Another Scorpion Saver Problem

LuLu79 · November 28, 2013

I see I'm not the only person with this issue haha. Uninstalled it twice. Malwarebytes scan comes up clean (so far). Ran AdwCleaner and need advice on what's ok to delete and what's not. So here is my AdwCleaner log. Any help would greatly appreciated. Thanks!

# AdwCleaner v3.013 - Report created 28/11/2013 at 14:11:05
# Updated 24/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Leann79 - MINE
# Running from : C:\Users\Leann79\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Leann79\AppData\Roaming\Mozilla\Firefox\Profiles\j92in1kj.default\user.js
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Leann79\AppData\Local\Conduit
Folder Found C:\Users\Leann79\AppData\LocalLow\Conduit
Folder Found C:\Users\Leann79\AppData\Roaming\Searchprotect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16442

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Leann79\AppData\Roaming\Mozilla\Firefox\Profiles\j92in1kj.default\prefs.js ]

Line Found : user_pref("CT3306061.FF19Solved", "true");
Line Found : user_pref("CT3306061.UserID", "UN31385047812014422");
Line Found : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3306061.fullUserID", "UN31385047812014422.IN.20131126223618");
Line Found : user_pref("CT3306061.installDate", "26/11/2013 22:36:27");
Line Found : user_pref("CT3306061.installSessionId", "{427F185B-B951-4036-8366-7540B0E8A830}");
Line Found : user_pref("CT3306061.installSp", "TRUE");
Line Found : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3306061.keyword", "true");
Line Found : user_pref("CT3306061.originalHomepage", "about:home");
Line Found : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Found : user_pref("CT3306061.originalSearchEngine", "");
Line Found : user_pref("CT3306061.originalSearchEngineName", "");
Line Found : user_pref("CT3306061.searchRevert", "true");
Line Found : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Found : user_pref("CT3306061.searchUserMode", "2");
Line Found : user_pref("CT3306061.smartbar.homepage", "true");
Line Found : user_pref("CT3306061.toolbarInstallDate", "26-11-2013 22:36:18");
Line Found : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3306061.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");

Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.machineId", "NQHVK2+PSOU8R81IL6VUWEQUVZKB0GAYC9O0OUH8NNKA0PXQJR74KQ5JXTZPNLJ3GEHDTEXRB5AD6BDHOSJO3W");

*************************

AdwCleaner[R0].txt - [5024 octets] - [28/11/2013 14:11:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5084 octets] ##########

MrCharlie · November 28, 2013

Welcome to the forum.

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

LuLu79 · November 28, 2013

Well Windows told me it's preventing me from running Farbar... :unsure:

MrCharlie · November 28, 2013

What does it say??? MrC

LuLu79 · November 28, 2013

Here's a screen shot.

MrCharlie · November 28, 2013

http://www.howtogeek.com/75356/

Please turn it off....MrC

LuLu79 · November 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Leann79 (administrator) on MINE on 28-11-2013 15:46:15
Running from C:\Users\Leann79\Desktop\malware stuff
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKCU\...\Run: [Power2GoExpress8] - NA
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-27] (RealNetworks, Inc.)
Startup: C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {46A54124-F3B1-473D-B778-42CD7942B181} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {46A54124-F3B1-473D-B778-42CD7942B181} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN18236870221173229&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {46A54124-F3B1-473D-B778-42CD7942B181} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN18236870221173229&UM=2
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Leann79\AppData\Roaming\Mozilla\Firefox\Profiles\j92in1kj.default
FF user.js: detected! => C:\Users\Leann79\AppData\Roaming\Mozilla\Firefox\Profiles\j92in1kj.default\user.js
FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\Windows\SysWow64\atiesrxx.exe [0 2013-10-28] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
R2 RealPlayer Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1418336 2013-11-27] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
R2 Spooler; C:\Windows\SysWow64\spoolsv.exe [0 2013-10-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-11] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-11] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130827.001\IDSvia64.sys [520280 2013-08-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130828.002\ENG64.SYS [126040 2013-06-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130828.002\EX64.SYS [2098776 2013-06-22] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST
2013-11-28 15:09 - 2013-11-28 15:46 - 00000000 ____D C:\Users\Leann79\Desktop\malware stuff
2013-11-28 14:21 - 2013-11-28 14:21 - 00005184 _____ C:\Users\Leann79\Desktop\AdwCleaner[R0].txt
2013-11-28 14:11 - 2013-11-28 14:12 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:10 - 2013-11-28 14:10 - 01091882 _____ C:\Users\Leann79\Downloads\AdwCleaner.exe
2013-11-27 20:44 - 2013-11-27 22:11 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 20:44 - 2013-11-27 22:11 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2013-11-27 13:12 - 2013-11-27 13:12 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-11-27 13:10 - 2013-11-27 13:10 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-27 13:09 - 2013-11-27 13:12 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-27 13:09 - 2013-11-27 13:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-27 13:08 - 2013-11-27 13:12 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Real
2013-11-27 13:04 - 2013-11-27 13:13 - 00000000 ____D C:\ProgramData\Real
2013-11-27 13:03 - 2013-11-27 13:03 - 00833232 _____ (RealNetworks, Inc.) C:\Users\Leann79\Downloads\RealPlayerCloud.exe
2013-11-26 22:40 - 2013-11-26 22:47 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-26 22:39 - 2013-11-26 22:39 - 00000000 ____D C:\Users\Leann79\Documents\Video Download Capture
2013-11-26 22:37 - 2013-11-26 23:14 - 00000000 ____D C:\ProgramData\Conduit
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-26 22:36 - 2013-11-26 22:48 - 00000000 ____D C:\Users\Leann79\AppData\Local\Conduit
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\SearchProtect
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Apowersoft
2013-11-26 22:35 - 2013-11-26 22:37 - 00000009 _____ C:\END
2013-11-26 20:49 - 2013-11-26 21:48 - 00000000 ____D C:\Users\Leann79\Documents\flashgot
2013-11-26 20:44 - 2013-11-26 21:00 - 00000000 ____D C:\Users\Leann79\dwhelper
2013-11-26 11:42 - 2013-11-26 11:42 - 00000017 _____ C:\Users\Leann79\AppData\Local\resmon.resmoncfg
2013-11-18 21:33 - 2013-11-19 09:24 - 00021647 _____ C:\Users\Leann79\Desktop\letter.odt
2013-11-18 13:21 - 2013-11-18 14:00 - 00000000 ____D C:\Users\Leann79\Desktop\NSB 11-16&17-13
2013-11-18 12:21 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 09:53 - 2013-11-12 10:08 - 689242729 _____ C:\Users\Leann79\Downloads\Bill Ted's Excellent Halloween Adventure 2013 HHN Orlando.wmv
2013-11-06 20:04 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-11-06 20:04 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-11-06 20:04 - 2013-08-16 00:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-06 20:04 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-11-06 20:04 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-11-06 20:04 - 2013-08-16 00:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-06 20:04 - 2013-08-16 00:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-06 20:04 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-06 20:04 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-11-06 20:04 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-11-06 20:04 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-11-06 20:04 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-11-06 20:04 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-11-06 20:00 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-11-06 20:00 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-11-06 20:00 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-11-06 20:00 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-11-06 20:00 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-11-06 20:00 - 2013-07-05 19:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-06 20:00 - 2013-07-02 19:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-06 20:00 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-06 20:00 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-11-06 20:00 - 2013-07-02 19:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-06 20:00 - 2013-07-02 19:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-06 20:00 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-06 20:00 - 2013-07-02 19:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-11-06 20:00 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-11-06 20:00 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-11-06 20:00 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-11-06 20:00 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-11-06 20:00 - 2013-06-29 00:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-11-06 20:00 - 2013-06-28 20:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-06 20:00 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-11-06 20:00 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-11-06 20:00 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-06 20:00 - 2013-06-24 17:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-11-06 20:00 - 2013-06-24 17:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-11-06 20:00 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-11-06 20:00 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-11-06 20:00 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-11-06 20:00 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-11-06 20:00 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-11-06 20:00 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-11-06 20:00 - 2013-06-10 16:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-06 20:00 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-06 20:00 - 2013-06-10 14:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-06 20:00 - 2013-06-10 14:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-06 20:00 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-06 20:00 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-06 20:00 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-06 20:00 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-06 19:57 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-11-06 19:57 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-11-06 19:57 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-11-06 19:57 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-11-06 19:57 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-11-06 19:57 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-11-06 19:57 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-06 19:57 - 2013-08-02 01:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-06 19:57 - 2013-08-02 00:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-06 19:57 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-06 19:57 - 2013-07-30 18:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-06 19:57 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-11-06 19:57 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-11-06 19:57 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-11-06 19:57 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 08147408 _____ (GoldWave Inc.) C:\Users\Leann79\Downloads\gwave569.exe
2013-11-04 19:54 - 2013-11-04 19:55 - 00000000 ____D C:\Users\Leann79\Desktop\mp3s
2013-10-30 11:29 - 2013-10-30 11:29 - 480527953 _____ C:\Windows\MEMORY.DMP
2013-10-30 11:29 - 2013-10-30 11:29 - 00307728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 11:29 - 2013-10-30 11:29 - 00280400 _____ C:\Windows\Minidump\103013-45942-01.dmp
2013-10-30 11:29 - 2013-10-30 11:29 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-11-28 15:46 - 2013-11-28 15:09 - 00000000 ____D C:\Users\Leann79\Desktop\malware stuff
2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST
2013-11-28 15:07 - 2013-06-22 23:44 - 01413519 _____ C:\Windows\WindowsUpdate.log
2013-11-28 15:05 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-28 14:21 - 2013-11-28 14:21 - 00005184 _____ C:\Users\Leann79\Desktop\AdwCleaner[R0].txt
2013-11-28 14:12 - 2013-11-28 14:11 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:10 - 2013-11-28 14:10 - 01091882 _____ C:\Users\Leann79\Downloads\AdwCleaner.exe
2013-11-28 12:40 - 2013-06-22 23:03 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C01DD041-F99A-4ABA-9CDC-092B722CDADD}
2013-11-27 22:11 - 2013-11-27 20:44 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 22:11 - 2013-11-27 20:44 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 20:48 - 2012-07-26 02:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 20:44 - 2013-07-11 18:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-27 20:42 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 20:41 - 2012-08-03 17:23 - 00026544 _____ C:\Windows\PFRO.log
2013-11-27 20:18 - 2013-10-28 15:21 - 00824362 _____ C:\Users\Leann79\AppData\Local\census.cache
2013-11-27 20:18 - 2013-10-28 15:20 - 00071461 _____ C:\Users\Leann79\AppData\Local\ars.cache
2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2013-11-27 18:59 - 2013-06-27 21:49 - 00000000 ____D C:\Users\Leann79\AppData\Local\CrashDumps
2013-11-27 18:59 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-27 13:13 - 2013-11-27 13:04 - 00000000 ____D C:\ProgramData\Real
2013-11-27 13:12 - 2013-11-27 13:12 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2013-11-27 13:12 - 2013-11-27 13:09 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-27 13:12 - 2013-11-27 13:08 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Real
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-11-27 13:10 - 2013-11-27 13:10 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-27 13:09 - 2013-04-09 05:37 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-11-27 13:09 - 2013-04-09 05:37 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-11-27 13:03 - 2013-11-27 13:03 - 00833232 _____ (RealNetworks, Inc.) C:\Users\Leann79\Downloads\RealPlayerCloud.exe
2013-11-26 23:39 - 2013-06-23 18:56 - 00000000 ____D C:\Users\Leann79\Desktop\pics
2013-11-26 23:22 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-26 23:20 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-26 23:16 - 2013-06-23 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-26 23:14 - 2013-11-26 22:37 - 00000000 ____D C:\ProgramData\Conduit
2013-11-26 22:48 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Local\Conduit
2013-11-26 22:47 - 2013-11-26 22:40 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-26 22:47 - 2013-06-22 23:03 - 00000000 ___RD C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 22:39 - 2013-11-26 22:39 - 00000000 ____D C:\Users\Leann79\Documents\Video Download Capture
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-26 22:37 - 2013-11-26 22:35 - 00000009 _____ C:\END
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\SearchProtect
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Apowersoft
2013-11-26 21:48 - 2013-11-26 20:49 - 00000000 ____D C:\Users\Leann79\Documents\flashgot
2013-11-26 21:00 - 2013-11-26 20:44 - 00000000 ____D C:\Users\Leann79\dwhelper
2013-11-26 20:44 - 2013-06-22 22:57 - 00000000 ____D C:\Users\Leann79
2013-11-26 11:42 - 2013-11-26 11:42 - 00000017 _____ C:\Users\Leann79\AppData\Local\resmon.resmoncfg
2013-11-20 12:40 - 2013-07-11 20:26 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Audacity
2013-11-19 20:28 - 2013-07-11 18:23 - 00000000 ____D C:\Users\Leann79\AppData\Local\Adobe
2013-11-19 09:24 - 2013-11-18 21:33 - 00021647 _____ C:\Users\Leann79\Desktop\letter.odt
2013-11-18 14:08 - 2013-06-22 23:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985080136-288465935-3181643373-1002
2013-11-18 14:00 - 2013-11-18 13:21 - 00000000 ____D C:\Users\Leann79\Desktop\NSB 11-16&17-13
2013-11-18 13:22 - 2013-06-22 22:59 - 00000000 ____D C:\Users\Leann79\AppData\Local\VirtualStore
2013-11-18 12:22 - 2013-11-18 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 10:08 - 2013-11-12 09:53 - 689242729 _____ C:\Users\Leann79\Downloads\Bill Ted's Excellent Halloween Adventure 2013 HHN Orlando.wmv
2013-11-06 20:26 - 2013-06-22 23:03 - 00000000 ___RD C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-06 20:19 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-11-06 20:13 - 2013-07-30 11:43 - 00000000 ____D C:\Windows\system32\MRT
2013-11-06 19:44 - 2013-06-27 17:46 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForLeann79.job
2013-11-05 12:46 - 2013-06-27 17:46 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLeann79
2013-11-05 11:13 - 2013-11-05 11:13 - 08147408 _____ (GoldWave Inc.) C:\Users\Leann79\Downloads\gwave569.exe
2013-11-04 19:55 - 2013-11-04 19:54 - 00000000 ____D C:\Users\Leann79\Desktop\mp3s
2013-11-04 14:04 - 2013-06-22 22:59 - 00000000 ____D C:\Users\Leann79\AppData\Local\Packages
2013-11-01 11:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-10-30 11:29 - 2013-10-30 11:29 - 480527953 _____ C:\Windows\MEMORY.DMP
2013-10-30 11:29 - 2013-10-30 11:29 - 00307728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 11:29 - 2013-10-30 11:29 - 00280400 _____ C:\Windows\Minidump\103013-45942-01.dmp
2013-10-30 11:29 - 2013-10-30 11:29 - 00000000 ____D C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Leann79\AppData\Local\Temp\BackupSetup.exe
C:\Users\Leann79\AppData\Local\Temp\lowproc.exe
C:\Users\Leann79\AppData\Local\Temp\stubhelper.dll
C:\Users\Leann79\AppData\Local\Temp\tbConn.dll
C:\Users\Leann79\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2013-10-28 14:49] - [2013-10-28 14:49] - 0000000 ____A ()

C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-14 20:38

==================== End Of Log ============================

LuLu79 · November 28, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Leann79 at 2013-11-28 15:48:04
Running from C:\Users\Leann79\Desktop\malware stuff
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0806.1156.19437)
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink LabelPrint (x32 Version: 2.5.3.5901)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.6.6119)
D3DX10 (x32 Version: 15.4.2368.0902)
Energy Star (Version: 1.0.8)
Farm Frenzy (x32 Version: 2.2.0.98)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
FlatOut 2 (x32 Version: 2.2.0.98)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.1.0)
HP Games (x32 Version: 1.0.3.0)
HP MyRoom (x32 Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.32.44)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.5.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Luxor Evolved (x32 Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)
Norton Internet Security (x32 Version: 20.4.0.40)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Peggle Nights (x32 Version: 2.2.0.98)
Penguins! (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)
RealDownloader (x32 Version: 1.5.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer Cloud (x32 Version: 17.0.2)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.29025)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roads of Rome 3 (x32 Version: 2.2.0.98)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.6.1.3)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update Installer for WildTangent Games App (x32)
UpdateService (x32 Version: 1.0.0)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

05-11-2013 02:30:59 Scheduled Checkpoint
18-11-2013 20:59:03 Scheduled Checkpoint
27-11-2013 03:54:55 Removed ScorpionSaver
28-11-2013 18:52:02 Removed ScorpionSaver Services

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {017CD777-8E1B-4549-AE23-E415CEAEE0FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {05D7231D-F241-436A-9A32-C3EB09009F0D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {0711A890-0ED6-4ABB-81F0-5118926D558D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {22C76C91-84D1-4F52-B0CC-F96EC37C48D0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {332301B3-18BF-40DF-A6CB-EFD9A81CF7CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {7564E9C5-F4AC-4BD6-9BFA-86E4098D31F1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {8E4260D7-959F-4BAC-BC80-4DA0757E84DA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {A1CAEB10-CA19-4214-AA95-F52ED1AE4F79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {B0B5BC65-94C4-427E-93C2-908D60F7F579} - System32\Tasks\HPCeeScheduleForLeann79 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D408DAB0-87F3-4379-9311-F6C8B24093EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E30BFEA8-E812-4E52-A1FE-25AEA71A7D3E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {E835AFBD-F6B5-4864-BC44-4DEEFACFC3A8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {FB1A14FB-F871-4BCB-86A9-D79D1DFD05D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {FEBC5303-2858-43A1-9279-EA7318BFC705} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\HPCeeScheduleForLeann79.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 14:08 - 2012-08-06 14:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 13:54 - 2012-08-06 13:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-27 20:44 - 2013-11-27 14:31 - 02241536 _____ () C:\Program Files\AVAST Software\Avast\defs\13112702\algo.dll
2013-11-28 14:19 - 2013-11-28 03:30 - 02241536 _____ () C:\Program Files\AVAST Software\Avast\defs\13112800\algo.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00857184 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-25 14:38 - 2013-10-25 14:38 - 00026760 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2013-06-24 10:22 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-06-27 20:08 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-18 12:21 - 2013-11-18 12:22 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2013 01:53:21 PM) (Source: Microsoft-Windows-RestartManager) (User: mine)
Description: Application or service 'AdpeakProxy' could not be restarted.

Error: (11/27/2013 06:59:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: WWAHost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
Faulting module name: atidxx64.dll, version: 8.17.10.451, time stamp: 0x501a0655
Exception code: 0xc0000005
Fault offset: 0x00000000000747db
Faulting process id: 0x12b8
Faulting application start time: 0xWWAHost.exe0
Faulting application path: WWAHost.exe1
Faulting module path: WWAHost.exe2
Report Id: WWAHost.exe3
Faulting package full name: WWAHost.exe4
Faulting package-relative application ID: WWAHost.exe5

Error: (11/27/2013 00:13:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0x12ec
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:13:00 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:05:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: mine)
Description: App 57AB5DD0.PhotoEditor_6hb943tstq5q8!App did not launch within its allotted time.

Error: (11/27/2013 00:05:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xdec
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:05:10 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:00:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xa44
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:00:55 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 11:58:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xe7c
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

System errors:
=============
Error: (11/27/2013 08:41:34 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 11:22:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 11:16:30 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 10:52:54 PM) (Source: Service Control Manager) (User: )
Description: The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/26/2013 10:52:34 PM) (Source: Service Control Manager) (User: )
Description: The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/06/2013 08:23:42 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/06/2013 07:46:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (11/06/2013 07:44:05 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/05/2013 11:21:13 AM) (Source: DCOM) (User: mine)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}mineLeann79S-1-5-21-985080136-288465935-3181643373-1002LocalHost (Using LRPC)32015mccalla.SoundEditor_1.0.0.16_neutral__1yb35n8phzzdwS-1-15-2-2452985986-4061832970-717633340-628614022-3896883838-2632444459-3154671889

Error: (11/05/2013 11:21:13 AM) (Source: DCOM) (User: mine)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}mineLeann79S-1-5-21-985080136-288465935-3181643373-1002LocalHost (Using LRPC)32015mccalla.SoundEditor_1.0.0.16_neutral__1yb35n8phzzdwS-1-15-2-2452985986-4061832970-717633340-628614022-3896883838-2632444459-3154671889

Microsoft Office Sessions:
=========================
Error: (11/28/2013 01:53:21 PM) (Source: Microsoft-Windows-RestartManager)(User: mine)
Description: 0AdpeakProxy.exeAdpeakProxy03026217818640

Error: (11/27/2013 06:59:29 PM) (Source: Application Error)(User: )
Description: WWAHost.exe6.2.9200.16420505a9152atidxx64.dll8.17.10.451501a0655c000000500000000000747db12b801ceebcc6f3787e7C:\Windows\System32\WWAHost.exeC:\Windows\System32\atidxx64.dllf37f6dbc-57bf-11e3-be91-2c59e5a2398bwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (11/27/2013 00:13:00 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c12ec01ceeb92d80ef91dC:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll2a9945c7-5787-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:13:00 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:05:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: mine)
Description: 57AB5DD0.PhotoEditor_6hb943tstq5q8!App

Error: (11/27/2013 00:05:10 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811cdec01ceeb9240687780C:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll12413bdc-5786-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:05:10 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:00:56 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ca4401ceeb91f8b98fe5C:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll7ab763de-5785-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:00:55 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 11:58:55 AM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ce7c01ceeb91a669450dC:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll32fedf06-5785-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3682.26 MB
Available physical RAM: 2176.94 MB
Total Pagefile: 4450.26 MB
Available Pagefile: 2894.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.93 GB) (Free:220.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type
==================== End Of Log ============================

MrCharlie · November 28, 2013

I'm sorry.....please run AdwCleaner and delete all of that.

Then re-scan with FRST and post the new log.

MrC

LuLu79 · November 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Leann79 (administrator) on MINE on 28-11-2013 16:07:53
Running from C:\Users\Leann79\Desktop\malware stuff
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKCU\...\Run: [Power2GoExpress8] - NA
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-27] (RealNetworks, Inc.)
Startup: C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {46A54124-F3B1-473D-B778-42CD7942B181} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN18236870221173229&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Leann79\AppData\Roaming\Mozilla\Firefox\Profiles\j92in1kj.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\Windows\SysWow64\atiesrxx.exe [0 2013-10-28] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
R2 RealPlayer Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1418336 2013-11-27] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
R2 Spooler; C:\Windows\SysWow64\spoolsv.exe [0 2013-10-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-11] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-11] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130827.001\IDSvia64.sys [520280 2013-08-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130828.002\ENG64.SYS [126040 2013-06-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130828.002\EX64.SYS [2098776 2013-06-22] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-28 16:07 - 2013-11-28 16:07 - 00005168 _____ C:\Users\Leann79\Desktop\AdwCleaner[s0]1.txt
2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST
2013-11-28 15:09 - 2013-11-28 16:07 - 00000000 ____D C:\Users\Leann79\Desktop\malware stuff
2013-11-28 14:21 - 2013-11-28 14:21 - 00005184 _____ C:\Users\Leann79\Desktop\AdwCleaner[R0].txt
2013-11-28 14:11 - 2013-11-28 16:01 - 00000000 ____D C:\AdwCleaner
2013-11-27 20:44 - 2013-11-27 22:11 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 20:44 - 2013-11-27 22:11 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2013-11-27 13:12 - 2013-11-27 13:12 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-11-27 13:10 - 2013-11-27 13:10 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-27 13:09 - 2013-11-27 13:12 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-27 13:09 - 2013-11-27 13:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-27 13:08 - 2013-11-27 13:12 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Real
2013-11-27 13:04 - 2013-11-27 13:13 - 00000000 ____D C:\ProgramData\Real
2013-11-27 13:03 - 2013-11-27 13:03 - 00833232 _____ (RealNetworks, Inc.) C:\Users\Leann79\Downloads\RealPlayerCloud.exe
2013-11-26 22:39 - 2013-11-26 22:39 - 00000000 ____D C:\Users\Leann79\Documents\Video Download Capture
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Apowersoft
2013-11-26 20:49 - 2013-11-26 21:48 - 00000000 ____D C:\Users\Leann79\Documents\flashgot
2013-11-26 20:44 - 2013-11-26 21:00 - 00000000 ____D C:\Users\Leann79\dwhelper
2013-11-26 11:42 - 2013-11-26 11:42 - 00000017 _____ C:\Users\Leann79\AppData\Local\resmon.resmoncfg
2013-11-18 21:33 - 2013-11-19 09:24 - 00021647 _____ C:\Users\Leann79\Desktop\letter.odt
2013-11-18 13:21 - 2013-11-18 14:00 - 00000000 ____D C:\Users\Leann79\Desktop\NSB 11-16&17-13
2013-11-18 12:21 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 09:53 - 2013-11-12 10:08 - 689242729 _____ C:\Users\Leann79\Downloads\Bill Ted's Excellent Halloween Adventure 2013 HHN Orlando.wmv
2013-11-06 20:04 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-11-06 20:04 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-11-06 20:04 - 2013-08-16 00:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-06 20:04 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-11-06 20:04 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-11-06 20:04 - 2013-08-16 00:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-06 20:04 - 2013-08-16 00:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-06 20:04 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-06 20:04 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-11-06 20:04 - 2013-08-15 17:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-06 20:04 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-11-06 20:04 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-11-06 20:04 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-11-06 20:04 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-11-06 20:04 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-11-06 20:00 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-11-06 20:00 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-11-06 20:00 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-11-06 20:00 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-11-06 20:00 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-11-06 20:00 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-11-06 20:00 - 2013-07-05 19:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-06 20:00 - 2013-07-02 19:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-06 20:00 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-06 20:00 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-11-06 20:00 - 2013-07-02 19:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-06 20:00 - 2013-07-02 19:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-06 20:00 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-06 20:00 - 2013-07-02 19:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-11-06 20:00 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-11-06 20:00 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-11-06 20:00 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-11-06 20:00 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-11-06 20:00 - 2013-06-29 00:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-11-06 20:00 - 2013-06-28 20:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-06 20:00 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-11-06 20:00 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-11-06 20:00 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-06 20:00 - 2013-06-24 17:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-11-06 20:00 - 2013-06-24 17:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-11-06 20:00 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-11-06 20:00 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-11-06 20:00 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-11-06 20:00 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-11-06 20:00 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-11-06 20:00 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-11-06 20:00 - 2013-06-10 16:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-06 20:00 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-06 20:00 - 2013-06-10 14:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-06 20:00 - 2013-06-10 14:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-06 20:00 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-06 20:00 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-06 20:00 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-06 20:00 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-06 19:57 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-11-06 19:57 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-11-06 19:57 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-11-06 19:57 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-11-06 19:57 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-11-06 19:57 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-11-06 19:57 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-11-06 19:57 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-11-06 19:57 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-06 19:57 - 2013-08-02 01:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-06 19:57 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-06 19:57 - 2013-08-02 00:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-06 19:57 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-06 19:57 - 2013-07-30 18:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-06 19:57 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-11-06 19:57 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-11-06 19:57 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-11-06 19:57 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 08147408 _____ (GoldWave Inc.) C:\Users\Leann79\Downloads\gwave569.exe
2013-11-04 19:54 - 2013-11-04 19:55 - 00000000 ____D C:\Users\Leann79\Desktop\mp3s
2013-10-30 11:29 - 2013-10-30 11:29 - 480527953 _____ C:\Windows\MEMORY.DMP
2013-10-30 11:29 - 2013-10-30 11:29 - 00307728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 11:29 - 2013-10-30 11:29 - 00280400 _____ C:\Windows\Minidump\103013-45942-01.dmp
2013-10-30 11:29 - 2013-10-30 11:29 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-11-28 16:07 - 2013-11-28 16:07 - 00005168 _____ C:\Users\Leann79\Desktop\AdwCleaner[s0]1.txt
2013-11-28 16:07 - 2013-11-28 15:09 - 00000000 ____D C:\Users\Leann79\Desktop\malware stuff
2013-11-28 16:04 - 2013-07-11 18:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-28 16:03 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 16:02 - 2012-08-03 17:23 - 00026960 _____ C:\Windows\PFRO.log
2013-11-28 16:01 - 2013-11-28 14:11 - 00000000 ____D C:\AdwCleaner
2013-11-28 16:01 - 2013-06-22 23:44 - 01421642 _____ C:\Windows\WindowsUpdate.log
2013-11-28 16:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST
2013-11-28 14:21 - 2013-11-28 14:21 - 00005184 _____ C:\Users\Leann79\Desktop\AdwCleaner[R0].txt
2013-11-28 12:40 - 2013-06-22 23:03 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C01DD041-F99A-4ABA-9CDC-092B722CDADD}
2013-11-27 22:11 - 2013-11-27 20:44 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 22:11 - 2013-11-27 20:44 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002
2013-11-27 20:48 - 2012-07-26 02:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 20:18 - 2013-10-28 15:21 - 00824362 _____ C:\Users\Leann79\AppData\Local\census.cache
2013-11-27 20:18 - 2013-10-28 15:20 - 00071461 _____ C:\Users\Leann79\AppData\Local\ars.cache
2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\Windows\SysWOW64\RuntimeBroker.exe
2013-11-27 18:59 - 2013-06-27 21:49 - 00000000 ____D C:\Users\Leann79\AppData\Local\CrashDumps
2013-11-27 18:59 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-27 13:13 - 2013-11-27 13:04 - 00000000 ____D C:\ProgramData\Real
2013-11-27 13:12 - 2013-11-27 13:12 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2013-11-27 13:12 - 2013-11-27 13:09 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-27 13:12 - 2013-11-27 13:08 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Real
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-27 13:11 - 2013-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-11-27 13:10 - 2013-11-27 13:10 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-27 13:09 - 2013-04-09 05:37 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-11-27 13:09 - 2013-04-09 05:37 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-11-27 13:03 - 2013-11-27 13:03 - 00833232 _____ (RealNetworks, Inc.) C:\Users\Leann79\Downloads\RealPlayerCloud.exe
2013-11-26 23:39 - 2013-06-23 18:56 - 00000000 ____D C:\Users\Leann79\Desktop\pics
2013-11-26 23:22 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-26 23:20 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-26 23:16 - 2013-06-23 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-26 22:47 - 2013-06-22 23:03 - 00000000 ___RD C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 22:39 - 2013-11-26 22:39 - 00000000 ____D C:\Users\Leann79\Documents\Video Download Capture
2013-11-26 22:37 - 2013-11-26 22:37 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 22:36 - 2013-11-26 22:36 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Apowersoft
2013-11-26 21:48 - 2013-11-26 20:49 - 00000000 ____D C:\Users\Leann79\Documents\flashgot
2013-11-26 21:00 - 2013-11-26 20:44 - 00000000 ____D C:\Users\Leann79\dwhelper
2013-11-26 20:44 - 2013-06-22 22:57 - 00000000 ____D C:\Users\Leann79
2013-11-26 11:42 - 2013-11-26 11:42 - 00000017 _____ C:\Users\Leann79\AppData\Local\resmon.resmoncfg
2013-11-20 12:40 - 2013-07-11 20:26 - 00000000 ____D C:\Users\Leann79\AppData\Roaming\Audacity
2013-11-19 20:28 - 2013-07-11 18:23 - 00000000 ____D C:\Users\Leann79\AppData\Local\Adobe
2013-11-19 09:24 - 2013-11-18 21:33 - 00021647 _____ C:\Users\Leann79\Desktop\letter.odt
2013-11-18 14:08 - 2013-06-22 23:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985080136-288465935-3181643373-1002
2013-11-18 14:00 - 2013-11-18 13:21 - 00000000 ____D C:\Users\Leann79\Desktop\NSB 11-16&17-13
2013-11-18 13:22 - 2013-06-22 22:59 - 00000000 ____D C:\Users\Leann79\AppData\Local\VirtualStore
2013-11-18 12:22 - 2013-11-18 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 10:08 - 2013-11-12 09:53 - 689242729 _____ C:\Users\Leann79\Downloads\Bill Ted's Excellent Halloween Adventure 2013 HHN Orlando.wmv
2013-11-06 20:26 - 2013-06-22 23:03 - 00000000 ___RD C:\Users\Leann79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-06 20:20 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-06 20:19 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-06 20:19 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-11-06 20:13 - 2013-07-30 11:43 - 00000000 ____D C:\Windows\system32\MRT
2013-11-06 19:44 - 2013-06-27 17:46 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForLeann79.job
2013-11-05 12:46 - 2013-06-27 17:46 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLeann79
2013-11-05 11:13 - 2013-11-05 11:13 - 08147408 _____ (GoldWave Inc.) C:\Users\Leann79\Downloads\gwave569.exe
2013-11-04 19:55 - 2013-11-04 19:54 - 00000000 ____D C:\Users\Leann79\Desktop\mp3s
2013-11-04 14:04 - 2013-06-22 22:59 - 00000000 ____D C:\Users\Leann79\AppData\Local\Packages
2013-11-01 11:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-10-30 11:29 - 2013-10-30 11:29 - 480527953 _____ C:\Windows\MEMORY.DMP
2013-10-30 11:29 - 2013-10-30 11:29 - 00307728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 11:29 - 2013-10-30 11:29 - 00280400 _____ C:\Windows\Minidump\103013-45942-01.dmp
2013-10-30 11:29 - 2013-10-30 11:29 - 00000000 ____D C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Leann79\AppData\Local\Temp\BackupSetup.exe
C:\Users\Leann79\AppData\Local\Temp\lowproc.exe
C:\Users\Leann79\AppData\Local\Temp\Quarantine.exe
C:\Users\Leann79\AppData\Local\Temp\stubhelper.dll
C:\Users\Leann79\AppData\Local\Temp\tbConn.dll
C:\Users\Leann79\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2013-10-28 14:49] - [2013-10-28 14:49] - 0000000 ____A ()

C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-14 20:38

==================== End Of Log ============================

LuLu79 · November 28, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Leann79 at 2013-11-28 16:12:32
Running from C:\Users\Leann79\Desktop\malware stuff
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0806.1156.19437)
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink LabelPrint (x32 Version: 2.5.3.5901)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.6.6119)
D3DX10 (x32 Version: 15.4.2368.0902)
Energy Star (Version: 1.0.8)
Farm Frenzy (x32 Version: 2.2.0.98)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
FlatOut 2 (x32 Version: 2.2.0.98)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.1.0)
HP Games (x32 Version: 1.0.3.0)
HP MyRoom (x32 Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.32.44)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.5.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Luxor Evolved (x32 Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)
Norton Internet Security (x32 Version: 20.4.0.40)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Peggle Nights (x32 Version: 2.2.0.98)
Penguins! (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)
RealDownloader (x32 Version: 1.5.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer Cloud (x32 Version: 17.0.2)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.29025)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roads of Rome 3 (x32 Version: 2.2.0.98)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.6.1.3)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update Installer for WildTangent Games App (x32)
UpdateService (x32 Version: 1.0.0)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

05-11-2013 02:30:59 Scheduled Checkpoint
18-11-2013 20:59:03 Scheduled Checkpoint
27-11-2013 03:54:55 Removed ScorpionSaver
28-11-2013 18:52:02 Removed ScorpionSaver Services

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {017CD777-8E1B-4549-AE23-E415CEAEE0FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {05D7231D-F241-436A-9A32-C3EB09009F0D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {0711A890-0ED6-4ABB-81F0-5118926D558D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {22C76C91-84D1-4F52-B0CC-F96EC37C48D0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {332301B3-18BF-40DF-A6CB-EFD9A81CF7CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {7564E9C5-F4AC-4BD6-9BFA-86E4098D31F1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {8E4260D7-959F-4BAC-BC80-4DA0757E84DA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-985080136-288465935-3181643373-1002 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {A1CAEB10-CA19-4214-AA95-F52ED1AE4F79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {B0B5BC65-94C4-427E-93C2-908D60F7F579} - System32\Tasks\HPCeeScheduleForLeann79 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D408DAB0-87F3-4379-9311-F6C8B24093EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E30BFEA8-E812-4E52-A1FE-25AEA71A7D3E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {E835AFBD-F6B5-4864-BC44-4DEEFACFC3A8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {FB1A14FB-F871-4BCB-86A9-D79D1DFD05D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {FEBC5303-2858-43A1-9279-EA7318BFC705} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-985080136-288465935-3181643373-1002 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\HPCeeScheduleForLeann79.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 14:09 - 2012-08-06 14:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-06 14:08 - 2012-08-06 14:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 13:54 - 2012-08-06 13:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-28 16:05 - 2013-11-28 13:20 - 02241536 _____ () C:\Program Files\AVAST Software\Avast\defs\13112801\algo.dll
2013-11-27 13:09 - 2013-11-27 13:09 - 00857184 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-25 14:38 - 2013-10-25 14:38 - 00026760 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2013-06-27 20:08 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-18 12:21 - 2013-11-18 12:22 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-24 10:22 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2013 01:53:21 PM) (Source: Microsoft-Windows-RestartManager) (User: mine)
Description: Application or service 'AdpeakProxy' could not be restarted.

Error: (11/27/2013 06:59:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: WWAHost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
Faulting module name: atidxx64.dll, version: 8.17.10.451, time stamp: 0x501a0655
Exception code: 0xc0000005
Fault offset: 0x00000000000747db
Faulting process id: 0x12b8
Faulting application start time: 0xWWAHost.exe0
Faulting application path: WWAHost.exe1
Faulting module path: WWAHost.exe2
Report Id: WWAHost.exe3
Faulting package full name: WWAHost.exe4
Faulting package-relative application ID: WWAHost.exe5

Error: (11/27/2013 00:13:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0x12ec
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:13:00 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:05:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: mine)
Description: App 57AB5DD0.PhotoEditor_6hb943tstq5q8!App did not launch within its allotted time.

Error: (11/27/2013 00:05:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xdec
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:05:10 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:00:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xa44
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

Error: (11/27/2013 00:00:55 PM) (Source: .NET Runtime) (User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 11:58:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: AviaryPhotoEditor.exe, version: 1.0.0.0, time stamp: 0x513e45c5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0xe7c
Faulting application start time: 0xAviaryPhotoEditor.exe0
Faulting application path: AviaryPhotoEditor.exe1
Faulting module path: AviaryPhotoEditor.exe2
Report Id: AviaryPhotoEditor.exe3
Faulting package full name: AviaryPhotoEditor.exe4
Faulting package-relative application ID: AviaryPhotoEditor.exe5

System errors:
=============
Error: (11/28/2013 04:02:24 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/27/2013 08:41:34 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 11:22:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 11:16:30 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/26/2013 10:52:54 PM) (Source: Service Control Manager) (User: )
Description: The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/26/2013 10:52:34 PM) (Source: Service Control Manager) (User: )
Description: The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/06/2013 08:23:42 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/06/2013 07:46:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (11/06/2013 07:44:05 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/05/2013 11:21:13 AM) (Source: DCOM) (User: mine)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}mineLeann79S-1-5-21-985080136-288465935-3181643373-1002LocalHost (Using LRPC)32015mccalla.SoundEditor_1.0.0.16_neutral__1yb35n8phzzdwS-1-15-2-2452985986-4061832970-717633340-628614022-3896883838-2632444459-3154671889

Microsoft Office Sessions:
=========================
Error: (11/28/2013 01:53:21 PM) (Source: Microsoft-Windows-RestartManager)(User: mine)
Description: 0AdpeakProxy.exeAdpeakProxy03026217818640

Error: (11/27/2013 06:59:29 PM) (Source: Application Error)(User: )
Description: WWAHost.exe6.2.9200.16420505a9152atidxx64.dll8.17.10.451501a0655c000000500000000000747db12b801ceebcc6f3787e7C:\Windows\System32\WWAHost.exeC:\Windows\System32\atidxx64.dllf37f6dbc-57bf-11e3-be91-2c59e5a2398bwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (11/27/2013 00:13:00 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c12ec01ceeb92d80ef91dC:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll2a9945c7-5787-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:13:00 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:05:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: mine)
Description: 57AB5DD0.PhotoEditor_6hb943tstq5q8!App

Error: (11/27/2013 00:05:10 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811cdec01ceeb9240687780C:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll12413bdc-5786-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:05:10 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 00:00:56 PM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ca4401ceeb91f8b98fe5C:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll7ab763de-5785-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

Error: (11/27/2013 00:00:55 PM) (Source: .NET Runtime)(User: )
Description: Application: AviaryPhotoEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/27/2013 11:58:55 AM) (Source: Application Error)(User: )
Description: AviaryPhotoEditor.exe1.0.0.0513e45c5KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811ce7c01ceeb91a669450dC:\Program Files\WindowsApps\57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8\AviaryPhotoEditor.exeC:\Windows\system32\KERNELBASE.dll32fedf06-5785-11e3-be91-2c59e5a2398b57AB5DD0.PhotoEditor_1.0.0.13_x64__6hb943tstq5q8App

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3682.26 MB
Available physical RAM: 2535.7 MB
Total Pagefile: 4450.26 MB
Available Pagefile: 3122.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.93 GB) (Free:220.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type
==================== End Of Log ============================

MrCharlie · November 28, 2013

FRST is reporting that this file is infected:

C:\Windows\SysWOW64\wininit.exe IS INFECTED. <===== ATTENTION!

Can you upload it to VirusTotal for a free scan and let me know the results (just copy back the url):

C:\Windows\SysWOW64\wininit.exe

http://www.virustotal.com/

Then........

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Last......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

LuLu79 · November 28, 2013

Hope I did this right. https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/

I will go work on the other two things now.

LuLu79 · November 28, 2013

Do I need to Scan with FRST before clicking Fix? (pretty sure I do but just want to check)

LuLu79 · November 29, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by Leann79 at 2013-11-28 19:01:55 Run:1
Running from C:\Users\Leann79\Desktop\malware stuff
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
C:\Program Files\Level Quality Watcher
C:\Users\Leann79\AppData\Local\Temp\BackupSetup.exe
C:\Users\Leann79\AppData\Local\Temp\lowproc.exe
C:\Users\Leann79\AppData\Local\Temp\Quarantine.exe
C:\Users\Leann79\AppData\Local\Temp\stubhelper.dll
C:\Users\Leann79\AppData\Local\Temp\tbConn.dll
C:\Users\Leann79\AppData\Local\Temp\vcredist_x64.exe

*****************

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Moved successfully.
Level Quality Watcher => Service deleted successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\tbConn.dll => Moved successfully.
C:\Users\Leann79\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

The system needs a manual reboot.

==== End of Fixlog ====

LuLu79 · November 29, 2013

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.12

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
Leann79 :: MINE [administrator]

11/28/2013 7:11:05 PM
mbam-log-2013-11-28 (19-11-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205640
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Leann79\Local Settings\Temporary Internet Files\Content.IE5\LZG5HZ0H\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

MrCharlie · November 29, 2013

Looks Good and the file is OK that I had you check.

How is it??

MrC

LuLu79 · November 29, 2013

Seems to be OK. So far Scorpion Saver has not magically come back for a third time. lol And to think all of this started in my pursuit to record a webcast the other night. SMH Thank you SO much for all of your help!!!!!

MrCharlie · November 29, 2013

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

LuLu79 · November 29, 2013

Results of screen317's Security Check version 0.99.77
   x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Windows Defender
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player    11.9.900.152
Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Leann79 Desktop programs malware stuff\SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

LuLu79 · November 29, 2013

Just FYI, I don't use IE.

MrCharlie · November 29, 2013

Looks Good.......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

LuLu79 · November 29, 2013

Didn't use Combofix. Ran OTL but it left behind everything we used so I will manually delete/uninstall those. Thanks again so much for all of your help!! (Now I just hope when I was shopping online this morning that none of my info was compromised :unsure: lol)

MrCharlie · November 29, 2013

(Now I just hope when I was shopping online this morning that none of my info was compromised lol)

Not by this infection...MrC

LuLu79 · November 29, 2013

Oh good. That makes me feel better. I mean, my Firewall and everything was still running but sometimes you just never know. Thanks for helping...and for putting my mind at ease. You are outstanding!

Another Scorpion Saver Problem

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information