time: 7:47:26 AM Logfile: scan log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.09.13 Rootkit Database: v2014.07.09.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: ANNA Scan Type: Threat Scan Result: Completed Objects Scanned: 278222 Time Elapsed: 21 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected)
  7. # AdwCleaner v3.215 - Report created 10/07/2014 at 07:13:28 # Updated 09/07/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : ANNA - ANNA-PC # Running from : C:\Users\ANNA\Downloads\adwcleaner_3.215.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\ANNA\AppData\Local\PackageAware File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B4353C-2E8A-4F44-A446-7A1D5E7033A4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16561 -\\ Mozilla Firefox v6.0.2 (en-US) [ File : C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\prefs.js ] Here is the adcleaner log. ************************* AdwCleaner[R0].txt - [2591 octets] - [09/07/2014 20:57:13] AdwCleaner[R1].txt - [2651 octets] - [09/07/2014 21:08:06] AdwCleaner[R2].txt - [2711 octets] - [09/07/2014 23:10:42] AdwCleaner[R3].txt - [2771 octets] - [10/07/2014 07:06:54] AdwCleaner[s0].txt - [2732 octets] - [10/07/2014 07:13:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2792 octets] ##########
  8. Adwarecleaner does not seem to progess past pending stage
  9. Ok here is the JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x86 Ran by ANNA on Wed 07/09/2014 at 20:39:29.02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-947964275-3921658434-2580060958-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Users\ANNA\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Users\ANNA\appdata\locallow\totalrecipesearch_14" Successfully deleted: [Folder] "C:\Users\ANNA\Local Settings\Application Data\iac" Successfully deleted: [Folder] "C:\Users\ANNA\Local Settings\Application Data\totalrecipesearch_14" Successfully deleted: [Folder] "C:\Program Files\televisionfanaticei" Successfully deleted: [Folder] "C:\Program Files\totalrecipesearch_14" ~~~ FireFox Successfully deleted the following from C:\Users\ANNA\AppData\Roaming\mozilla\firefox\profiles\wh3c05pg.default\prefs.js user_pref("browser.search.defaultenginename", "My Web Search"); user_pref("browser.search.selectedEngine", "My Web Search"); user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&p2=^YK^xdm003^S05530^us&si=CPqa4tjg9bYCFYU5Q user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&ind=201305012 user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&p2=^YK^xdm003^S0553 user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", true); user_pref("extensions.toolbar.mindspark._14Members_.initialized", true); user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2013050120"); user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "^YK^xdm003^S05530^us"); user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "CPqa4tjg9bYCFYU5QgodkRkAww"); user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true); user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B"); user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1404883550812"); user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true); user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true); user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "90001"); user_pref("extensions.toolbar.mindspark.hp.enabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "totalrecipesearch@mindspark.com"); user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com"); user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&ind=2013050120&p2=^YK^xdm003^S05530 ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/09/2014 at 20:47:40.54 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. And here is the roguekiller: RogueKiller V9.2.1.0 [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : ANNA [Admin rights] Mode : Scan -- Date : 07/09/2014 06:58:02 ¤¤¤ Bad processes : 2 ¤¤¤ [suspicious.Path] ALconnect.exe -- C:\Users\ANNA\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe[7] -> KILLED [TermProc] [suspicious.Path] (SVC) IDSVix86 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110729.030\IDSvix86.sys[7] -> ERROR [41c] ¤¤¤ Registry Entries : 14 ¤¤¤ [suspicious.Path] HKEY_USERS\S-1-5-21-947964275-3921658434-2580060958-1000\Software\Microsoft\Windows\CurrentVersion\Run | ALconnect : C:\Users\ANNA\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVix86 -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVix86 -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDSVix86 -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVENG -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVEX15 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2C48D179-195B-4C2D-A431-FCD93924E234} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 55 (Driver: LOADED) ¤¤¤ [sSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87b8d110 [sSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87b87d98 [sSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87c4dda0 [sSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x878ce320 [sSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x87ba1830 [sSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x87c81960 [sSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x87c4c848 [sSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x87b895d8 [sSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x87bbb738 [sSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87bcfd98 [sSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87c4ff00 [sSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x87b5a110 [sSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x87b89110 [sSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x878cf510 [sSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87c4b6d8 [sSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x87b95068 [sSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87bbd4d8 [sSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8f0802e8 [sSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x87b6d8e8 [sSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x87bccac8 [sSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x87ba12e0 [sSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87b6bb30 [sSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8f1cd160 [sSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87b6a588 [sSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x87bbd110 [sSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x87ba3268 [sSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87b82570 [sSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x87cc6fd0 [sSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x87bba020 [sSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x8eff17b8 [sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87c4c340 [sSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x87b9fb58 [shwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x8fc2c048 [shwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x8f339230 [shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x8f822cf8 [shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x8fc95228 [shwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x943ad928 [shwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x8f33d770 [shwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x8fdd50b0 [shwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x8f33d840 [shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8fdd5678 [shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8fdd5530 [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys) [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\HDAudBus.sys) [Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk1\DR3 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys) [Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys) [EAT:Addr] (iexplore.exe) DCIMAN32.dll - AcroBrwSetCallbacks : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d6607 [EAT:Addr] (iexplore.exe) DCIMAN32.dll - AcroBrwSubclassWindow : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d6821 [EAT:Addr] (iexplore.exe) DCIMAN32.dll - DllCanUnloadNow : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d1d54 [EAT:Addr] (iexplore.exe) DCIMAN32.dll - DllGetClassObject : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d44fc [EAT:Addr] (iexplore.exe) DCIMAN32.dll - DllRegisterServer : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d11a3 [EAT:Addr] (iexplore.exe) DCIMAN32.dll - DllUnregisterServer : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d54ab [EAT:Addr] (iexplore.exe) DCIMAN32.dll - StubInit : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d556c [EAT:Addr] (iexplore.exe) DCIMAN32.dll - StubOnQuit : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d55af [EAT:Addr] (iexplore.exe) DCIMAN32.dll - StubSetSite : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @ 0x750d5595 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM251JI ATA Device +++++ --- User --- [MBR] 46e46edc884177b2c1f8f3c59c91f5d5 [bSP] f6e3acd04269e6293e45dcf8f564a7a8 : Toshiba MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 227333 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465580032 | Size: 11138 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Memorex TD Classic 003C USB Device +++++ --- User --- [MBR] ce8ed468a27703ca460054ce840ddb82 [bSP] 691a08fd252c4cf94d222bc2a6b0a722 : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 8 | Size: 953 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  11. Thank you so much here are the rkill and MBAM logs: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/8/2014 Scan Time: 11:54:01 PM Logfile: mBAM scan.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.09.02 Rootkit Database: v2014.07.07.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: ANNA Scan Type: Threat Scan Result: Completed Objects Scanned: 277587 Time Elapsed: 18 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 18 PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\extensions\14ffxtbr@TotalRecipeSearch_14.com, , [cbeb0f8da8d3ef47c6db7929c63cf30d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome, , [cbeb0f8da8d3ef47c6db7929c63cf30d], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin\chrome, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin\ThirdPartyInstallers, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\gen1, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\IE9Mesg, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\Message, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\Settings, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\css, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\images, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\images\icons, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\js, , [9026306c512ae4527d4cfaae8082d32d], Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/8/2014 Scan Time: 11:54:01 PM Logfile: mBAM scan.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.09.02 Rootkit Database: v2014.07.07.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: ANNA Scan Type: Threat Scan Result: Completed Objects Scanned: 277587 Time Elapsed: 18 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 18 PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\extensions\14ffxtbr@TotalRecipeSearch_14.com, , [cbeb0f8da8d3ef47c6db7929c63cf30d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome, , [cbeb0f8da8d3ef47c6db7929c63cf30d], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin\chrome, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\1.bin\ThirdPartyInstallers, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\gen1, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\IE9Mesg, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\Message, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Program Files\TotalRecipeSearch_14\bar\Settings, , [4f67efad5d1ee551aef68f131ce6649c], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\css, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\images, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\images\icons, , [9026306c512ae4527d4cfaae8082d32d], PUP.Optional.MindSpark.A, C:\Users\ANNA\AppData\Local\TotalRecipeSearch_14\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2\js, , [9026306c512ae4527d4cfaae8082d32d], Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. Hello, Just checking in again to see if someone could help me. The last time I was helped here with a separate computer was perfect. Hopefully someone will take a look at the logs and see something. Thanks!
  13. Hi, Just bumping up this message in hopes that someone may be able to provide help. Thanks!
  14. My mother has a Compaq Presario CQ60-215DX Notebook PC with Athlon X2 32 bit processor. It will not connect to the internet and I think it may be malware. I was helped before on my laptop so I hope that you can help me again with my mom's laptop. Here are the 2 logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01Ran by ANNA (administrator) on ANNA-PC on 06-07-2014 15:03:37Running from F:\MOM'S COMPUTER REPAIRPlatform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe() C:\Program Files\SMINST\BLService.exe() C:\Program Files\CyberLink\Shared files\RichVideo.exe(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe(Kmaestro) C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\Kmaestro.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Koninklijke Philips Electronics N.V.) C:\Users\ANNA\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)HKLM\...\Run: [updatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [btcMaestro] => C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe [344064 2007-10-22] (Kmaestro)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)HKLM\...\Run: [hpqSRMon] => [X]HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13797920 2009-07-23] (NVIDIA Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-05-31] (Google Inc.)HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\Run: [ALconnect] => C:\Users\ANNA\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [741504 2012-06-18] (Koninklijke Philips Electronics N.V.)HKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: G - G:\LaunchU3.exe -aHKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {2bdbe6bb-e0a9-11de-931f-806e6f6e6963} - G:\WIN\setup.exeHKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {38457520-41b8-11e2-9270-806e6f6e6963} - H:\MotoCastSetup.exe -aHKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {d10824d2-7cfc-11e1-91fc-001f16714496} - G:\MotoCastSetup.exe -aHKU\S-1-5-21-947964275-3921658434-2580060958-1000\...\MountPoints2: {d2627f9d-9206-11e0-882b-001f16714496} - G:\LaunchU3.exe -aStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\ANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm003^S05530^us&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&si=CPqa4tjg9bYCFYU5QgodkRkAwwHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbURLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)URLSearchHook: HKCU - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll No FileSearchScopes: HKLM - {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKLM - {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDFSearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S05530^us&si=CPqa4tjg9bYCFYU5QgodkRkAww&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&psa=&ind=2013050116&st=sb&n=77fcb504&searchfor={searchTerms}SearchScopes: HKCU - {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S05530^us&si=CPqa4tjg9bYCFYU5QgodkRkAww&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&psa=&ind=2013050116&st=sb&n=77fcb504&searchfor={searchTerms}BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF ProfilePath: C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.defaultFF DefaultSearchEngine: My Web SearchFF SelectedSearchEngine: My Web SearchFF Homepage: hxxp://home.mywebsearch.com/index.jhtml?ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&p2=^YK^xdm003^S05530^us&si=CPqa4tjg9bYCFYU5QgodkRkAwwFF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7F9DDB4E-E5EC-4BB2-84EE-C67D17D08A9B&n=77fcb508&ind=2013050120&p2=^YK^xdm003^S05530^us&si=CPqa4tjg9bYCFYU5QgodkRkAww&searchfor=FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @TotalRecipeSearch_14.com/Plugin - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF SearchPlugin: C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\searchplugins\my-web-search.xmlFF Extension: TotalRecipeSearch - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\Extensions\14ffxtbr@TotalRecipeSearch_14.com [2013-05-01]FF Extension: Microsoft .NET Framework Assistant - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\wh3c05pg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-31]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011-12-26]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31]FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-10-11]FF HKLM\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files\TotalRecipeSearch_14\bar\1.binFF Extension: TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013-05-01] ========================== Services (Whitelisted) ================= R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]R2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2009-08-22] (Symantec Corporation)R1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2011-10-10] (Symantec Corporation)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-27] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-27] (Symantec Corporation)R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110729.030\IDSvix86.sys [367736 2011-06-25] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-06] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVENG.SYS [86008 2011-05-17] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110730.002\NAVEX15.SYS [1542392 2011-05-17] (Symantec Corporation)S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-08-22] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-08-22] (Symantec Corporation)S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [37248 2010-06-08] ()R0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-08-22] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2009-09-10] (Symantec Corporation)R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-08-22] (Symantec Corporation)R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-21] (Symantec Corporation)S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 Nmea; system32\DRIVERS\pctnullport.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 PCASp50; System32\Drivers\PCASp50.sys [X]S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]S3 SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS [X]S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMFW.SYS [X]S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [X]S3 SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 15:03 - 2014-07-06 15:03 - 00000000 ____D () C:\FRST2014-07-06 13:53 - 2014-07-06 14:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-06 13:51 - 2014-07-06 13:51 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-07-06 13:51 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-06 13:51 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-06 13:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== One Month Modified Files and Folders ======= 2014-07-06 15:05 - 2009-03-12 06:37 - 01889785 _____ () C:\Windows\WindowsUpdate.log2014-07-06 15:03 - 2014-07-06 15:03 - 00000000 ____D () C:\FRST2014-07-06 14:55 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-06 14:52 - 2009-06-06 19:53 - 00048032 _____ () C:\ProgramData\nvModes.0012014-07-06 14:52 - 2009-03-12 07:13 - 00000246 _____ () C:\ProgramData\hpqp.ini2014-07-06 14:51 - 2014-07-06 13:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-06 14:49 - 2009-06-06 19:52 - 00048032 _____ () C:\ProgramData\nvModes.dat2014-07-06 14:48 - 2011-09-08 22:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-06 14:48 - 2011-09-08 22:10 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-06 14:48 - 2008-01-20 19:47 - 00054822 _____ () C:\Windows\PFRO.log2014-07-06 14:48 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-06 14:48 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-07-06 14:48 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-07-06 14:47 - 2006-11-02 06:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-07-06 14:43 - 2013-02-24 03:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-06 13:51 - 2014-07-06 13:51 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-06 13:51 - 2014-07-06 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-06-26 19:10 - 2008-10-25 16:41 - 00000000 ____D () C:\Program Files\Microsoft Office Some content of TEMP:====================C:\Users\ANNA\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exeC:\Users\ANNA\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\ANNA\AppData\Local\Temp\HPQSi.exeC:\Users\ANNA\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\ANNA\AppData\Local\Temp\Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-06 14:57 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01Ran by ANNA at 2014-07-06 15:06:58Running from F:\MOM'S COMPUTER REPAIRBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden4500_Help (Version: 1.00.0000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenActivation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) HiddenActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) HiddenActiveLink Connect (HKCU\...\ActiveLink Connect) (Version: 5.5.2.15857 - Koninklijke Philips Electronics N.V.)ActiveLink Connect (Version: 5.5.2.15857 - Koninklijke Philips Electronics N.V.) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hiddenbpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (Version: 100.0.170.000 - Hewlett-Packard) HiddenCisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenCyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) HiddenDestination Component (Version: 100.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) HiddenDeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenDocMgr (Version: 100.0.201.000 - Hewlett-Packard) HiddenDocProc (Version: 10.0.0.0 - Hewlett-Packard) HiddenDocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenFax (Version: 100.0.187.000 - Hewlett-Packard) Hiddenffdshow (remove only) (HKLM\...\ffdshow) (Version: - )Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.21.153 - Google Inc.) HiddenGoogle Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) HiddenHP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)HP Wireless Multimedia Keyboard and Mouse Driver V1.3 (HKLM\...\BtcMaestro) (Version: - )HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) HiddenHPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) HiddenHPSSupply (Version: 100.0.170.000 - Hewlett-Packard) HiddenHPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)IGT Slots Cleopatra II (HKLM\...\{3802A5D4-A02C-44B0-8CE0-5FE36A048004}) (Version: 1.00.0000 - Encore Software, Inc.)InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) HiddeniTunes (HKLM\...\{1B6C0E95-182C-48E0-9C4B-4F916308249C}) (Version: 11.0.0.163 - Apple Inc.)J4500 (Version: 50.0.165.000 - Hewlett-Packard) HiddenJava Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) HiddenJava 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)LabelPrint (Version: 2.5.0926 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) HiddenMasque IGT Slots Little Green Men (HKLM\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.3 - Masque Publishing)Masque IGT Slots Lucky Larry's Lobstermania (HKLM\...\{08E9B665-BA03-4380-8494-B1E3E1693DDE}) (Version: 1.0.1 - Masque Publishing)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Mozilla Firefox 6.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0.2 (x86 en-US)) (Version: 6.0.2 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)Norton Internet Security (HKLM\...\NIS) (Version: 16.8.3.6 - Symantec Corporation)Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) HiddenNVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)Power2Go (Version: 6.0.2202 - CyberLink Corp.) HiddenPowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)PowerDirector (Version: 7.0.2201 - CyberLink Corp.) HiddenProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenPSSWCORE (Version: 2.02.0000 - Hewlett-Packard) HiddenPVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) HiddenQuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)Scan (Version: 10.1.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) HiddenSPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)Status (Version: 100.0.175.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)Toolbox (Version: 100.0.170.000 - Hewlett-Packard) HiddenTrayApp (Version: 100.0.170.000 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) HiddenWebReg (Version: 100.0.170.000 - Hewlett-Packard) HiddenYahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) ==================== Restore Points ========================= 31-08-2013 05:45:44 Scheduled Checkpoint02-09-2013 04:41:41 Scheduled Checkpoint03-09-2013 09:17:55 Windows Update04-09-2013 22:32:21 Windows Modules Installer06-09-2013 01:29:43 Scheduled Checkpoint07-09-2013 00:51:23 Scheduled Checkpoint07-09-2013 05:03:12 Windows Update07-09-2013 21:47:27 Scheduled Checkpoint10-09-2013 06:32:10 Windows Update12-09-2013 05:00:52 Windows Update12-09-2013 10:00:17 Windows Update12-09-2013 22:13:36 Scheduled Checkpoint13-09-2013 21:56:03 Windows Update18-09-2013 05:28:53 Scheduled Checkpoint19-09-2013 06:15:42 Windows Update24-09-2013 02:13:12 Scheduled Checkpoint25-09-2013 05:29:02 Windows Update27-09-2013 01:51:51 Scheduled Checkpoint01-10-2013 11:47:25 Windows Update03-10-2013 05:33:44 Scheduled Checkpoint05-10-2013 02:37:31 Scheduled Checkpoint06-10-2013 03:55:47 Scheduled Checkpoint07-10-2013 02:33:26 Scheduled Checkpoint08-10-2013 17:42:49 Scheduled Checkpoint11-10-2013 03:33:21 Scheduled Checkpoint12-10-2013 01:10:35 Scheduled Checkpoint07-02-2014 04:09:38 Restore Operation07-02-2014 04:21:15 Restore Operation07-02-2014 04:37:41 Restore Operation27-06-2014 02:09:42 Windows Update ==================== Hosts content: ========================== 2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {2EF01189-1884-41F7-AC39-1279C6F3FB0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {6A0BB839-CE02-4AC3-8E26-FD2B2E2D18CC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {93F3CB14-9DF2-42AC-A17C-5F2C384706E6} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)Task: {9FA893E1-8206-46CD-9369-5314BF217726} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)Task: {CD894EE1-298D-4AA2-A26F-5C8A84A4BF30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {D3B4353C-2E8A-4F44-A446-7A1D5E7033A4} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-30] (Google)Task: {D51E9496-3182-45B7-ADC4-CFFA8476B8AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {E784925C-16F7-427C-A5AD-E09AA06CDCF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2009-06-02 20:29 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll2008-10-25 17:17 - 2008-10-06 09:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe2008-10-25 17:17 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll2008-10-25 17:09 - 2008-09-15 07:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe2008-09-30 16:52 - 2008-09-30 16:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll2008-09-30 16:56 - 2008-09-30 16:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll2008-09-30 16:51 - 2008-09-30 16:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll2008-09-30 16:51 - 2008-09-30 16:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll2008-09-30 16:51 - 2008-09-30 16:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll2008-09-30 16:51 - 2008-09-30 16:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll2008-09-30 16:51 - 2008-09-30 16:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll2008-09-30 16:52 - 2008-09-30 16:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll2008-10-25 16:06 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe2011-09-24 21:18 - 2011-09-02 23:01 - 01846232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter #2Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #4Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver ==================== Event log errors: ========================= Application errors:==================Error: (07/06/2014 02:50:21 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2014 02:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x1424, application start time 0xmbam.exe0. Error: (07/06/2014 02:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,process id 0x1594, application start time 0xmbam.exe0. Error: (07/06/2014 02:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module yt.dll, version 2007.5.30.1, time stamp 0x465ddd98, exception code 0x40000015, fault offset 0x00088859,process id 0x9a8, application start time 0xmbam.exe0. Error: (07/06/2014 01:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2014 07:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2014 01:49:10 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 09:52:28 PM) (Source: System Restore) (EventID: 8209) (User: )Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: . Error: (02/06/2014 09:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 09:34:46 PM) (Source: System Restore) (EventID: 8209) (User: )Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: . System errors:=============Error: (07/06/2014 02:57:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: Windows Update Error: (07/06/2014 02:53:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053 Error: (07/06/2014 02:53:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0 Error: (07/06/2014 02:50:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: HP CUE DeviceDiscovery Service Error: (07/06/2014 02:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (07/06/2014 02:40:13 PM) (Source: Dhcp) (EventID: 1000) (User: )Description: Your computer has lost the lease to its IP address 192.168.0.11 on the Network Card with network address 00242BC4C50C. Error: (07/06/2014 01:41:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: HP CUE DeviceDiscovery Service Error: (07/06/2014 01:41:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (06/26/2014 07:14:45 PM) (Source: Dhcp) (EventID: 1002) (User: )Description: The IP address lease 192.168.0.11 for the Network Card with network address 00242BC4C50C has been denied by the DHCP server 192.168.43.1 (The DHCP Server sent a DHCPNACK message). Error: (06/26/2014 07:14:37 PM) (Source: Dhcp) (EventID: 1002) (User: )Description: The IP address lease 192.168.43.26 for the Network Card with network address 00242BC4C50C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-07-06 15:06:36.101 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:06:35.290 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:06:34.562 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:06:33.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:05:44.459 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:05:43.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:05:42.212 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:05:41.354 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:03:58.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-06 15:03:57.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 65%Total physical RAM: 1789.69 MBAvailable physical RAM: 622.04 MBTotal Pagefile: 3827.82 MBAvailable Pagefile: 2472.66 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1908.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.01 GB) (Free:149.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (TRAVELDRIVE) (Removable) (Total:0.93 GB) (Free:0.62 GB) FAT ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 233 GB) (Disk ID: 2D900954)Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 953 MB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  15. Here are the DDS logs; DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 Run by Christine at 14:18:19 on 2014-03-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.1649 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Users\Christine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\prevhost.exe C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE C:\Windows\splwow64.exe C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNGMA.EXE C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned> dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned> uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Christine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\051657C697 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\330235071627B63702537484A70216F2E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\84169627021427470235F4 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\94E6475627E65647D245754434 : DHCPNameServer = 204.128.192.14 204.128.192.11 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\E45445745414250333 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\E4544574541425D274575637470223E2437484A70226F276F2E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\E4544574541425D2745756374702537484A70216F2E602 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}\F46756274627966756D2341434 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j573c0l1.default\ FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j573c0l1.default\extensions\{5b6174e1-e579-41de-8b6b-85030765bec0}\plugins\npautobid.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll . ============= SERVICES / DRIVERS =============== . R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-1-26 96768] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-6-7 61288] S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-2-17 91352] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] . =============== Created Last 30 ================ . 2014-03-09 21:04:09 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAF40619-A5F1-4543-A659-72D27B4B57DF}\offreg.dll 2014-03-09 17:17:22 -------- d-----w- C:\ProgramData\Intuit 2014-03-08 03:38:11 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAF40619-A5F1-4543-A659-72D27B4B57DF}\mpengine.dll 2014-03-02 04:19:45 -------- d-----w- C:\5a1db5a4ffc4b00fba65a6 2014-02-28 15:42:40 -------- d-----w- C:\8d4448c186de0e0b442a558d7f6c 2014-02-25 14:39:26 -------- d-----w- C:\a3a27e84ff9ec5e538279e91 2014-02-24 05:32:15 -------- d-----w- C:\OETemp 2014-02-22 14:49:36 -------- d-----w- C:\a512c511a54bc50cf038bb02b8aa 2014-02-22 08:31:19 -------- d-sh--w- C:\$RECYCLE.BIN 2014-02-22 06:54:13 98816 ----a-w- C:\Windows\sed.exe 2014-02-22 06:54:13 256000 ----a-w- C:\Windows\PEV.exe 2014-02-22 06:54:13 208896 ----a-w- C:\Windows\MBR.exe 2014-02-21 15:01:48 -------- d-----w- C:\MATS 2014-02-20 14:43:43 -------- d-----w- C:\Program Files (x86)\IObit 2014-02-19 06:29:06 -------- d-----w- C:\FRST 2014-02-18 06:08:30 -------- d-----w- C:\Program Files (x86)\ESET 2014-02-18 05:03:17 -------- d-----w- C:\AdwCleaner 2014-02-18 03:05:41 -------- d-----w- C:\Windows\ERUNT 2014-02-18 01:39:28 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-18 01:36:37 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-02-13 15:37:55 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-13 15:37:55 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-12 03:31:30 1882112 ----a-w- C:\Windows\System32\msxml3.dll . ==================== Find3M ==================== . 2014-02-21 14:49:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 14:49:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-01-27 06:02:55 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2014-01-27 06:02:55 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll 2014-01-27 06:02:55 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-18 14:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 14:21:51.99 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/5/2010 3:04:41 PM System Uptime: 3/8/2014 4:29:07 PM (22 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 22.44 GiB free. D: is FIXED (NTFS) - 3 GiB total, 0.004 GiB free. E: is Removable J: is CDROM () . ==== Disabled Device Manager Items ============= . ==== Installed Programs ====================== . Adobe AIR Adobe Creative Cloud Adobe Download Assistant Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Help Manager Adobe Photoshop CC Adobe Photoshop Elements 11 Adobe Reader XI (11.0.05) Adobe Shockwave Player 12.0 Adobe Widget Browser Apple Application Support Apple Software Update Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Elements 11 Organizer Epson CreativeZone Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 840 Series Printer Uninstall EpsonNet Config V3 EpsonNet Print EpsonNet Setup 3.3 ERUNT 1.1j ESET Online Scanner v3 ffdshow [rev 2527] [2008-12-19] Google Drive Google Update Helper Gramblr IObit Apps Toolbar v7.6 IrfanView (remove only) Java 7 Update 17 JavaFX 2.1.0 Jpg2Pdf version 1.2 Junk Mail filter update LeapFrog Connect LeapFrog My Pals Plugin LeapFrog MyOwnLeaptop Plugin MediaBar Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MobileMe Control Panel MotoCast Motorola Device Manager Motorola Device Software Update MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.9.0 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 24.3.0 (x86 en-US) MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) Multi PDF Converter PSE11 STI Installer QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.92 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition Shockwave Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) VC80CRTRedist - 8.0.50727.6195 Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== End Of File ===========================
  16. Hello, I had huge issues with my computer a few weeks ago (screen black; browser not connecting to most sites,etc). but Ron Lewis, a very helpful Malwarebytes Forum Community Manager, was able to help me fix almost every issue that I was up against. However, I am still experiencing issues with installing new programs (an error pops up that says it can't install because I am currently trying to install another program--which isn't the case). So I am unable to install any anti-virus and I feel a bit vulnerable right now. Here is my original thread; https://forums.malwarebytes.org/index.php?showtopic=142378#entry791792 Hopefully someone can help me new issue as well. Thanks!!!!!
  17. I got home from work and the updates seemed to have completed. Tried to download and install avira and got the following errors: Avira error.pdf Doc1.pdf
  18. Hi there, So I did as you said. I restarted my computer but its been stuck on installing 3 of 20 updates since last night. How should I proceed?
  19. The Avira error is attached. Here is the log: MiniToolBox by Farbar Version: 23-01-2014 Ran by Christine (administrator) on 23-02-2014 at 21:58:48 Running from "C:\Users\Christine\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.type", 4 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Christine-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 00-1E-65-39-74-D1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN Physical Address. . . . . . . . . : 00-1E-65-39-74-D0 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5d00:6618:7de2:ad32%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.14(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, February 21, 2014 11:10:56 PM Lease Expires . . . . . . . . . . : Monday, February 24, 2014 9:05:56 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 218111589 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9C-7D-D5-00-1E-33-CE-F8-2E DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-1E-33-CE-F8-2E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:49e:247c:3f57:fef1(Preferred) Link-local IPv6 Address . . . . . : fe80::49e:247c:3f57:fef1%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{2BCD0DC8-FD44-45C1-8ECA-4007DE10EF5A}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{3DC82D61-153F-4A42-AA6A-148AFDA10873}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 2607:f8b0:4007:803::1007 74.125.224.78 74.125.224.64 74.125.224.65 74.125.224.66 74.125.224.67 74.125.224.68 74.125.224.69 74.125.224.70 74.125.224.71 74.125.224.72 74.125.224.73 Pinging google.com [74.125.224.67] with 32 bytes of data: Reply from 74.125.224.67: bytes=32 time=41ms TTL=52 Reply from 74.125.224.67: bytes=32 time=36ms TTL=53 Ping statistics for 74.125.224.67: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 41ms, Average = 38ms Server: UnKnown Address: 192.168.1.1 DNS request timed out. timeout was 2 seconds. Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=127ms TTL=46 Reply from 98.138.253.109: bytes=32 time=108ms TTL=46 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 108ms, Maximum = 127ms, Average = 117ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...00 1e 65 39 74 d1 ......Microsoft Virtual WiFi Miniport Adapter 11...00 1e 65 39 74 d0 ......Intel® WiFi Link 5100 AGN 10...00 1e 33 ce f8 2e ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.14 21 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.14 276 192.168.1.14 255.255.255.255 On-link 192.168.1.14 276 192.168.1.255 255.255.255.255 On-link 192.168.1.14 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.14 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.14 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:9d38:6abd:49e:247c:3f57:fef1/128 On-link 11 276 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::49e:247c:3f57:fef1/128 On-link 11 276 fe80::5d00:6618:7de2:ad32/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 11 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (02/23/2014 09:59:02 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:59:01 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:59 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:57 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:55 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:53 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:49 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:48 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:46 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. Error: (02/23/2014 09:58:44 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install. System errors: ============= Error: (02/23/2014 09:28:47 PM) (Source: Service Control Manager) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/23/2014 07:59:57 PM) (Source: bowser) (User: ) Description: The master browser has received a server announcement from the computer MININT-7674OU3 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6ABA751F-EFD8-4EB0-84E9-21AE29CB0356}. The master browser is stopping or an election is being forced. Error: (02/23/2014 07:58:15 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (02/23/2014 06:57:07 AM) (Source: atikmdag) (User: ) Description: Display is not active Error: (02/22/2014 11:22:39 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, is not ready for access yet. Error: (02/22/2014 11:22:39 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (02/22/2014 11:22:38 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, is not ready for access yet. Error: (02/22/2014 11:22:37 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, is not ready for access yet. Error: (02/22/2014 11:22:36 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, is not ready for access yet. Error: (02/22/2014 11:22:35 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, is not ready for access yet. Microsoft Office Sessions: ========================= Error: (02/23/2014 09:59:02 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:59:01 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:59 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:57 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:55 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:53 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:49 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:48 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:46 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/23/2014 09:58:44 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2014-02-21 23:08:38.517 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 23:08:38.297 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Adobe AIR (Version: 3.7.0.1860) Adobe Creative Cloud (Version: 2.3.0.322) Adobe Download Assistant (Version: 1.2.5) Adobe Flash Player 12 ActiveX (Version: 12.0.0.70) Adobe Flash Player 12 Plugin (Version: 12.0.0.70) Adobe Help Manager (Version: 4.0.244) Adobe Photoshop CC (Version: 14.0) Adobe Photoshop Elements 11 (Version: 11.0) Adobe Reader XI (11.0.05) (Version: 11.0.05) Adobe Shockwave Player 12.0 (Version: 12.0.4.144) Adobe Widget Browser (Version: 2.0 Build 348) Adobe Widget Browser (Version: 2.0.348) Apple Application Support (Version: 2.3) Apple Software Update (Version: 2.1.3.127) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox (Version: 2.6.2) Elements 11 Organizer (Version: 11.0) Epson CreativeZone Epson Easy Photo Print 2 (Version: 2.2.3.1) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000) Epson Event Manager (Version: 2.40.0004) Epson FAX Utility (Version: 1.10.00) Epson PC-FAX Driver EPSON Scan EPSON WorkForce 840 Series Printer Uninstall EpsonNet Config V3 (Version: 3.7.0) EpsonNet Print (Version: 2.4j) EpsonNet Setup 3.3 (Version: 3.3b) ERUNT 1.1j ESET Online Scanner v3 ffdshow [rev 2527] [2008-12-19] (Version: 1.0) Google Drive (Version: 1.11.4865.2530) Google Update Helper (Version: 1.3.21.165) Gramblr (Version: 1.0.0) IObit Apps Toolbar v7.6 (Version: 7.6) IrfanView (remove only) (Version: 4.35) Java 7 Update 17 (Version: 7.0.170) JavaFX 2.1.0 (Version: 2.1.0) Jpg2Pdf version 1.2 (Version: 1.2) Junk Mail filter update (Version: 14.0.8117.416) LeapFrog Connect (Version: 5.1.5.17469) LeapFrog My Pals Plugin (Version: 5.1.5.17469) LeapFrog MyOwnLeaptop Plugin (Version: 5.1.5.17469) MediaBar (Version: 2.5.0.100449) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) MobileMe Control Panel (Version: 3.1.5.0) MotoCast (Version: 2.0.31) Motorola Device Manager (Version: 2.3.4) Motorola Device Software Update (Version: 12.10.3002) MOTOROLA MEDIA LINK (Version: 1.9.0002.0) Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0) Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1) Mozilla Maintenance Service (Version: 27.0.1) Mozilla Thunderbird 24.3.0 (x86 en-US) (Version: 24.3.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Multi PDF Converter (Version: 4.6) PSE11 STI Installer (Version: 11.0) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.7083) Revo Uninstaller 1.92 (Version: 1.92) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (Version: ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Mail (Version: 14.0.8117.0416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live Movie Maker (Version: 14.0.8117.0416) Windows Live Photo Gallery (Version: 14.0.8117.416) Windows Live Sign-in Assistant (Version: 5.000.818.5) Windows Live Sync (Version: 14.0.8117.416) Windows Live Upload Tool (Version: 14.0.8014.1029) Windows Live Writer (Version: 14.0.8117.0416) Windows Media Player Firefox Plugin (Version: 1.0.0.8) ========================= Devices: ================================ Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 44% Total physical RAM: 4093.98 MB Available physical RAM: 2263.57 MB Total Pagefile: 8186.15 MB Available Pagefile: 6297.36 MB Total Virtual: 4095.88 MB Available Virtual: 3958.93 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:146.02 GB) (Free:22.72 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:3.03 GB) (Free:0 GB) NTFS 3 Drive f: (TRAVELDRIVE) (Removable) (Total:0.93 GB) (Free:0.5 GB) FAT ========================= Users: ======================================== User accounts for \\CHRISTINE-PC Administrator Christine Guest ========================= Minidump Files ================================== No minidump file found **** End of log **** Doc1.pdf
  20. OK I don't know why my computer is acting weird again. I can't seem to download the program. The following message appears on bleeping computer: Downloading MiniToolBox ...MiniToolBox detects Internet connection issues due to broken or hijacked LSP, proxy settings, and problems with network adapters. It can also be used to detecte search redirections and router hijackings. I'm going to download it on my husband's computer and run it from a jump drive. I'll get right back to you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.