Jump to content

Redirects from Google to Bing... how to remove?


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I ran your 'Anti-Malware' tool, and it found 50 malware items.  I selected them all and removed them thru the tool. I'll see if this fixes the problem. If not, I'll continue following your instructions.

 

Is it likely that I still need to run Rogekiller even though I ran the Anti-Malware tool?

 

thanks!

Link to post
Share on other sites

Here's dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 1.6.0_24
Run by Rod at 14:56:26 on 2013-10-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8151.6539 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve


uProxyOverride = 127.0.0.1;*.local


uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [skyDrive] "C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CameraWatcher] C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Rod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll







TCP: NameServer = 68.94.156.1 68.94.157.1 192.168.2.1
TCP: Interfaces\{8D748199-6B6D-4285-9BE6-539F745BAC0B} : DHCPNameServer = 68.94.156.1 68.94.157.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-3 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [2013-10-22 1524824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-3 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131023.001\IDSviA64.sys [2013-10-23 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-3 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-3 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-19 202752]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-7-9 101888]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-25 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-12 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-3 144368]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-4-29 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-4-29 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-20 140376]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-25 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-25 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-25 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-15 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-10 04:11:03 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 04:11:03 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-10 04:10:18 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-10 04:10:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-10 04:10:17 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-10 04:10:17 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-10 04:10:17 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-10-10 04:10:17 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-10 04:10:17 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-10 04:10:17 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-10-10 04:10:17 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-10 04:10:17 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-10 04:05:15 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-10 04:04:13 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-10-10 04:04:11 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-10-10 04:04:11 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys
2013-10-10 04:04:11 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-10-10 03:59:11 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 03:59:11 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-10 03:59:11 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 03:59:11 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-10 03:59:11 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-10 03:59:07 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-10-10 03:59:07 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-10 03:59:07 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 03:59:07 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-10 03:56:45 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56:45 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56:44 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 03:56:43 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-09-30 04:46:26 -------- d-----w- C:\Program Files (x86)\AstroViewer 3.1.6
2013-09-30 04:46:22 -------- d-----w- C:\Users\Rod\applogs
2013-09-30 04:46:21 -------- d--h--w- C:\jexepackres
.
==================== Find3M  ====================
.
2013-10-09 18:30:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:30:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-03 20:54:25 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:56:53.02 ===============

 

 

Here's attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/29/2010 4:50:46 PM
System Uptime: 10/24/2013 11:20:28 AM (3 hours ago)
.
Motherboard: MSI |  | IONA
Processor: Intel® Core i5 CPU         750  @ 2.67GHz | CPU 1 | 2241/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 414.242 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.588 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 412.654 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 10/10/2013 10:23:48 AM - Windows Update
RP412: 10/10/2013 7:03:24 PM - Windows Backup
RP413: 10/11/2013 9:21:45 AM - Windows Backup
RP414: 10/17/2013 4:56:17 PM - Windows Backup
.
==== Installed Programs ======================
.
1999 TurboTax Deluxe
Acrobat.com
ActiveHome Pro
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AnswerWorks 5.0 English Runtime
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoStabilizer
AstroViewer 3.1.6
ATI Catalyst Install Manager
AutoHotkey 1.0.48.05
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
DVD Flick 1.3.0.7
DVD Menu Pack for HP MediaSmart Video
EPSON Printer Software
EPSON Scan
EZ AVI TO WMV Converter 3.00
Free Audio Editor
Freemake Video Converter version 4.0.2
Garmin Communicator Plugin
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greetings Workshop Deluxe
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
Intel® Rapid Storage Technology
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
LoiLoFit for Everio
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton PC Checkup
Picasa 3
PictureMover
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
PlayReady PC Runtime amd64
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Speckie
State CD Installer
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHTTrack Website Copier 3.47-25
.
==== Event Viewer Messages From Past Week ========
.
10/21/2013 9:35:30 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/20/2013 9:33:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
10/20/2013 9:33:59 PM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

I'll run roguekiller next...

thanks
 

Link to post
Share on other sites

Here's the roguekiller log:

 

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rod [Admin rights]
Mode : Scan -- Date : 10/24/2013 15:05:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4474 : wscript.exe - C:\Users\Rod\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD6400AAKS-65A7B2 +++++
--- User ---
[MBR] 7315dbd11841a5dc85f64cbe3df995a4
[bSP] 8ae862a0b6374b1e6fda923e1cdc1aa5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 599154 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1227274240 | Size: 11224 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate Expansion USB Device +++++
--- User ---
[MBR] e589a1f85fcf1299813034176481fdda
[bSP] 519f8ecaf09809bc9d258d3ab4cdf7db : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10242013_150543.txt >>

 

thanks

Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[V2][ROGUE ST] 4474 : wscript.exe - C:\Users\Rod\AppData\Local\Temp\launchie.vbs //B -> FOUND


Now click Delete on the right hand column under Options

-------------

Next.......


Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Here's the AdwCleaner.txt file:

 

# AdwCleaner v3.010 - Report created 24/10/2013 at 16:27:11
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rod - ROD-PC
# Running from : C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ3LD591\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Rod\AppData\Local\Conduit
Folder Deleted : C:\Users\Rod\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rod\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\searchplugins\SweetIm.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v

[ File : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\prefs.js ]

Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "eBay");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v

[ File : C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [9091 octets] - [24/10/2013 16:24:58]
AdwCleaner[s0].txt - [8559 octets] - [24/10/2013 16:27:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8619 octets] ##########

 

I'm running the next steps now...

thanks again

Link to post
Share on other sites

Ran the anti-malware and got 0 issues to fix. Here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Rod :: ROD-PC [administrator]

10/24/2013 4:43:34 PM
mbam-log-2013-10-24 (16-43-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229378
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

I'll see how the computer acts for a day or so and report back.

Thank you MrC!

Link to post
Share on other sites

What browsers are affected?

-----------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I'm running IE rev10 (the only browser I use).

 

I'm using Norton IS. I disabled the Antivirus Auto Protect and the Smart Firewall before running ComboFix, but I still got an error msg from ComboFix saying that Norton IS anti-virus was still active. I ignored that msg and continued running ComboFix.

 

Here's the ComboFix log file:

 

ComboFix 13-10-26.01 - Rod 10/26/2013  12:47:37.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8151.6322 [GMT -7:00]
Running from: c:\users\Rod\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rod\AppData\Local\Temp\_MEI18042\_ctypes.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_elementtree.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_hashlib.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_multiprocessing.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_socket.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_ssl.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\msvcp100.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\msvcr100.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\pyexpat.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\pysqlite2._sqlite.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\python27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\pythoncom27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\PyWinTypes27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\select.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\unicodedata.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32api.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32com.shell.shell.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32crypt.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32event.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32file.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32inet.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32pdh.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32process.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32profile.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32security.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32ts.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\windows._cacheinvalidation.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._controls_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._core_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._gdi_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._html2.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._misc_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._windows_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._wizard.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxbase294u_net_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxbase294u_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_adv_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_core_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_html_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_webview_vc90.dll
K:\Autorun.inf
K:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-26 to 2013-10-26  )))))))))))))))))))))))))))))))
.
.
2013-10-24 23:24 . 2013-10-24 23:27 -------- d-----w- C:\AdwCleaner
2013-10-10 04:11 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 04:11 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 04:10 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 04:10 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 04:10 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 04:10 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 04:10 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 04:10 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 04:10 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 04:10 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 04:10 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 04:10 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 04:05 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 04:04 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-10 04:04 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 04:04 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 04:04 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 03:59 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 03:59 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 03:59 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-10 03:59 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-10 03:59 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 03:59 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 03:59 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-10 03:59 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-10-10 03:59 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-10-10 03:56 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 03:56 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-09-30 04:46 . 2013-09-30 04:46 -------- d-----w- c:\program files (x86)\AstroViewer 3.1.6
2013-09-30 04:46 . 2013-09-30 04:46 -------- d-----w- c:\users\Rod\applogs
2013-09-30 04:46 . 2013-09-30 05:47 -------- d-----w- C:\jexepackres
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 17:27 . 2010-03-14 15:26 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 18:30 . 2012-08-13 20:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:30 . 2012-08-13 20:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-29 01:48 . 2013-10-10 03:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-11 18:02 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-03 20:54 . 2011-04-28 02:55 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-02 02:14 . 2013-09-11 17:59 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 17:59 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 17:59 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 17:59 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 17:59 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 17:59 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 17:59 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 17:59 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-26 20133824]
"SkyDrive"="c:\users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CameraWatcher"="c:\program files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe" [2012-12-03 127616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 18:30]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2013-10-23 c:\windows\Tasks\HPCeeScheduleForRod.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\progra~2\COMMON~1\X10\Common\X10nets.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2013-10-26  13:06:51 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-26 20:06
.
Pre-Run: 446,072,623,104 bytes free
Post-Run: 453,368,717,312 bytes free
.
- - End Of File - - 1A8582EEFE5682412FF706A578C02362
 

Link to post
Share on other sites

Please run this tool:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Then.......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

Hi MrC,

Ran Junkware and Farbar... below are the log files requested. These programs are deleting lots of stuff every time I run them.... eventually will have an empty disk? ;-)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Home Premium x64

Ran by Rod on Sun 10/27/2013 at 14:33:40.16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-258491159-1904954851-485267930-1000\Software\SweetIM

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{304C37D7-8F7F-467E-A258-D9E2F6532F09}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rod\appdata\local\cre"

Successfully deleted: [Folder] "C:\Program Files (x86)\blekkotb_soc"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0132476F-BD32-4361-9F6C-118DB8D0DC4F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{02903055-4759-4721-99B6-0F3B831499C6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{04A732C9-2F8F-4264-8BD3-5CF3D8B7F973}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{05EAAC1A-F551-4A28-BF6C-0F3F20261CCF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0891D2EB-C51D-4153-BB9C-72F1D276EDA3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0B438A1B-E9CD-4E25-B97D-57A4791EB24C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0B6E9CF0-3D81-4DD9-A6DC-4D5C4615AC54}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0BFCEEBE-9F1E-406E-84DE-C2791658649F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0C803BE5-FF42-47DB-9400-D7477AE4F048}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0D1F95D7-EBAA-4EDA-8A71-40F04F244A78}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0D8C4599-2DA3-416F-A964-78323EA78D83}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0EA69A6C-68C7-437B-9C7D-86D90505A49B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0F7EA539-31AA-4A1B-AD3D-20C700660FC6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1010FF76-ACCC-4117-95CE-4680BC325468}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{10504BBF-E7B6-4FBE-B184-3DCDDF066818}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1085BA11-F4DF-43DF-AB57-628922CBAFF0}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1108F550-2EA1-43B6-9DD5-CFF0A211B09A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{118C348B-1AC9-4915-9391-C228C5E657E4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{12207147-EA4F-43C4-A5A6-6622F8569B9E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{128511F5-F927-4D3D-B4CC-62DD7DFDA83A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{156C3FC0-E910-49BF-A0F9-37C5142AD31B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{16F063B7-0D6D-4332-97A7-A4A2D2E688CB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{179FC270-EF2F-4E21-9436-80E7BCD08699}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1885A28B-F880-4CB3-9955-F29EC52D672E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{190CBEAA-B769-4B08-A477-84CB73B6EE06}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1970D9CC-85D6-4162-8DAF-6E2D6A2A2883}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{19B3287B-B3E2-4F74-BF74-5917E7E4BFE6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{19E4BE97-1344-4EF1-B154-25879D02BF59}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1AAC006B-F75D-406D-84C2-2659B9C38AEE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1B34BFA9-5F91-4288-B342-2D4C5CA48059}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E30B820-5E42-4983-A051-F9A3ACA1C2BA}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E933123-79F0-4C33-A549-23BC7B971CDD}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E9DBCF5-ADB6-4C7F-A12D-3FC6B3EE0D42}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1EF89541-05A8-47BF-8EFD-963944B1981F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1F36441A-084A-4D0A-8D74-982AA0A880D4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{22CBC1DD-CE8A-4622-A6C4-FB2B258A22FC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2349BD81-102C-4183-AD8F-B8B82F33CB72}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2397BA29-9095-4874-87E4-5902C923DFB7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{24CD50F7-68E2-460E-B085-BDFA31E9C180}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2521C232-5B9C-4064-A4F0-02E6330C635D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{26998F56-0B9D-4549-9648-7FAF51DE6E85}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{26FCAB85-0112-4021-A654-9A774837D623}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{28F135B4-D17F-4D80-B85A-090BDE3ACB94}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{294A917D-9638-47D1-B055-37699061C9DB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{29D18CE8-551B-4A96-86A3-3BC6C43106F6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2AC08D9D-F8D8-4E20-8D7A-17100A44A0F4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C1E430F-8B92-48FC-A7E7-90B994F37FEE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C37DE4F-D2A2-4E34-BC0C-396205FB5D60}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C70149C-2444-444E-8EC9-E10C8A5CE895}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3045836A-0433-499D-AE76-5D8022F7D41D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{30CF9A46-FE59-46DA-8BDD-1DF915CD6276}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{320F834E-AA73-4CEE-98FF-B1AC585FB7CF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{321B26B6-0521-43BF-A360-67F5D6366DB3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{35B828D6-E75C-4CC3-983E-EEC4F9C97C58}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{38B2BF0A-B7C8-437C-A100-43B0300F0BC7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3934EB3B-CAC5-4ACE-8C05-81275558442F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3A0A92F4-EF95-40B6-9423-F01C26D9D4E7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3A3FE5B1-3F25-410E-949B-693330B06A4D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3CB9CFF2-F9FE-4A19-B9FB-58C4D821CFC8}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3CC121B2-18C1-4B23-9261-DC224DD7610C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3D056EF2-3116-4BDB-83E2-4855B32B4772}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3FD044F5-6819-4C05-9128-87D56E675255}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{426F7113-E4F7-4D3E-8AE9-1A9FEC7143C7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{42C9A654-5969-4ACE-B8D6-27AA23381788}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{43751ABB-F461-479D-ACB8-F3216CCE1614}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{43A03238-021A-4E71-A3AB-BC6A74988FCE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4589A85A-45C1-4904-92AB-0694B6DCFDE2}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{462CE750-3AF1-4724-A98E-003DD429529B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{46B66A5D-8AF2-440B-9E7F-F4287B2E52EB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{47B36D44-36CB-424A-B929-C3DA19C3DC94}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{47E96FCE-785D-4FE2-A22A-4094E79CB455}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4833CE9C-E79B-4D27-88E6-161E986C73FF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{499E37F8-9D77-47DA-A95F-313FB404233C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4A689ABF-2FAD-4DFA-82A0-F1ACE9BF5951}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4BAD59AC-F390-46F7-979B-171E4A7BE04B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D0F1BD0-036B-4AEA-B134-DAE14295FED5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D1FBD1B-F05D-4349-A9EF-F32DAC724434}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D9816CE-2D90-4976-A62F-1A09F2A3E627}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4DA4A2C9-D684-4068-8CC6-8F1D8DD668E2}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4DF65B4B-3DFD-4E32-BE2D-0E11A7FC94AE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4E72136C-B3DE-4564-BA30-864360D759CF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4E8EF5D7-E5E7-4B15-83DC-F81312D6CB09}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4EC5880F-B8D7-4AB0-A741-21DFDF987A32}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4F626357-02A0-4242-800D-6D381284180B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4FBFEF82-FB6F-4A8C-B576-36CD2BA897E1}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5033AFDE-8145-4E17-A085-FECCA85B9EC4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{510BE715-063F-4734-8FFA-4033239068F5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5182F327-A593-4B8A-88D1-07D47AD88E0D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{534705A5-DF42-49C9-A82E-69D2207295B0}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{551D3FB6-0948-484A-8847-23A0FADEDDB1}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5634543B-A43C-49F3-A902-D1066F2B84F5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{58E6E4FC-7EB1-46E0-A43E-785108826DEB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5995E44F-C2B2-4C30-8284-83043ECD13EC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5AE53548-B85A-451A-8A7B-2E1E5397AF02}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5EC01AEC-D640-4F4E-9417-F04A965EFF86}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5F2A0EB8-74BC-45EF-914F-2518C36C279D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{606A0A96-DCF2-405E-84D7-1237AA5AE45C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{61089489-A70C-4167-8C7A-521D38770FBE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{611DEBF5-43ED-40BA-80A6-3C9BA65FEA66}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{62652E11-0741-4306-A3CB-DB1FCCDEDD06}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{62C38279-1A9F-40B3-9597-4C61E58842D0}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{633B27FD-D015-4923-97DA-0B78A0402176}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{63558679-392A-4978-91C6-D02A4A2B5CD5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{637D989C-179E-4D95-B357-25F3BB384E81}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{653B6E03-388B-4D71-BC2B-28340B519954}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6565A4A4-9B7D-40B3-9E5F-10AF2F6822AF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6667A3F6-4099-41AC-94F1-59525B2508D5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{680C79E8-5D20-463C-97C6-498F96AA8D2A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{68C5D4E7-1BBD-43F8-84BE-CBE166165BE3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{690BA7F9-D65A-4BF2-9120-5DA8853D0727}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{69708CE5-A05F-4A32-9391-91826A6B1226}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{69A9883E-ABAE-435E-86B5-6479D44580A9}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6ADAA0A2-4F02-4A8B-8F86-7D936A2350FB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6BF6F890-85AE-48BC-9CAA-AB9803233811}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6C79E2B2-3AC8-40F9-8973-572F5FA14272}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6DF061D8-FDC1-44DC-BFFA-0F7EDB528355}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6E26D64D-C24D-40FF-A81C-8209D946AD93}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6EDD33C7-238C-4AD6-9ABB-85CEF771485A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6F7A380E-93EE-4DB4-9A95-313E0CE73B67}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{702840BB-4F31-4511-8685-C67C26B7E4E6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7077BEAF-03D3-4831-BEA3-AA52E222C027}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{714B2844-5F86-40EE-94C8-153D3906991A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7170AA21-6EC9-4123-B1F0-9328DA59EF84}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{717F83C7-3587-4823-811F-195398B91D10}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7234CF76-A631-4C7B-AC11-96A667E9DF29}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{725EE5F6-F06C-45D9-AECD-C52178D58473}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{73BCF4A9-0689-4DB4-A628-373942D66B0B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{76999D6F-F330-4C7C-A3FC-056A7999DA3A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{773DE077-9A8F-4E08-AE3A-344A6D9A724E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7864F14D-7DCF-4CAD-9A4F-F61A0C6E5371}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7872357B-F91A-4F5F-BED4-9FBB8ABEF313}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7A5FBBC7-92C0-40C2-818D-2EA3085F82BC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7A93D2D6-8D05-4110-B254-1DD69B468335}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7AC25824-B218-494C-9BE6-2DAB0C02F7E5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7B0761DA-3ED5-4EEA-8191-3E08B64AAB8A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7CA85AE4-65D2-42AE-864E-92D46E7F625C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8024B156-FA93-4DAA-BE3D-65BB422EF91B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8070170D-5274-4B2A-A75C-454DEE96CDD4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{80BDE78C-F2FA-48D5-B3F7-F6D7E79742D3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{824DD9A1-E59F-4518-B14A-8BDFF7D78DAF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{85E599D0-44A3-4AB6-9443-3CF757A74F1B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8663C72C-D101-4A0B-9CE1-66506A2F8495}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{86992090-B79D-40E7-AACC-64A5AD6E5E71}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{86C82073-7D8A-458B-A7C5-06E4C0F9756B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{87C8703C-7B09-4A75-8EC6-F2F0BC7D0C00}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{880CA162-4B2F-4673-93BA-9ACD9CF2AA60}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{88F45DC3-6517-4F7B-93DA-688968C64823}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8D660505-FF00-48E1-AAC2-0916D46E92AF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8E2EB1EF-6620-4D86-8EB3-5E71880E72A9}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8F7ABC8C-8DF2-44DA-992A-D1D06ED0972B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{90246D95-DCC5-4E0E-BBF4-6AD90A1C3E32}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{940683AF-422F-430A-9605-3D699E4FD9F4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{95A6559B-60CF-4AF5-9EE7-A47F08489FBE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{97C41076-0FA6-4E66-9D2B-5C767F79CBB7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9A9A2D6F-7064-4589-9F97-38325FEE31DB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9B5061CE-D4EB-4FE4-A5FE-722D5BEA9284}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9D02072C-8764-4966-A7DB-F5D7DE10567B}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9E5D10CD-60C9-4607-A833-03078D6A9889}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A2386F52-DBE9-4CE5-8D87-BFDAB23A5B74}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A3812BE8-607E-40F6-9797-F820441B6ECF}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A3EB9C81-45B2-4E8C-9AFF-A95212AB85E0}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A4CDC9D2-003D-41D3-AC74-7579DCB649EA}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A58FD94A-F1BD-4820-B20F-5A1EDE345541}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A62B1FFF-5E1F-472F-95D3-D962A4F50B5A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A74E48FC-E537-423F-B55F-4BE5BAE119FA}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A7A69878-5D9F-4F1B-8F65-0BB02C29A019}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A7E3C68A-7236-4F57-9BFB-D10F23EE1673}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A8ADA1C2-1E62-4BE1-A9D6-5714ACA9FACE}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AAD48490-6BD1-47DD-AA86-38E33047FF85}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{ACB3A9EF-415E-4CE8-B2D0-B187EE6BD11A}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AD752904-3D95-4363-90D6-9A81E552DE9D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AE065EE4-F3B2-4300-8BA8-7E0622300BE2}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AE1C369A-9592-4728-AEB5-798118A56644}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AFBD84F5-CCE7-4E4F-8A96-4FA62F03B4D3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AFD3F717-9A62-44CC-A895-C98D57D25E48}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B04B2EE9-1923-4FFC-A622-9F37C004EB92}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B0FF49C7-F087-4090-8206-8DCAD5FFE28C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B2B391F4-0C3A-4363-94C0-094C0BB3F17C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B65E783E-76F3-4DB4-BE7B-C036A3CA987E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B6C87DAE-D3FD-4ECD-BD20-D77CF7A1965E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B9B4D4CF-3083-4356-94AE-07B6B2F202B4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B9FF2858-04C1-4735-A2B3-DB9111F004DB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BB54A0D5-25BA-4554-94E8-C03B84F611B2}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BDB398F7-66A3-49CB-B30E-365F9BE9D1E3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BE065D13-3F08-43D2-B107-E02CA31125F4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BF9FD2DA-74E8-4261-B599-5338668AC398}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C228A794-3FEA-493F-B610-914423FF23C5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C26AACA6-AF4A-4E63-B23D-0D751F59FBB2}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C45A6E4A-C9CA-43A2-986A-10E70680FF8F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C6995E60-2D7E-4AE0-B499-A037EFAEE6DC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C6F9512F-FDBB-4F7D-85F5-7061F167F61F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C70A0BF9-0F51-4312-9ECB-DC6008F20016}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C7205AF5-D9DF-4EB3-9A47-82CA19B6DCB9}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C76A700A-8811-44E8-B2A9-71BE43157111}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C858C2C2-2BF4-4839-BEB2-D491B5D4972D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C9E7477E-8D35-4D1F-99CA-8B30D8D01C47}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CA7EFEC0-E0D2-4E44-B887-D719C9EB4995}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CBC2BC0B-BF11-4C5B-BE6A-3EC2FB3AC622}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CCDEB23D-9661-4DF5-BB9C-62196BCF65FA}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CD7737F7-E542-4FD8-B231-AEC69CB61753}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CE5F9371-176F-49EF-9C5F-A9F2E5C2DCC0}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CEA05E90-7126-4A9E-B942-E037572EEA74}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CF1EF994-C4DA-42D2-97A4-AB48349E3067}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CF5BBF03-AB78-4F76-8EC9-ADE3CDC393E1}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D193CB00-E35E-4F58-BC20-5A317052D13F}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D287EFC0-FE81-4A9F-B63D-64352C4854A4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D2CCCFE2-7241-4C41-BFE3-605FD1EE4B50}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D31443CA-15CC-40EF-B853-FCDFFF553C15}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D33D71AA-3289-4D7D-B25D-38F7726C04B8}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D6B15EA1-B24D-4244-B115-01DE2748104C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D8E37565-CBEE-407E-A1E4-34FD232B6EC4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D942F228-DDF6-41F9-9D80-C8F8EBA487A6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D96E121B-6A6B-432A-BEE8-1EC68CA63A91}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D990E0F9-2FF6-425D-9294-84F8B507BBE1}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DA61376B-193A-45B8-8C45-870772F393FC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DCF312AF-C0EB-44DD-A6AA-E4D753C59D43}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DF5F015D-7A51-4150-A6BF-0DE96C7D51AB}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E0275985-992A-49D6-A34C-5E66F21321FC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E09274CB-F9D1-425F-BACE-DBC940AA4478}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E0AD11AD-E6C2-4CB6-8272-5D25F0A6D843}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E16915C9-CD0C-4968-89B9-6D479E5CD02D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E34A4FB3-3603-4260-A4CA-7F38F00750A4}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E3B11394-43B3-44BF-8250-BB454A811C10}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E46CB90F-505C-469A-A1A0-2C4D80228252}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5566B2B-189B-447A-AFB3-94AD1D6D7875}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5A39662-AD93-4224-99F5-B6E07999DB25}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5A83C6A-1D1F-4A93-9EE1-5004ADFDA29D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E6C210BA-9CA1-46FB-B15B-CEFE87D9499C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E8EDD0F3-A5F6-4976-B5C1-394FF2D5B1A6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E9437F96-E4A0-4AA9-AFEA-87F3FB2962D5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E9A915F6-DA82-4812-90CF-8B8326EFE097}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EAE78E46-5AF9-4EEF-941E-9E9B70ADF50C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EAF9946B-84FE-444D-B345-1D632CF9D47D}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EBBF6015-125B-4E58-A307-8C10852F1A3E}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EBE7FF93-B514-46E3-88BA-643129E95D95}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EDEF6EC9-B051-4297-A620-891975B04141}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EE84E5F9-07FF-436F-883B-5EFE793914F3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EE861835-688A-45F6-9556-B4951BC7AB51}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EEB667A0-86C0-470B-96AD-992FAB7B4344}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EED320AA-E8FD-4662-80E4-EFE9593F5347}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EF784EF1-79B6-4713-8F9D-C3049ACFC944}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F10C51C5-D5AB-4967-A264-63C044D8ECE7}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F48F28E1-79E5-4228-8D5A-BB93E9B74230}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4B3F9AF-D6B2-4B29-A278-85ABCD5130EC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4C07802-454A-44AC-801E-EB8EFBF798E3}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4E12255-4A63-40EC-95D5-9D36B4F3113C}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F67EB8E3-7D48-459D-B6F9-7137CA17D7CC}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F85BA75A-19EA-4153-BAE4-6909983E9D41}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FA05D937-883E-48A7-A190-F97558E52A81}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FC1FCFAE-5F32-4A65-B947-3B29593786B5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FCDADD6C-AD76-4147-BC74-6432F3F33EA5}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FDD02793-44FB-43E8-B863-7624848D3EF6}

Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FDDF2865-47B0-4311-9711-AA5EBA829855}

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rod\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 10/27/2013 at 14:39:41.82

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01

Ran by Rod (administrator) on ROD-PC on 27-10-2013 14:43:52

Running from C:\Users\Rod\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(X10) C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe

() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()

HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)

HKCU\...\Run: [skyDrive] - C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-27] (Google Inc.)

HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CameraWatcher] - C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [127616 2012-12-03] (LoiLo inc)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL =

SearchScopes: HKCU - {A149123D-8E6D-4971-AA25-7C7C9C0E9895} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130414,19890,0,18,0

SearchScopes: HKCU - {F96EB706-85D5-4933-85D8-A5D48E85422A} URL =

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.2.1

FireFox:

========

FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default

FF SelectedSearchEngine: Bing

FF DefaultSearchEngine: Bing

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Rod\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Rod\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Extension: Autofill Forms - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\Extensions\autofillForms@blueimp.net

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\

Chrome:

=======

CHR DefaultSearchURL: (Bing) - http://www.google.com

CHR DefaultSuggestURL: (Bing) - "suggest_url": ""

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Norton Identity Protection) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0

CHR Extension: (Gmail) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Rod\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-05] (Freemake)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [177080 2011-12-16] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe [20480 2010-11-01] (X10)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131026.007\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131026.007\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-03] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-27 14:43 - 2013-10-27 14:43 - 00000000 ____D C:\FRST

2013-10-27 14:42 - 2013-10-27 14:43 - 01956442 _____ (Farbar) C:\Users\Rod\Desktop\FRST64.exe

2013-10-27 14:39 - 2013-10-27 14:39 - 00028064 _____ C:\Users\Rod\Desktop\JRT.txt

2013-10-27 14:33 - 2013-10-27 14:33 - 00000000 ____D C:\Windows\ERUNT

2013-10-27 14:32 - 2013-10-27 14:33 - 01033335 _____ (Thisisu) C:\Users\Rod\Desktop\JRT.exe

2013-10-26 13:06 - 2013-10-26 13:06 - 00032899 _____ C:\ComboFix.txt

2013-10-26 12:45 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-26 12:45 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-26 12:45 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-26 12:45 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-26 12:45 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-26 12:45 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-26 12:45 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-26 12:45 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-26 12:36 - 2013-10-26 13:06 - 00000000 ____D C:\Qoobox

2013-10-26 12:34 - 2013-10-26 12:35 - 05136694 ____R (Swearware) C:\Users\Rod\Desktop\ComboFix.exe

2013-10-24 16:24 - 2013-10-24 16:27 - 00000000 ____D C:\AdwCleaner

2013-10-24 16:22 - 2013-10-24 16:22 - 00002947 _____ C:\Users\Rod\Desktop\RKreport[0]_D_10242013_162241.txt

2013-10-24 16:20 - 2013-10-24 16:20 - 00002840 _____ C:\Users\Rod\Desktop\RKreport[0]_S_10242013_162038.txt

2013-10-24 16:19 - 2013-10-24 16:22 - 00000000 ____D C:\Users\Rod\Desktop\RK_Quarantine

2013-10-23 17:23 - 2013-10-27 14:40 - 00000594 _____ C:\Users\Rod\Desktop\Redirects from Google to Bing... how to remove - Malware Removal Help - Malwarebytes Forum.website

2013-10-23 16:57 - 2013-10-23 16:57 - 00001001 _____ C:\Windows\IE11_main.log

2013-10-21 16:48 - 2013-10-21 16:48 - 00000413 _____ C:\Users\Rod\Desktop\Utah Ski & Snow Report OnTheSnow.com.website

2013-10-10 10:33 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-10 10:33 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-10 10:33 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-10 10:33 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 10:33 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 10:33 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 10:33 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 10:33 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 10:33 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 10:33 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-10 10:33 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 10:33 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 21:11 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 21:11 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 21:10 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 21:10 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 21:10 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 21:10 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 21:10 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 21:10 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 21:10 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 21:10 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 21:10 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 21:10 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 21:05 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 21:04 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 21:04 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 21:04 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 21:04 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 20:59 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 20:59 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 20:59 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 20:59 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 20:59 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 20:59 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 20:59 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 20:59 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 20:59 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 20:58 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 20:58 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 20:58 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 20:58 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 20:58 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 20:58 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 20:58 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 20:58 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 20:58 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 20:58 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 20:58 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 20:58 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 20:58 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 20:58 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 20:58 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 20:58 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 20:56 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 20:56 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 20:56 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 20:56 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 13:51 - 2013-10-09 13:51 - 00000451 _____ C:\Users\Rod\Desktop\Recessed Lights Are Evil Structure Tech Home Inspections.website

2013-10-06 20:42 - 2013-10-23 16:14 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRod

2013-10-06 20:42 - 2013-10-23 16:14 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRod.job

2013-09-29 21:46 - 2013-09-29 22:47 - 00000000 ____D C:\jexepackres

2013-09-29 21:46 - 2013-09-29 21:46 - 00000042 _____ C:\Users\Rod\AstroViewer 3.1.6-Path

2013-09-29 21:46 - 2013-09-29 21:46 - 00000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6

==================== One Month Modified Files and Folders =======

2013-10-27 14:43 - 2013-10-27 14:43 - 00000000 ____D C:\FRST

2013-10-27 14:43 - 2013-10-27 14:42 - 01956442 _____ (Farbar) C:\Users\Rod\Desktop\FRST64.exe

2013-10-27 14:43 - 2012-05-11 11:04 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job

2013-10-27 14:40 - 2013-10-23 17:23 - 00000594 _____ C:\Users\Rod\Desktop\Redirects from Google to Bing... how to remove - Malware Removal Help - Malwarebytes Forum.website

2013-10-27 14:40 - 2010-01-25 20:46 - 01839612 _____ C:\Windows\WindowsUpdate.log

2013-10-27 14:39 - 2013-10-27 14:39 - 00028064 _____ C:\Users\Rod\Desktop\JRT.txt

2013-10-27 14:35 - 2012-01-27 15:07 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-27 14:35 - 2012-01-27 15:07 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-27 14:33 - 2013-10-27 14:33 - 00000000 ____D C:\Windows\ERUNT

2013-10-27 14:33 - 2013-10-27 14:32 - 01033335 _____ (Thisisu) C:\Users\Rod\Desktop\JRT.exe

2013-10-27 14:32 - 2012-08-13 13:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-27 14:30 - 2012-05-11 11:04 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job

2013-10-26 16:33 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-26 16:33 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-26 16:26 - 2013-07-31 21:09 - 00000000 ___RD C:\Users\Rod\SkyDrive

2013-10-26 16:25 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-26 16:25 - 2009-07-13 21:51 - 00061258 _____ C:\Windows\setupact.log

2013-10-26 13:07 - 2010-01-29 18:18 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{23DA1583-211A-4322-84B9-9F42DF081FB5}

2013-10-26 13:06 - 2013-10-26 13:06 - 00032899 _____ C:\ComboFix.txt

2013-10-26 13:06 - 2013-10-26 12:36 - 00000000 ____D C:\Qoobox

2013-10-26 13:02 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini

2013-10-26 13:01 - 2010-01-29 20:17 - 01152234 _____ C:\Windows\PFRO.log

2013-10-26 13:00 - 2012-06-29 10:26 - 00000000 ____D C:\Windows\erdnt

2013-10-26 12:35 - 2013-10-26 12:34 - 05136694 ____R (Swearware) C:\Users\Rod\Desktop\ComboFix.exe

2013-10-24 16:27 - 2013-10-24 16:24 - 00000000 ____D C:\AdwCleaner

2013-10-24 16:22 - 2013-10-24 16:22 - 00002947 _____ C:\Users\Rod\Desktop\RKreport[0]_D_10242013_162241.txt

2013-10-24 16:22 - 2013-10-24 16:19 - 00000000 ____D C:\Users\Rod\Desktop\RK_Quarantine

2013-10-24 16:20 - 2013-10-24 16:20 - 00002840 _____ C:\Users\Rod\Desktop\RKreport[0]_S_10242013_162038.txt

2013-10-23 16:57 - 2013-10-23 16:57 - 00001001 _____ C:\Windows\IE11_main.log

2013-10-23 16:31 - 2013-06-11 23:12 - 00001649 _____ C:\Users\Rod\Desktop\Slickdeals.net.website

2013-10-23 16:14 - 2013-10-06 20:42 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRod

2013-10-23 16:14 - 2013-10-06 20:42 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRod.job

2013-10-21 16:48 - 2013-10-21 16:48 - 00000413 _____ C:\Users\Rod\Desktop\Utah Ski & Snow Report OnTheSnow.com.website

2013-10-20 16:37 - 2007-12-10 08:46 - 00000000 ____D C:\Users\Rod\Documents\receipts

2013-10-16 16:42 - 2011-08-16 11:56 - 00000000 ____D C:\Program Files (x86)\Greetings Workshop

2013-10-14 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-10-11 14:30 - 2012-01-27 15:07 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-11 14:30 - 2012-01-27 15:07 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-10 11:21 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-10 11:15 - 2009-07-13 21:45 - 05046688 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 11:14 - 2012-05-15 22:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 11:14 - 2012-05-15 22:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 10:29 - 2013-08-14 06:12 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 10:27 - 2010-03-14 08:26 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 19:49 - 2012-10-22 19:18 - 00000000 ____D C:\Users\Rod\Documents\olives

2013-10-09 19:20 - 2010-01-31 10:02 - 00032480 _____ C:\Users\Rod\AppData\Roaming\wklnhst.dat

2013-10-09 19:18 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-09 13:51 - 2013-10-09 13:51 - 00000451 _____ C:\Users\Rod\Desktop\Recessed Lights Are Evil Structure Tech Home Inspections.website

2013-10-09 11:30 - 2012-08-13 13:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 11:30 - 2012-08-13 13:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 11:30 - 2012-08-13 13:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 08:50 - 2012-05-11 11:04 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA

2013-10-09 08:50 - 2012-05-11 11:04 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core

2013-10-07 20:44 - 2013-09-26 10:28 - 00000537 _____ C:\Users\Rod\Desktop\El Dorado County Fire Safe Council Chipper Program.website

2013-10-06 20:38 - 2011-10-31 08:59 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-10-06 20:38 - 2010-02-06 11:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-10-06 20:36 - 2010-02-06 11:12 - 00000000 ____D C:\Users\Rod\AppData\Roaming\HpUpdate

2013-10-06 20:36 - 2010-02-06 11:12 - 00000000 ____D C:\Users\Rod\AppData\Roaming\HP Support Assistant

2013-10-06 13:26 - 2013-02-13 17:27 - 00222208 ___SH C:\Users\Rod\Desktop\Thumbs.db

2013-09-30 10:43 - 2010-01-29 20:20 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2013-09-29 22:47 - 2013-09-29 21:46 - 00000000 ____D C:\jexepackres

2013-09-29 21:46 - 2013-09-29 21:46 - 00000042 _____ C:\Users\Rod\AstroViewer 3.1.6-Path

2013-09-29 21:46 - 2013-09-29 21:46 - 00000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6

2013-09-29 21:46 - 2010-01-29 17:50 - 00000000 ____D C:\Users\Rod

2013-09-28 20:51 - 2006-10-13 11:54 - 00000000 ____D C:\Users\Rod\Documents\TurboTax

2013-09-28 17:50 - 2013-03-14 22:25 - 00000584 _____ C:\Users\Rod\Desktop\bA.website

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-14 17:34

==================== End Of Log ============================

Link to post
Share on other sites

... and here's the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2013 01

Ran by Rod at 2013-10-27 14:44:20

Running from C:\Users\Rod\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

1999 TurboTax Deluxe (x32)

Acrobat.com (x32 Version: 2.0.0)

Acrobat.com (x32 Version: 2.0.0.0)

ActiveHome Pro (x32)

Adobe AIR (x32 Version: 3.3.0.3670)

Adobe Community Help (x32 Version: 3.4.980)

Adobe Download Assistant (x32 Version: 1.2.1)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

AnswerWorks 5.0 English Runtime (x32 Version: 008.000.0003)

Apple Application Support (x32 Version: 2.2.2)

Apple Mobile Device Support (Version: 6.0.0.59)

Apple Software Update (x32 Version: 2.1.3.127)

ArcSoft VideoStabilizer (x32)

AstroViewer 3.1.6 (x32)

ATI Catalyst Install Manager (Version: 3.0.765.0)

AutoHotkey 1.0.48.05 (x32 Version: 1.0.48.05)

Bonjour (Version: 3.0.0.10)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429)

Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984)

Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984)

CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984)

CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984)

CCC Help Czech (x32 Version: 2010.0310.1823.32984)

CCC Help Danish (x32 Version: 2010.0310.1823.32984)

CCC Help Dutch (x32 Version: 2010.0310.1823.32984)

CCC Help English (x32 Version: 2010.0310.1823.32984)

CCC Help Finnish (x32 Version: 2010.0310.1823.32984)

CCC Help French (x32 Version: 2010.0310.1823.32984)

CCC Help German (x32 Version: 2010.0310.1823.32984)

CCC Help Greek (x32 Version: 2010.0310.1823.32984)

CCC Help Hungarian (x32 Version: 2010.0310.1823.32984)

CCC Help Italian (x32 Version: 2010.0310.1823.32984)

CCC Help Japanese (x32 Version: 2010.0310.1823.32984)

CCC Help Korean (x32 Version: 2010.0310.1823.32984)

CCC Help Norwegian (x32 Version: 2010.0310.1823.32984)

CCC Help Polish (x32 Version: 2010.0310.1823.32984)

CCC Help Portuguese (x32 Version: 2010.0310.1823.32984)

CCC Help Russian (x32 Version: 2010.0310.1823.32984)

CCC Help Spanish (x32 Version: 2010.0310.1823.32984)

CCC Help Swedish (x32 Version: 2010.0310.1823.32984)

CCC Help Thai (x32 Version: 2010.0310.1823.32984)

CCC Help Turkish (x32 Version: 2010.0310.1823.32984)

ccc-core-static (x32 Version: 2010.0310.1824.32984)

ccc-utility64 (Version: 2010.0310.1824.32984)

Cisco Connect (x32 Version: 1.4.11299.0)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)

CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)

DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224)

EPSON Printer Software (x32)

EPSON Scan (x32)

EZ AVI TO WMV Converter 3.00 (x32)

Free Audio Editor (x32)

Freemake Video Converter version 4.0.2 (x32 Version: 4.0.2)

Garmin Communicator Plugin (x32 Version: 2.9.3)

Garmin USB Drivers (x32 Version: 2.3.0.0)

GIMP 2.6.11 (x32 Version: 2.6.11)

Google Chrome (HKCU Version: 30.0.1599.101)

Google Drive (x32 Version: 1.12.5329.1887)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

Greetings Workshop Deluxe (x32)

Hardware Diagnostic Tools (Version: 6.0.5247.34)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

HP Advisor (x32 Version: 3.3.9512.3162)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Games (x32 Version: 1.0.0.71)

HP MediaSmart Demo (x32 Version: 1.00.0000)

HP MediaSmart DVD (x32 Version: 3.1.3317)

HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)

HP MediaSmart SmartMenu (Version: 3.1.0.1)

HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.2.0)

HP Odometer (x32 Version: 2.10.0000)

HP Product Detection (x32 Version: 11.14.0001)

HP Remote Solution (x32 Version: 1.1.11.0)

HP Remote Solution (x32 Version: 1.1.12.0)

HP Setup (x32 Version: 1.2.3560.3170)

HP Support Assistant (x32 Version: 7.0.39.15)

HP Support Information (x32 Version: 10.1.0002)

HP Update (x32 Version: 5.001.000.014)

HydraVision (x32 Version: 4.2.162.0)

Intel® Rapid Storage Technology (x32 Version: 0.0.0.0000)

iTunes (Version: 10.7.0.21)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java 6 Update 24 (x32 Version: 6.0.240)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LabelPrint (x32 Version: 2.5.2017)

LightScribe System Software (x32 Version: 1.18.9.1)

LoiLoFit for Everio (x32 Version: 1.1.0.4)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Mesh Runtime (x32 Version: 15.4.5722.2)

Messenger Companion (x32 Version: 15.4.3502.0922)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Live Search Toolbar (x32 Version: 3.0.566.0)

Microsoft Money Plus (x32 Version: 17)

Microsoft Money Shared Libraries (x32 Version: 17.0.0.3817)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Student 60 day trial

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Works (x32 Version: 9.7.0621)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)

MobileMe Control Panel (Version: 3.1.6.0)

Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Norton Internet Security (x32 Version: 20.4.0.40)

Norton PC Checkup (x32 Version: 2.0.8.13)

Picasa 3 (x32 Version: 3.9)

PictureMover (x32 Version: 3.3.1.19)

PL-2303 USB-to-Serial (x32 Version: 1.6.1)

PL-2303 Vista Driver Installer (x32 Version: 3.2.0.0)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Power2Go (x32 Version: 6.0.3304)

PowerDirector (x32 Version: 7.0.3503)

QuickTime (x32 Version: 7.72.80.56)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.5938)

Recovery Manager (x32 Version: 5.5.2216)

Safari (x32 Version: 5.34.57.2)

Speckie (Version: 4.6.1)

State CD Installer (x32)

TurboTax 2008 (x32)

TurboTax 2008 wcaiper (x32 Version: 008.000.0141)

TurboTax 2008 WinPerFedFormset (x32 Version: 008.000.0341)

TurboTax 2008 WinPerProgramHelp (x32 Version: 008.000.0219)

TurboTax 2008 WinPerReleaseEngine (x32 Version: 008.000.0197)

TurboTax 2008 WinPerTaxSupport (x32 Version: 008.000.1007)

TurboTax 2008 WinPerUserEducation (x32 Version: 008.000.0433)

TurboTax 2008 wrapper (x32 Version: 008.000.0065)

TurboTax 2009 (x32)

TurboTax 2009 wcaiper (x32 Version: 009.000.0862)

TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2068)

TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328)

TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0238)

TurboTax 2009 wrapper (x32 Version: 009.000.0145)

TurboTax 2010 (x32)

TurboTax 2010 wcaiper (x32 Version: 010.000.1291)

TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4012)

TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0457)

TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0213)

TurboTax 2010 wrapper (x32 Version: 010.000.0157)

TurboTax 2011 (x32)

TurboTax 2011 wcaiper (x32 Version: 011.000.1647)

TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)

TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474)

TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)

TurboTax 2011 wrapper (x32 Version: 011.000.0121)

TurboTax 2012 (x32 Version: 2012.0)

TurboTax 2012 wcaiper (x32 Version: 012.000.1430)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083)

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)

TurboTax 2012 wrapper (x32 Version: 012.000.0127)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Sync (x32 Version: 14.0.8117.416)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinHTTrack Website Copier 3.47-25 (x32 Version: 3.47.25)

==================== Restore Points =========================

11-10-2013 02:03:24 Windows Backup

11-10-2013 16:21:45 Windows Backup

17-10-2013 23:56:17 Windows Backup

24-10-2013 22:00:21 Windows Backup

26-10-2013 19:45:51 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-10-26 13:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12C2C225-3674-4718-933F-9E7BCA5A23CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)

Task: {1F50D571-634F-437F-95D4-B92461F38F94} - System32\Tasks\HPCeeScheduleForRod => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {20A724DF-8C72-44E7-A910-1775B5312033} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {266EF29C-4EA0-4B55-B365-73C4C2344C0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {28D4650C-1ECA-4B3B-941B-6ACA980747F5} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2009-10-16] (CyberLink)

Task: {46B5C39B-2249-456E-BFA2-CDB7F4E3D52E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: {5351CDC0-6F88-4E37-8035-BCAB4863B153} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {5C9B4931-C807-4A69-9776-F61168E208A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)

Task: {5E0BDD27-C4AC-40AF-A3D7-7ABA7A6C366F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)

Task: {667114E1-700F-42C8-A727-D31F34217CE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {687E08AC-BA3A-46D5-AB3C-7EF07B47F834} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)

Task: {717DC58D-35A4-4528-8F56-A6073E6C4074} - System32\Tasks\{E64FD8D5-CD50-48A9-BDA7-7730DBF1BD52} => C:\Program Files (x86)\Greetings Workshop\GWORKSHP.EXE [1997-09-04] (Microsoft Corporation)

Task: {800EB260-4DFB-4CA3-AC13-4C1EE1EC9947} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {854E48CF-A87A-45F5-B0DC-65146F4B2B07} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)

Task: {89816AB0-1A6C-4E71-A02D-011B369D2692} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {8ED1838F-E835-4CC5-B639-624A4C35D83F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)

Task: {A053A87A-D841-4807-B5E5-7BC84454A304} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {A9871C55-1BC7-4D51-A75C-265679FDC169} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {AB71AA2A-17DC-48D3-AC00-6280912AF2C6} - System32\Tasks\{3D877E01-1DA1-4B63-983F-AFA50BADAB21} => C:\Program Files (x86)\Greetings Workshop\GWORKSHP.EXE [1997-09-04] (Microsoft Corporation)

Task: {B76C6C11-C1B8-47D9-B6D5-DD4509C9F3B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {BCE4181E-5510-4744-8B26-DE04B57422C7} - System32\Tasks\Wake from sleep to allow backup to run => C:\Windows\System32\cmd.exe [2010-11-20] (Microsoft Corporation)

Task: {C088419A-D34E-46D4-8122-179B6993C472} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {C55CF134-69A3-438D-B620-A71042F32DEB} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)

Task: {D28DAEA8-FA4D-4FDC-B575-52C43E30846E} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: {D8EA9286-5E81-43EA-8DD5-A5EE9958EB4E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {E2C0C30D-DCDB-4C81-B922-FF0AADA05DB8} - System32\Tasks\0 => Iexplore.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForRod.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-01-12 12:49 - 2010-01-12 12:49 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-04-19 16:28 - 2010-04-19 16:28 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-01-25 20:49 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-08-03 13:53 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2013-10-26 16:26 - 2013-10-26 16:26 - 00098816 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32api.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00110080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pywintypes27.dll

2013-10-26 16:26 - 2013-10-26 16:26 - 00364544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pythoncom27.dll

2013-10-26 16:26 - 2013-10-26 16:26 - 00044032 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_socket.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 01153024 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_ssl.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00320512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32com.shell.shell.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00711680 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_hashlib.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 01175040 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._core_.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00805888 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._gdi_.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00811008 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._windows_.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 01062400 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._controls_.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00735232 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._misc_.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00128512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_elementtree.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00127488 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pyexpat.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00557056 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pysqlite2._sqlite.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00087040 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_ctypes.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00119808 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32file.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00108544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32security.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00018432 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32event.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00038912 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32inet.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00122368 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._wizard.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00686080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\unicodedata.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00026624 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_multiprocessing.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00070656 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._html2.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00010240 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\select.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00025600 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32pdh.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00504832 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\windows._cacheinvalidation.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00011264 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32crypt.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00035840 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32process.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00017408 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32profile.pyd

2013-10-26 16:26 - 2013-10-26 16:26 - 00022528 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32ts.pyd

2013-04-30 14:17 - 2012-12-03 15:15 - 00098816 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\utilities.dll

2013-04-30 14:17 - 2012-12-03 15:14 - 01232896 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\engine.dll

2013-04-30 14:17 - 2012-12-03 15:15 - 00944640 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\dshowclr.dll

2013-04-30 14:17 - 2012-12-03 15:12 - 00068608 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\libfaac.dll

2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

2010-03-28 20:27 - 2010-03-28 20:27 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll

2010-03-28 20:33 - 2010-03-28 20:33 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2010-01-29 22:13 - 2010-01-29 22:13 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

2010-01-29 22:13 - 2010-01-29 22:13 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2011-02-24 16:47 - 2011-02-24 16:47 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1199024146

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1281883083

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1311186388

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1466045147

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1685777236

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1720082124

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1869029213

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1906245416

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-192533794

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1982198405

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2017081152

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2037786822

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2048273700

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-38676482

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-421526977

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-439897091

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-554076300

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-621745151

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-855272957

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-930550220

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1011927409

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1072496595

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1176049765

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1229667437

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1234290272

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1312209046

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon136752147

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1426825318

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1445086109

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1521100236

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1541856723

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1754125435

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1842706869

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1966160405

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon2018853945

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon2030952181

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon285004404

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon295755063

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon475311918

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon495669110

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon527236506

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon538427941

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon673004040

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon705215877

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon709783530

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon868748329

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon937242754

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_0favicon1754125435

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_1favicon-1262590054

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_2favicon-6677892

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_3favicon-1230576159

AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_4favicon332028261

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2013-10-26 12:59:36.997

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-26 12:59:36.826

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-26 12:59:36.670

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-26 12:59:36.498

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-29 10:33:31.317

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-29 10:33:31.270

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 25%

Total physical RAM: 8151.08 MB

Available physical RAM: 6089.3 MB

Total Pagefile: 16300.34 MB

Available Pagefile: 13335.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:585.11 GB) (Free:421.83 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.96 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (GREETINGSWP) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS

Drive k: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:432.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=585 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: D801BC14)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hi MrC,

 

   Here's the fixlog.txt....thanks again

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Rod at 2013-10-28 16:25:12 Run:1
Running from C:\Users\Rod\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...lts/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
FF SelectedSearchEngine: Bing
FF DefaultSearchEngine: Bing
CHR DefaultSearchURL: (Bing) - http://www.google.com
CHR DefaultSuggestURL: (Bing) - "suggest_url": ""
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
CHR DefaultSearchURL: (Bing) - http://www.google.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Bing) - "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====

Link to post
Share on other sites

Hi MrC,

 

  I've been surfing for a few hours today, and haven't seen any redirects yet. Probably should watch it for a while more before we claim victory ;-) 

 

  Do you think FRST was the tool that fixed it?

 

  How do I reduce the chance that I get this 'bug' again. I hate to have to call you guys every few months to fix this problem...

 

thanks again

Link to post
Share on other sites

Do you think FRST was the tool that fixed it?

Yes

How do I reduce the chance that I get this 'bug' again. I hate to have to call you guys every few months to fix this problem...

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Hi MrC,

 

  Here's the checkup.txt output:

 

 Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 24 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player 11.9.900.117 
 Adobe Reader XI 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.