Jump to content

Mee too! Infected with Gorilla Price and cpvrdr.com popups


schums

Recommended Posts

I'm infected with (at least) Gorilla Price and cpvrdr.com popups.  I've run spybot and malwarbytes and neither has taken care of the problem.  I ran dds and have the two logs already (see below).  ANY help you can give me will be GREATLY appreciated!!

 

Sarah

 

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by Sarah at 11:10:23 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8151.5224 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:8080
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [Google Update] "C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [spybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll





TCP: NameServer = 192.168.2.1
TCP: Interfaces\{D2A98950-2562-41AF-BDEF-577C51F9F11D} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131218.001\IDSviA64.sys [2013-12-18 521944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-24 116752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-24 56344]
.
=============== Created Last 30 ================
.
2013-12-14 03:09:20 -------- d-----w- C:\Windows\pss
2013-12-14 01:35:56 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Open Download Manager
2013-12-14 01:33:12 -------- d-----w- C:\ProgramData\boost_interprocess
2013-12-14 01:33:11 -------- d-----w- C:\ProgramData\GorillaPrice
2013-12-14 01:33:10 -------- d-----w- C:\Program Files (x86)\GorillaPrice
2013-12-14 01:31:43 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2013-12-12 08:05:52 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:05:52 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:05:51 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:05:51 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 23:19:31 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-30 14:42:02 -------- d-----w- C:\ProgramData\Oracle
2013-11-30 14:41:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-25 18:20:05 -------- d-----r- C:\Users\Sarah\Dropbox
2013-11-25 18:16:00 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Dropbox
.
==================== Find3M  ====================
.
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 03:18:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 11:11:38.57 ===============
 

Link to post
Share on other sites

Attach Log:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/23/2011 1:40:57 PM
System Uptime: 12/19/2013 9:57:31 AM (2 hours ago)
.
Motherboard: MSI |  | 2A9C
Processor: Intel® Core i7 CPU         870  @ 2.93GHz | CPU 1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1384 GiB total, 1224.63 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.592 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 699 GiB total, 480.321 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP206: 12/11/2013 3:00:32 AM - Windows Update
RP207: 12/12/2013 3:00:39 AM - Windows Update
RP208: 12/13/2013 8:33:59 PM - Installed WeatherBug
RP209: 12/13/2013 9:07:36 PM - Removed WeatherBug
RP210: 12/13/2013 9:10:16 PM - Windows Update
RP211: 12/14/2013 3:00:38 AM - Windows Update
RP212: 12/14/2013 10:24:56 AM - Windows Update
RP213: 12/15/2013 3:00:47 AM - Windows Update
RP214: 12/16/2013 3:00:27 AM - Windows Update
RP215: 12/17/2013 3:00:28 AM - Windows Update
RP216: 12/18/2013 3:00:15 AM - Windows Update
RP217: 12/19/2013 3:00:41 AM - Windows Update
RP218: 12/19/2013 9:51:52 AM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
AGEIA PhysX v2.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connect Participant Application v8.9.35
ATI Catalyst Install Manager
ATI Stream SDK v2 Developer
Bejeweled 2 Deluxe
Belkin Daily DJ
Belkin Music Labeler
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
ClosetMaid v1.5.2
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Drive Manager
Dropbox
DVD Menu Pack for HP MediaSmart Video
e-Sword
Elevated Installer
Escape Rosecliff Island
Farm Frenzy
FATE
Final Drive Nitro
Garmin Express
Garmin Express Tray
Garmin Update Service
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth Plug-in
Google Update Helper
GorillaPrice
GoToMeeting 4.8.0.723
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
HydraVision
I.R.I.S. OCR
iCloud
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Jacquie Lawson Alpine Advent Calendar
Jacquie Lawson London Advent Calendar
Java 7 Update 45
Java Auto Updater
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LEGO Digital Designer
LEGO Universe
LEGO® Indiana Jones™
LightScribe System Software
MagiQuest Online (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Mover
Mystery P.I. - The London Caper
Norton Online Backup
Norton Security Suite
Paint.NET v3.5.10
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Scratch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Spybot - Search & Destroy
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/19/2013 9:53:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
12/19/2013 10:22:22 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

OK the try to uninstall it from your add/remove programs --->>>GorillaPrice

Then...........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Next........

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

Here's the log from AdwCleaner.  I'm not sure what to keep/get rid of.

 

# AdwCleaner v3.015 - Report created 19/12/2013 at 22:03:49
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarah - SARAH-HP
# Running from : C:\Users\Sarah\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Premium

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\Software\Web Assistant
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

-\\ Google Chrome v

[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4044 octets] - [19/12/2013 22:03:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4104 octets] ##########

Link to post
Share on other sites

AdwCleaner logfile report:

# AdwCleaner v3.015 - Report created 19/12/2013 at 22:08:42
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarah - SARAH-HP
# Running from : C:\Users\Sarah\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

-\\ Google Chrome v

[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4240 octets] - [19/12/2013 22:03:49]
AdwCleaner[s0].txt - [3590 octets] - [19/12/2013 22:08:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3650 octets] ##########

Link to post
Share on other sites

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Sarah :: SARAH-HP [administrator]

12/19/2013 10:15:38 PM
MBAM-log-2013-12-19 (22-29-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217014
Time elapsed: 12 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Sarah\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)

Link to post
Share on other sites

FRST.txt Report

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013
Ran by Sarah (administrator) on SARAH-HP on 19-12-2013 22:37:46
Running from C:\Users\Sarah\Documents\My Documents\frst64
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
() C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\ProgramData\GorillaPrice\WatGorp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKCU\...\Run: [Google Update] - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-06] (Google Inc.)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [basicsmssmenu] - C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [instaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {245338C3-BCA3-4A2C-A7B7-53345999A8E8} https://www.jlaa.org/editor/tinymce/spellchecker/wspellam.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======

CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Norton Identity Protection) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-30] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-30] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131218.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131219.004\ENG64.SYS [126040 2013-12-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131219.004\EX64.SYS [2099288 2013-12-11] (Symantec Corporation)
R1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2010-03-10] (silex technology, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2012-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-19 22:37 - 2013-12-19 22:37 - 00000000 ____D C:\FRST
2013-12-19 22:12 - 2013-12-19 22:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-19 22:03 - 2013-12-19 22:08 - 00000000 ____D C:\AdwCleaner
2013-12-19 22:02 - 2013-12-19 22:02 - 01226750 _____ C:\Users\Sarah\Desktop\AdwCleaner.exe
2013-12-19 17:39 - 2013-12-19 17:39 - 01863321 _____ C:\Users\Sarah\Downloads\RogueKillerX64.exe
2013-12-19 16:55 - 2013-12-19 16:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\tdsskiller.exe
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{F8D4F7AD-BF62-4316-8A26-1CA8C2A195F0}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{F3152077-E73C-4DD0-8EBB-1B304FD296B8}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{DB5995C5-12DC-40FC-9B4E-98727AE9C3B4}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{B4ABA73C-2636-4B58-B034-92BCD9729489}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{8A316340-9AB5-4BB3-B3B9-EAB63AE0421B}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{89EE9D02-AFBC-45E8-8B15-D43B6474FD94}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{1EB26E46-CC61-4C45-B931-A85D595B10C5}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{1D68F9B3-FB45-4E0B-8FCE-D0B092464022}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{0C1DF9B6-7073-4601-9F22-F9125824C0E1}
2013-12-19 16:29 - 2013-12-19 16:29 - 00002948 _____ C:\Windows\System32\Tasks\{8914E0D1-8368-433A-A93C-213F3A4EA557}
2013-12-19 11:12 - 2013-12-19 11:12 - 00013474 _____ C:\Users\Sarah\Desktop\attach.txt
2013-12-19 11:12 - 2013-12-19 11:11 - 00019781 _____ C:\Users\Sarah\Desktop\dds.txt
2013-12-19 11:09 - 2013-12-19 11:09 - 00688992 ____R (Swearware) C:\Users\Sarah\Desktop\dds.com
2013-12-15 14:41 - 2013-12-18 16:53 - 00034816 _____ C:\Users\Sarah\Downloads\FranzList2013 (1).xls
2013-12-15 14:40 - 2013-12-15 14:40 - 00028160 _____ C:\Users\Sarah\Downloads\FranzList2013.xls
2013-12-13 22:09 - 2013-12-13 22:09 - 00000000 ____D C:\Windows\pss
2013-12-13 21:06 - 2013-12-13 21:06 - 00002970 _____ C:\Windows\System32\Tasks\{6B6BCD6C-25C0-4A2F-AC68-7C8274B06DEC}
2013-12-13 20:35 - 2013-12-13 21:08 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Open Download Manager
2013-12-13 20:33 - 2013-12-13 20:33 - 00000000 ____D C:\ProgramData\GorillaPrice
2013-12-13 20:33 - 2013-12-13 20:33 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-12-13 20:31 - 2013-12-13 21:08 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-12-13 18:59 - 2013-12-13 18:59 - 02269709 _____ C:\Users\Sarah\Desktop\forge-1.6.4-9.11.1.953-installer.jar
2013-12-12 03:05 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:03 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:03 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:03 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:03 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:03 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:03 - 2013-10-25 01:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:03 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:03 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:03 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:03 - 2013-10-24 23:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 03:03 - 2013-10-24 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:03 - 2013-10-24 22:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:03 - 2013-10-24 22:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 03:03 - 2013-10-24 21:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-11 18:19 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 18:19 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 18:19 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 18:19 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 18:19 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 18:19 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 18:19 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 18:19 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 18:19 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 18:19 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 18:19 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 18:19 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 18:19 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 18:19 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 18:19 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 18:19 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 18:19 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 18:19 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 18:19 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 03:01 - 2013-12-19 09:53 - 00041022 _____ C:\Windows\IE11_main.log
2013-11-30 09:42 - 2013-11-30 09:42 - 00000000 ____D C:\ProgramData\Oracle
2013-11-30 09:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-30 09:41 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-30 09:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-30 09:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-30 09:40 - 2013-11-30 09:41 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-25 13:20 - 2013-12-14 11:06 - 00000000 ___RD C:\Users\Sarah\Dropbox
2013-11-25 13:20 - 2013-11-25 13:20 - 00001043 _____ C:\Users\Sarah\Desktop\Dropbox.lnk
2013-11-25 13:16 - 2013-12-19 22:34 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Dropbox
2013-11-25 13:16 - 2013-11-25 13:17 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-24 21:28 - 2013-11-24 21:28 - 00000000 ____D C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do 2_files
2013-11-24 21:27 - 2013-11-24 21:28 - 00414760 _____ C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do 2.htm
2013-11-24 21:26 - 2013-11-24 21:26 - 00432037 _____ C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do.htm

==================== One Month Modified Files and Folders =======

2013-12-19 22:40 - 2011-03-24 22:29 - 01700035 _____ C:\Windows\WindowsUpdate.log
2013-12-19 22:37 - 2013-12-19 22:37 - 00000000 ____D C:\FRST
2013-12-19 22:34 - 2013-12-19 22:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-19 22:34 - 2013-11-25 13:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Dropbox
2013-12-19 22:34 - 2013-09-26 22:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-19 22:34 - 2011-03-24 22:47 - 00000000 ____D C:\ProgramData\PDFC
2013-12-19 22:33 - 2011-12-24 21:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 22:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-19 22:33 - 2009-07-13 23:51 - 00048258 _____ C:\Windows\setupact.log
2013-12-19 22:32 - 2011-04-23 13:37 - 00916666 _____ C:\Windows\PFRO.log
2013-12-19 22:19 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-19 22:19 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 22:15 - 2011-10-06 20:07 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001UA.job
2013-12-19 22:08 - 2013-12-19 22:03 - 00000000 ____D C:\AdwCleaner
2013-12-19 22:08 - 2012-06-06 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:02 - 2013-12-19 22:02 - 01226750 _____ C:\Users\Sarah\Desktop\AdwCleaner.exe
2013-12-19 22:00 - 2011-12-24 21:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 17:39 - 2013-12-19 17:39 - 01863321 _____ C:\Users\Sarah\Downloads\RogueKillerX64.exe
2013-12-19 16:55 - 2013-12-19 16:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\tdsskiller.exe
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{F8D4F7AD-BF62-4316-8A26-1CA8C2A195F0}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{F3152077-E73C-4DD0-8EBB-1B304FD296B8}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{DB5995C5-12DC-40FC-9B4E-98727AE9C3B4}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{B4ABA73C-2636-4B58-B034-92BCD9729489}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{8A316340-9AB5-4BB3-B3B9-EAB63AE0421B}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{89EE9D02-AFBC-45E8-8B15-D43B6474FD94}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{1EB26E46-CC61-4C45-B931-A85D595B10C5}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{1D68F9B3-FB45-4E0B-8FCE-D0B092464022}
2013-12-19 16:30 - 2013-12-19 16:30 - 00002948 _____ C:\Windows\System32\Tasks\{0C1DF9B6-7073-4601-9F22-F9125824C0E1}
2013-12-19 16:29 - 2013-12-19 16:29 - 00002948 _____ C:\Windows\System32\Tasks\{8914E0D1-8368-433A-A93C-213F3A4EA557}
2013-12-19 16:22 - 2013-02-10 12:47 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSarah
2013-12-19 16:22 - 2013-02-10 12:47 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSarah.job
2013-12-19 16:22 - 2011-04-23 14:26 - 00000000 ____D C:\Users\Sarah\AppData\Local\CrashDumps
2013-12-19 11:12 - 2013-12-19 11:12 - 00013474 _____ C:\Users\Sarah\Desktop\attach.txt
2013-12-19 11:11 - 2013-12-19 11:12 - 00019781 _____ C:\Users\Sarah\Desktop\dds.txt
2013-12-19 11:09 - 2013-12-19 11:09 - 00688992 ____R (Swearware) C:\Users\Sarah\Desktop\dds.com
2013-12-19 10:06 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 09:53 - 2013-12-11 03:01 - 00041022 _____ C:\Windows\IE11_main.log
2013-12-19 06:17 - 2011-10-06 20:07 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001Core.job
2013-12-18 16:53 - 2013-12-15 14:41 - 00034816 _____ C:\Users\Sarah\Downloads\FranzList2013 (1).xls
2013-12-18 16:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-18 15:28 - 2012-12-03 17:33 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\.minecraft
2013-12-15 22:07 - 2012-10-13 12:45 - 00000000 ____D C:\Users\Sarah\Documents\Franz Docs
2013-12-15 21:47 - 2011-04-23 12:45 - 00000000 ____D C:\Users\Sarah\AppData\Local\PDFC
2013-12-15 16:03 - 2011-03-24 22:49 - 00000000 ____D C:\ProgramData\Norton
2013-12-15 14:40 - 2013-12-15 14:40 - 00028160 _____ C:\Users\Sarah\Downloads\FranzList2013.xls
2013-12-15 14:12 - 2011-10-30 13:35 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-15 14:12 - 2011-05-01 17:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-15 14:08 - 2011-05-01 17:45 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\HP Support Assistant
2013-12-15 14:08 - 2011-04-23 13:20 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\HpUpdate
2013-12-15 11:53 - 2011-05-28 19:41 - 00000000 ____D C:\Users\Sarah\AppData\Local\Paint.NET
2013-12-15 11:53 - 2011-05-17 10:36 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\ZoomBrowser EX
2013-12-15 11:53 - 2011-05-17 10:24 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-12-15 03:06 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2011-04-24 02:11 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 11:06 - 2013-11-25 13:20 - 00000000 ___RD C:\Users\Sarah\Dropbox
2013-12-13 22:09 - 2013-12-13 22:09 - 00000000 ____D C:\Windows\pss
2013-12-13 22:09 - 2011-04-23 12:45 - 00000000 ___RD C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-13 22:02 - 2012-06-06 16:12 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-12-13 22:00 - 2012-02-05 12:28 - 00000000 ____D C:\Program Files\Google
2013-12-13 22:00 - 2011-12-24 21:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-13 21:18 - 2011-10-06 20:07 - 00000000 ____D C:\Users\Sarah\AppData\Local\Google
2013-12-13 21:08 - 2013-12-13 20:35 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Open Download Manager
2013-12-13 21:08 - 2013-12-13 20:31 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-12-13 21:06 - 2013-12-13 21:06 - 00002970 _____ C:\Windows\System32\Tasks\{6B6BCD6C-25C0-4A2F-AC68-7C8274B06DEC}
2013-12-13 20:33 - 2013-12-13 20:33 - 00000000 ____D C:\ProgramData\GorillaPrice
2013-12-13 20:33 - 2013-12-13 20:33 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-12-13 18:59 - 2013-12-13 18:59 - 02269709 _____ C:\Users\Sarah\Desktop\forge-1.6.4-9.11.1.953-installer.jar
2013-12-12 04:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:24 - 2009-07-13 23:45 - 00430936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:05 - 2011-04-23 13:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-05 23:10 - 2011-10-06 20:07 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001UA
2013-12-05 23:10 - 2011-10-06 20:07 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001Core
2013-12-05 17:27 - 2011-10-06 20:07 - 00002372 _____ C:\Users\Sarah\Desktop\Google Chrome.lnk
2013-12-04 12:55 - 2011-12-24 21:10 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-04 12:55 - 2011-12-24 21:10 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 21:00 - 2011-04-23 12:44 - 00115168 _____ C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-01 18:26 - 2011-04-23 12:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-30 09:42 - 2013-11-30 09:42 - 00000000 ____D C:\ProgramData\Oracle
2013-11-30 09:41 - 2013-11-30 09:40 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-30 09:41 - 2011-08-27 10:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-26 09:01 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-25 13:20 - 2013-11-25 13:20 - 00001043 _____ C:\Users\Sarah\Desktop\Dropbox.lnk
2013-11-25 13:20 - 2011-04-23 12:41 - 00000000 ____D C:\Users\Sarah
2013-11-25 13:17 - 2013-11-25 13:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-24 21:28 - 2013-11-24 21:28 - 00000000 ____D C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do 2_files
2013-11-24 21:28 - 2013-11-24 21:27 - 00414760 _____ C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do 2.htm
2013-11-24 21:26 - 2013-11-24 21:26 - 00432037 _____ C:\Users\Sarah\Desktop\Shopping Bag  Old Navy_do.htm
2013-11-24 16:22 - 2011-08-02 16:58 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSARAH-HP$
2013-11-24 16:22 - 2011-08-02 16:58 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForSARAH-HP$.job
2013-11-23 13:26 - 2013-12-11 18:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 12:47 - 2013-12-11 18:19 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\ose00000.exe
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe
C:\Users\Sarah\AppData\Local\Temp\{90DE3F9B-7AC4-4275-87B7-F488D07F4A05}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-10 06:54

==================== End Of Log ============================

 

Additon.txt Report

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013
Ran by Sarah at 2013-12-19 22:41:51
Running from C:\Users\Sarah\Documents\My Documents\frst64
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Lavasoft Ad-Aware (Enabled - Out of date) {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {FF3AA927-299E-6498-B5B7-5E74888292BD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Lavasoft Ad-Aware (Disabled) {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

==================== Installed Programs ======================

Ad-Aware Antivirus (x32 Version: 10.1.211.3382)
Ad-Aware Browsing Protection (x32 Version: 0.9.0.2)
Adobe AIR (x32 Version: 3.9.0.1380)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AGEIA PhysX v2.6.0 (x32 Version: 2.6.0.4)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AT&T Connect Participant Application v8.9.35 (x32 Version: 8.9.35)
ATI Catalyst Install Manager (Version: 3.0.795.0)
ATI Stream SDK v2 Developer (Version: 2.2.0.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Belkin Daily DJ (x32)
Belkin Music Labeler (x32)
Belkin Setup and Router Monitor (x32)
Belkin USB Print and Storage Center (Version: 1.0.0)
Bing Bar (x32 Version: 7.0.609.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1)
Canon MOV Decoder (x32 Version: 1.7.0.6)
Canon MOV Encoder (x32 Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5)
Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1123.1002.17926)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.1123.1002.17926)
Catalyst Control Center InstallProxy (x32 Version: 2010.1123.1002.17926)
Catalyst Control Center Localization All (x32 Version: 2010.1123.1002.17926)
CCC Help Chinese Standard (x32 Version: 2010.1123.1001.17926)
CCC Help Chinese Traditional (x32 Version: 2010.1123.1001.17926)
CCC Help Czech (x32 Version: 2010.1123.1001.17926)
CCC Help Danish (x32 Version: 2010.1123.1001.17926)
CCC Help Dutch (x32 Version: 2010.1123.1001.17926)
CCC Help English (x32 Version: 2010.1123.1001.17926)
CCC Help Finnish (x32 Version: 2010.1123.1001.17926)
CCC Help French (x32 Version: 2010.1123.1001.17926)
CCC Help German (x32 Version: 2010.1123.1001.17926)
CCC Help Greek (x32 Version: 2010.1123.1001.17926)
CCC Help Hungarian (x32 Version: 2010.1123.1001.17926)
CCC Help Italian (x32 Version: 2010.1123.1001.17926)
CCC Help Japanese (x32 Version: 2010.1123.1001.17926)
CCC Help Korean (x32 Version: 2010.1123.1001.17926)
CCC Help Norwegian (x32 Version: 2010.1123.1001.17926)
CCC Help Polish (x32 Version: 2010.1123.1001.17926)
CCC Help Portuguese (x32 Version: 2010.1123.1001.17926)
CCC Help Russian (x32 Version: 2010.1123.1001.17926)
CCC Help Spanish (x32 Version: 2010.1123.1001.17926)
CCC Help Swedish (x32 Version: 2010.1123.1001.17926)
CCC Help Thai (x32 Version: 2010.1123.1001.17926)
CCC Help Turkish (x32 Version: 2010.1123.1001.17926)
ccc-core-static (x32 Version: 2010.1123.1002.17926)
ccc-utility64 (Version: 2010.1123.1002.17926)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ClosetMaid v1.5.2 (HKCU)
Coupon Printer for Windows (x32 Version: 5.0.0.1)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Drive Manager (x32 Version: 1.00.0012)
Dropbox (HKCU Version: 2.4.7)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Elevated Installer (x32 Version: 2.1.13)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
e-Sword (x32 Version: 10.01.0000)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin Update Service (x32 Version: 2.1.13)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Garmin WebUpdater (x32 Version: 2.5.4)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Earth Plug-in (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.22.3)
GorillaPrice (x32)
GoToMeeting 4.8.0.723 (HKCU Version: 4.8.0.723)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.1.5)
HP MediaSmart DVD (x32 Version: 4.2.4725)
HP MediaSmart Music (x32 Version: 4.2.4517)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.027)
HP MovieStore (x32 Version: 2.0.2)
HP Odometer (x32 Version: 2.10.0000)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2)
HP Officejet Pro 8500 A910 Product Improvement Study (Version: 22.50.231.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.005.000.002)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
Hulu Desktop (HKCU Version: 0.9.13)
HydraVision (x32 Version: 4.2.180.0)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
iCloud (Version: 3.0.2.163)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
iTunes (Version: 11.1.3.8)
Jacquie Lawson Alpine Advent Calendar (x32 Version: 1.0.2)
Jacquie Lawson London Advent Calendar (x32 Version: 1.0.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3130)
LEGO Digital Designer (x32)
LEGO Universe (x32)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000)
LightScribe System Software (x32 Version: 1.18.20.1)
MagiQuest Online (remove only) (x32 Version: 6.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marketsplash Shortcuts (x32 Version: 1.0.1.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Mover (x32)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Norton Online Backup (x32 Version: 2.1.17869)
Norton Security Suite (x32 Version: 20.4.0.40)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Complete Special Edition (x32 Version: 4.0.57)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
PressReader (x32 Version: 5.10.1102.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Recovery Manager (x32 Version: 5.5.3219)
RoxioNow Player (x32 Version: 1.9.5.101)
Scratch (x32 Version: 1.4.0.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
swMSM (x32 Version: 12.0.0.1)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

12-12-2013 08:00:39 Windows Update
14-12-2013 01:33:59 Installed WeatherBug
14-12-2013 02:07:36 Removed WeatherBug
14-12-2013 02:10:16 Windows Update
14-12-2013 08:00:38 Windows Update
14-12-2013 15:24:56 Windows Update
15-12-2013 08:00:47 Windows Update
16-12-2013 08:00:27 Windows Update
17-12-2013 08:00:28 Windows Update
18-12-2013 08:00:15 Windows Update
19-12-2013 08:00:41 Windows Update
19-12-2013 14:51:52 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02A63B03-1A54-40F5-84C5-555C2A702165} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {05089B6A-1C09-4635-A34B-A6B20B0B5B73} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {09602157-71DA-498D-8726-7943B6B2C6C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {17055E8F-2997-4A3F-A34F-382BF75F6DA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-26] (Adobe Systems Incorporated)
Task: {1920E360-33E9-4D7C-8E7D-16859119B037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2006BC85-4188-45DF-9BA9-8A5429056EBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {25AB5DE2-726C-41D7-B5FA-011D69C00BB4} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-05-03] (Lavasoft Limited)
Task: {25FF0154-1CF4-4BA7-B3F8-9BB7508B9E8D} - System32\Tasks\{8A316340-9AB5-4BB3-B3B9-EAB63AE0421B} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {26026EC9-D932-46F4-9C86-9C41CA7D4469} - System32\Tasks\{F8D4F7AD-BF62-4316-8A26-1CA8C2A195F0} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {2A10B19A-6037-45C5-8DDA-A81EF7702F90} - System32\Tasks\{6B6BCD6C-25C0-4A2F-AC68-7C8274B06DEC} => C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
Task: {2BBB708B-532C-496A-B927-59D9396F31DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {2D8EB8BB-DDA2-41BD-A099-3298D8EBB4B8} - System32\Tasks\{1EB26E46-CC61-4C45-B931-A85D595B10C5} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {30EEBF76-8150-4B40-93BF-9EB470DDEC43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {52DFC15F-E5EF-4D12-A957-83D68BE7BE9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {68F22EA5-B5FB-42E1-87A9-8BF1F2F5FAF2} - System32\Tasks\{F3152077-E73C-4DD0-8EBB-1B304FD296B8} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {6D0DEC70-C1E2-472A-9079-16BF5CDA1351} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6DA8B6D1-4FC4-4486-9ED0-650A2C2167EB} - System32\Tasks\{B4ABA73C-2636-4B58-B034-92BCD9729489} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {744B3319-71DD-4011-9961-A8DBD63E7231} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {77C1906A-9F83-4D3A-A214-1E3B23FDB5D6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {7A1D2334-AC92-4946-A2C8-C3F5CE3B377F} - System32\Tasks\{DB5995C5-12DC-40FC-9B4E-98727AE9C3B4} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {A0C52F5F-348D-42BC-98F9-2C142F0532C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06] (Google Inc.)
Task: {A6152F3D-7D21-477B-BC4B-79BBCAF13636} - System32\Tasks\{0C1DF9B6-7073-4601-9F22-F9125824C0E1} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {AC7654C5-274B-46E4-BFA6-BE34993094A6} - System32\Tasks\HPCeeScheduleForSarah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B7543A0F-291E-461A-812A-80075F0A460B} - System32\Tasks\HpWebReg.exe => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BB2FFA4B-54A4-4453-AC26-31ABFFA3CCDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN113AR0FM => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {BFCD1C7F-A777-49E6-998A-6BBB83396105} - System32\Tasks\{89EE9D02-AFBC-45E8-8B15-D43B6474FD94} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {C1E39C29-3947-49F3-A871-8955C8A8D8D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06] (Google Inc.)
Task: {D52A1491-6E26-4CB9-BA29-04349477FF66} - System32\Tasks\{88FF9F0E-9054-4C12-84FB-453E97C58924} => C:\Users\Sarah\Downloads\CouponActivator (3).exe [2011-12-08] (Catalina Marketing Corp. )
Task: {D9C98037-0809-4BBC-9104-D3EEEA4B16B3} - System32\Tasks\{1D68F9B3-FB45-4E0B-8FCE-D0B092464022} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: {DE5C2516-0B56-42F5-A7A2-D35F0F657562} - System32\Tasks\HPCeeScheduleForSARAH-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F099EABD-D165-46FD-8D38-21A37576CF4C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: {F742E7F2-FEE5-4F64-80DB-F7F5B0D3D363} - System32\Tasks\{8914E0D1-8368-433A-A93C-213F3A4EA557} => C:\Users\Sarah\Desktop\RogueKillerX64.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3203651439-3747290406-1657443050-1001UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSARAH-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSarah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-11 16:07 - 2010-02-17 17:25 - 00149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2010-04-12 18:59 - 2010-04-12 18:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-23 12:01 - 2010-11-23 12:01 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-11 16:06 - 2010-07-28 16:34 - 00022424 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-11 16:06 - 2010-06-23 17:11 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-08-11 16:06 - 2010-06-23 17:11 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-08-11 16:06 - 2010-06-23 17:12 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-08-11 16:06 - 2010-06-23 17:11 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-08-12 07:21 - 2010-06-23 16:38 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-08-12 07:21 - 2010-07-28 16:02 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2013-07-16 00:28 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.4.0.40\wincfi39.dll
2013-08-15 02:44 - 2013-08-15 02:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2011-03-24 22:32 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-06 16:14 - 2012-02-05 12:41 - 00210288 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-06-06 16:14 - 2012-02-05 12:41 - 00181616 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91053554.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91053554.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2013 04:25:31 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(34:c0:59:10:57:4d@fe80::36c0:59ff:fe10:574d._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/19/2013 04:22:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.31, time stamp: 0x4e9dc503
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x1254
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16006

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16006

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 08:20:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007

Error: (12/19/2013 08:20:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007

System errors:
=============
Error: (12/19/2013 10:34:49 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (12/19/2013 04:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:53:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:53:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:53:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:51:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:51:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/19/2013 04:51:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/19/2013 04:25:31 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(34:c0:59:10:57:4d@fe80::36c0:59ff:fe10:574d._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/19/2013 04:22:32 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.314e9dc503ole32.dll6.1.7601.175144ce7b96fc000000500039342125401cefccb1e65ce58C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dllab60dc57-68f3-11e3-8e5b-6c626deaba3f

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (12/19/2013 00:17:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16006

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16006

Error: (12/19/2013 08:20:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 08:20:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007

Error: (12/19/2013 08:20:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007

CodeIntegrity Errors:
===================================
  Date: 2013-03-06 18:20:52.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-06 18:20:52.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-01 18:17:04.343
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-01 18:17:04.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8151.08 MB
Available physical RAM: 5662.46 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13724.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.21 GB) (Free:1224.9 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive k: (FreeAgent Drive) (Fixed) (Total:698.64 GB) (Free:480.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: F57B401A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-712739127296) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

I can't run frst.exe any more.  I downloaded the file, and tried to run the program, but it gets stuck in an update loop.  The program comes up, says "New update found.  Please wait".  Then a message box "Update successful". Both then disappear and the main screen comes back with the same message.  A couple times, it eventually popped up "Unable to open the script file" and stop the loop.  Still can't get the program to run, as it just says "unable to open the script file" every time you click on the .exe file.  I've tried to get it to run without anything else open, removing the fixlist.txt that I put in the directory, rebooted then tried to run, tried running both as an admin and as a user, reinstalled the program.  Nothing works.  I'll try again tomorrow, but I'm not holding out much hope.  Ideas?

Link to post
Share on other sites

OK lets use a different program:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I booted in safe mode without networking and it allowed me to run the frst exe.  Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Sarah at 2013-12-20 11:17:15 Run:1
Running from C:\Users\Sarah\Documents\My Documents\Farbar Recovery Scan Tool
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\GorillaPrice
C:\ProgramData\GorillaPrice
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-30] ()
C:\ProgramData\GorillaPrice
C:\Program Files (x86)\GorillaPrice

*****************

C:\Program Files (x86)\GorillaPrice => Moved successfully.
C:\ProgramData\GorillaPrice => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
WatGorp => Service deleted successfully.
"C:\ProgramData\GorillaPrice" => File/Directory not found.
"C:\Program Files (x86)\GorillaPrice" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Good, now run this one please:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

Here's the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sarah on Fri 12/20/2013 at 11:39:11.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] gorillaprice
Successfully deleted: [service] gorillaprice

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/20/2013 at 11:45:52.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Still getting the occasional popups, but not the annoying cpvrdr.com redirect ones.  Also, I can still see GorillaPrice on my programs list (but not in the task manager).  Should I care?  And the "Error 400 Bad Request" error I was getting has gone away.  Overall, I'd say it's at 90%!

Link to post
Share on other sites

OK...please run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I downloaded ComboFix, but it tells me that I have an "Incompatible OS" and shuts down, right after it backs up the registry. I'm running Windows 7 64 bit, which the website tells me is supported.  I tried rebooting in Safe Mode with Networking, but I get the same error message.

Link to post
Share on other sites

Strange, lets run this one:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.