View Full Version : Last Thread Closed Before I was Finished - Browser Redirected
Hi,I appreciate the help. I did not have time to respond to the last post.
Here is a link to the closed thread:
http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser
(http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser)
Here is the DDS log and the attach log is attached:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Linda at 23:05:28 on 2014-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2076 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\3DEmbroidery\DesignerSECommuni.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mumbojumbo.iplay.com/?o=shp
uDefault_Page_URL = hxxp://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [DesignerSECommuni.exe] C:\3DEmbroidery\DesignerSECommuni.exe
uRun: [EmbMachineComms.exe] C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB}\342716A79786F6273756 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB}\A42545 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-15 90056]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-15 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-15 2425960]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-15 2656280]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-28 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSviA64.sys [2013-2-22 513184]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-2 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-15 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-15 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-24 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-15 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-26 03:52:35 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-26 03:43:59 -------- d-----w- C:\Windows\Migration
2014-01-26 03:40:37 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDAA1FE2-E6D4-467E-86BE-F3E7A0C95532}\mpengine.dll
2014-01-22 01:52:53 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-22 01:52:53 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-22 01:52:53 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-22 01:52:53 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-22 01:52:53 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-22 01:52:53 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-22 01:52:53 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-22 01:52:50 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-22 01:52:47 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-11 01:25:14 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-10 00:22:39 -------- d-----w- C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-10 00:22:13 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-10 00:22:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 00:14:02 -------- d-----w- C:\_OTL
2014-01-09 11:06:49 -------- d-----w- C:\Windows\ERUNT
2014-01-09 01:17:33 -------- d-----w- C:\AdwCleaner
2014-01-09 01:06:53 -------- d-----w- C:\RegBackup
2014-01-09 01:06:02 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-01-02 00:43:18 -------- d-----w- C:\Users\Linda\AppData\Roaming\4 Friends Games
2013-12-31 22:00:34 -------- d-----w- C:\Users\Linda\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-11 23:18:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 23:18:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 23:05:59.51 ===============
Dakeyras
2014-02-01, 03:30
Hi. :)
Please follow my prior instructions posted here (http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser&p=449271&viewfull=1#post449271) and we will then go from there, thank you.
OK, thanks!
OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-294371208-3097446141-2468538785-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F0E6E776-6120-4575-B43C-E853E580061B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0E6E776-6120-4575-B43C-E853E580061B}\ not found.
Prefs.js: "FindWide" removed from browser.search.defaultenginename
File C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober-1953977777.xml not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\Temp:C6BC11FD deleted successfully.
ADS C:\ProgramData\Temp:BE40C8A2 deleted successfully.
ADS C:\ProgramData\Temp:737160C1 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Default User
User: Linda
->Temp folder emptied: 740973236 bytes
->Temporary Internet Files folder emptied: 40061915 bytes
->FireFox cache emptied: 20425367 bytes
->Google Chrome cache emptied: 74247351 bytes
->Flash cache emptied: 2035 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29459979 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2322 bytes
Total Files Cleaned = 863.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02012014_111913
Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000000018B0FC70C1585A6C5 not found!
File\Folder C:\Windows\temp\TMP0000000236CCF977CCAD29C2 not found!
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malware log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.01.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Linda :: LINDA-HP [administrator]
2/1/2014 11:27:36 AM
mbam-log-2014-02-01 (11-27-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206777
Time elapsed: 5 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 2
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\Linda\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\script.js (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
(end)
Dakeyras
2014-02-01, 22:12
Hi. :)
OK, thanks!
You're welcome!
Carry out the Custom OTL Script here (http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser&p=449035&viewfull=1#post449035) please, then the follow the instructions for Software Update check. Finally complete the below scan as follows...
Scan with Panda Cloud Cleaner:
Please download Panda Cloud Cleaner (http://pandacloudcleaner.pandasecurity.com/facebook/) and save to your desktop.
Alternate downloads are here (http://acs.pandasoftware.com/pandacloudcleaner/installers/activescan/PandaCloudCleaner.exe) and here (http://www.majorgeeks.com/files/details/panda_cloud_cleaner.html).
Right-click on PandaCloudCleaner.exe and select Run as Administrator >> Next > >> >> Next >
Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
Please be patient as the scan may take some time to complete depending on your system's specifications.
Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
Now within the GUI click on the > tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
Save this to your desktop and post the contents in your next reply.
Then click on Back >> Exit
Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner via:
Click on Start(Windows 7 Orb) >> All Programs >> Panda Security >> Panda Cloud Cleaner >> right-click on Uninstall Panda Cloud Cleaner and select Run as Administrator >> >> follow the prompts.
Next:
When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered ?
OTL Log from the Custom Script.
Panda Cloud Cleaner Log.
Hi Thanks, the computer seems to be running well.
OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(1).exe moved successfully.
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(2).exe moved successfully.
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(3).exe moved successfully.
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(4).exe moved successfully.
C:\Users\Linda\Downloads\mysteryofsharkisland-setup.exe moved successfully.
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(1).exe moved successfully.
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(2).exe moved successfully.
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup.exe moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod\1.0.0_0 folder moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod folder moved successfully.
C:\ProgramData\Oberon Media\Initiator\3.0.0.0\cache\ecfc00c1e170c5eb589cfad3e811682243c4c619\mumbojumbo_en_toolbar_3.2.0.46.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: Linda
->Temp folder emptied: 37249 bytes
->Temporary Internet Files folder emptied: 48686 bytes
->FireFox cache emptied: 20144487 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8408981 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 27.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02022014_134601
Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Panda:
Broken Link. FILE: File not found:C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\EADM\CORE.EXE to be deleted.
Broken Link. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EA Core]. Value: EA Core To be deleted.
Broken Link. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EA Core]. Value: EA Core To be deleted.
Broken Link. FILE: File not found:C:\WINDOWS\SYSTEM32\CONIME.EXE to be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
Dakeyras
2014-02-03, 19:26
Hi. :)
the computer seems to be running well
Good...Re-run the Panda Cloud Cleaner again please and upon completion of the scan have it remove the following only:-
Broken Link. FILE: File not found:C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\EADM\CORE.EXE to be deleted.
Broken Link. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EA Core]. Value: EA Core To be deleted.
Broken Link. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EA Core]. Value: EA Core To be deleted.
Broken Link. FILE: File not found:C:\WINDOWS\SYSTEM32\CONIME.EXE to be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Conime]. Value: Conime To be deleted.
Then in turn post the new log for my review, thank you.
I ran the cleaner again, but I was a little confused on how to only remove the files you specified. I clicked clean and I am not sure what it really did. I reran the cleaner and here is the log:
Unknown. FILE: C:\3DEMBROIDERY\DESIGNERSECOMMUNI.EXE to be deleted.
Unknown. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[DesignerSECommuni.exe]. Value: DesignerSECommuni.exe To be deleted.
Unknown. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[DesignerSECommuni.exe]. Value: DesignerSECommuni.exe To be deleted.
Broken Link. FILE: File not found:HIDDENPROC to be deleted.
Unknown. FILE: C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK\HPSA_SERVICE.EXE to be deleted.
Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\HP Support Assistant Service. Key to be deleted.
Unknown. FILE: C:\PROGRAM FILES (X86)\VSMSOFTWARE\5DEMBROIDERY\EMBMACHINECOMMS.EXE to be deleted.
Unknown. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EmbMachineComms.exe]. Value: EmbMachineComms.exe To be deleted.
Unknown. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[EmbMachineComms.exe]. Value: EmbMachineComms.exe To be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Dakeyras
2014-02-04, 16:57
Hi. :)
I was a little confused on how to only remove the files you specified. I clicked clean and I am not sure what it really did.
It appears what was required to be addressed has been done so; and the remaining flagged appear to be false positive detections.
However to err on the side of caution I would like for you to complete the following scan below please...
Scan with Farbar Recovery Scan Tool:
Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to to your desktop.
Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Sounds good, thank you.
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Linda at 2014-02-04 18:27:13
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
3D Embroidery 7.25 (x32 Version: 7.25 - VSM Software Ltd.)
3D Embroidery System 7.25 Upgrade (x32 Version: 7.25 - VSM Software Ltd.)
Abyss: The Wraiths of Eden Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Alabama Smith in the Quest of Fate (x32 Version: - Alawar Entertainment Inc.)
Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Atlantis: Pearls of the Deep (x32 Version: 3.0.2.38 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Behind the Reflection (x32 Version: - Alawar Entertainment Inc.)
Bejeweled 2 Deluxe (x32 Version: - PopCap Games)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Big City Adventures Paris (x32 Version: 3.0.2.38 - WildTangent) Hidden
Big Fish Games: Game Manager (x32 Version: 2.0.0.8 - )
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (x32 Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Brink of Consciousness: Lonely Hearts Murders (x32 Version: 3.0.2.38 - WildTangent) Hidden
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cruel Games: Red Riding Hood (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink YouCam (x32 Version: 3.5.0.4528 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4528 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Arcana: The Carnival Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Dark Mysteries: The Soul Keeper Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Deadly Voltage: Rise of the Invincible (x32 Version: 3.0.2.38 - WildTangent) Hidden
Deadtime Stories (x32 Version: - Games Of The Month)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dream Day First Home (x32 Version: - Break For Games)
Entwined: Strings of Deception (x32 Version: 3.0.2.32 - WildTangent) Hidden
ERUNT 1.1j (x32 Version: - Lars Hederer)
Escape Rosecliff Island (x32 Version: - PopCap Games)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22 - Evernote Corp.)
Fairy Tale Mysteries: The Puppet Thief Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmington Tales (x32 Version: 3.0.2.32 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileHippo.com Update Checker (x32 Version: - )
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Forbidden Secrets Alien Town (x32 Version: 3.0.2.48 - WildTangent) Hidden
Girls With Secrets (x32 Version: 3.0.2.48 - WildTangent) Hidden
Golden Trails 3: The Guardian's Creed Premium Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Haunting Mysteries: The Island of Lost Souls Premium Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Mysteries Civil War (x32 Version: 1.0 - Game Mill Entertainment)
Hidden Mysteries Notre Dame (x32 Version: 1.0 - GameMill Entertainment)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hoyle Gator Elevator (x32 Version: 3.0.2.38 - WildTangent) Hidden
Hoyle Wacky Makeovers (x32 Version: 3.0.2.38 - WildTangent) Hidden
HP Application Assistant (Version: 1.1.466.3970 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Launch Box (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP MovieStore (x32 Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (x32 Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (Version: 1.0.12 - Hewlett-Packard)
HP Setup (x32 Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6365.0 - IDT)
Inception of Darkness: Exorcist 3 (x32 Version: 3.0.2.38 - WildTangent) Hidden
Inspira 5D Embroidery System (x32 Version: 1.04.1000 - VSM Software Ltd.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Jewel Legends: Magical Kingdom (x32 Version: 3.0.2.59 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (x32 Version: 7.7.6.0 - Eastman Kodak Company)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Living Legends: Ice Rose Collector's Edition (x32 Version: 3.0.2.51 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Marooned (remove only) (x32 Version: - )
Marooned II - Secrets of the Akoni (remove only) (x32 Version: - )
Match Quest 1.0.0.1 (x32 Version: 1.0.0.1 - On Hand Software, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Midnight Mysteries - Devil on the Mississippi (x32 Version: 1.1.0.0 - MumboJumbo)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Murder She Wrote 2 (x32 Version: 3.0.2.48 - WildTangent) Hidden
Mysteriez: Hidden Numbers (x32 Version: 3.0.2.38 - WildTangent) Hidden
Mystery Cruise (x32 Version: - Alawar Entertainment Inc.)
Nightfall Mysteries - The Curse of the Opera (HKCU Version: 1.0.0.0 - eGames)
Norton Internet Security (x32 Version: 19.9.1.14 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Old Clockmaker's Riddle (x32 Version: - Oberon Media)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (x32 Version: 8.4.1.210 - Electronic Arts, Inc.)
Panda Cloud Cleaner (x32 Version: 1.0.87 - Panda Security)
Peggle Deluxe (x32 Version: - PopCap Games)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (x32 Version: 1.0.0.9282 - RocketLife Inc.)
PuppetShow: Mystery of Joyville ™ (x32 Version: - )
PuppetShow: Souls of the Innocent (x32 Version: - )
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Reel Deal Slots Adventure (x32 Version: 1.00.0000 - Phantom EFX)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (Version: 15.3.29.0 - Synaptics Incorporated)
The Beast of Lycan Isle Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Curse of the Werewolves (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Lake House: Children of Silence (x32 Version: 3.0.2.48 - WildTangent) Hidden
The Sims™ 3 (x32 Version: 1.48.5 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (x32 Version: 3.13.1 - Electronic Arts)
The Sims™ 3 World Adventures (x32 Version: 2.17.2 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Registry Backup (x32 Version: 1.6.8 - Tweaking.com)
Twisted Lands: Shadow Town (x32 Version: - Alawar Entertainment Inc.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Weird Park: Scary Tales (x32 Version: 3.0.2.38 - WildTangent) Hidden
WildTangent Games (x32 Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: - PopCap Games)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
16-01-2014 00:06:54 Windows Update
18-01-2014 00:09:44 Windows Update
18-01-2014 00:14:59 Restore Operation
18-01-2014 01:13:36 Windows Update
21-01-2014 01:01:15 Windows Update
22-01-2014 01:18:36 Restore Operation
22-01-2014 01:52:38 Windows Update
22-01-2014 08:00:11 Windows Update
26-01-2014 03:39:50 Windows Update
26-01-2014 03:42:18 Windows Update
26-01-2014 03:52:58 Installed HP Support Assistant
30-01-2014 06:03:32 Windows Update
01-02-2014 16:14:46 Installed Microsoft Fix it 50906
01-02-2014 16:19:31 OTL Restore Point - 2/1/2014 11:19:27 AM
02-02-2014 18:46:16 OTL Restore Point - 2/2/2014 1:46:12 PM
02-02-2014 18:59:13 Installed Adobe Reader XI.
==================== Hosts content: ==========================
2009-07-13 21:34 - 2014-02-01 11:20 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0FD7474F-48C2-4BB3-9DE5-6F8FD100817F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {2AB3CCB4-5E77-4C21-BA0D-359B1C12BC38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {3226D959-04BE-4156-B459-4EEDF2056631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {521995DD-5C34-4C23-999A-2890BCD92BD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {644FA07F-3F23-48AF-843F-119E009C89AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {65FE16CB-7199-4BC4-95D5-507870F99638} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {69F8BDD2-D721-4F3D-A470-C57DEDFBC7E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {8295AD82-C1FA-4A89-B2AA-314E6034F872} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {9F5534E6-5848-4997-AC31-CB6A13613C84} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {C46EFD36-171E-4C7F-ADFA-67D354DB1AA4} - System32\Tasks\HPCeeScheduleForLinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D754F2A5-C544-4793-ADD1-7D2B110E2192} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E55D03BA-DC70-45A9-B457-C481E59AA43D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-08-26 14:53 - 2011-08-26 14:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2004-08-16 10:29 - 2004-08-16 10:29 - 00356352 _____ () C:\3DEmbroidery\VSM_VMR.dll
2010-03-08 17:11 - 2010-03-08 17:11 - 00611328 _____ () C:\ProgramData\VSMSoftware\5DEmbroidery\Themes\Office2007.cjstyles
2013-08-15 20:19 - 2013-08-15 20:19 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2012-08-15 00:47 - 2011-04-30 02:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-21 22:41 - 2014-01-26 11:55 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 18:18 - 2013-12-11 18:18 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2014 08:02:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 10:28:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:18:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:55:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:48:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:01:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:36:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:23:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:16:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 08:08:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/03/2014 08:03:46 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/03/2014 08:03:21 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/03/2014 08:02:38 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/03/2014 08:02:23 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\SemLPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/03/2014 07:43:49 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/02/2014 10:28:20 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\SemLPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/02/2014 03:18:27 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\SemLPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/02/2014 02:03:28 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/02/2014 01:55:04 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\SemLPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/02/2014 01:47:44 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\SemLPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Microsoft Office Sessions:
=========================
Error: (02/03/2014 08:02:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 10:28:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 03:18:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:55:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:48:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 01:01:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:36:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:23:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 11:16:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 08:08:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 4043.86 MB
Available physical RAM: 2041.18 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6041.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:274.3 GB) (Free:184.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.63 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 513CD4AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=274 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End Of Log ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Linda (administrator) on LINDA-HP on 04-02-2014 18:25:54
Running from C:\Users\Linda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VSM Software Ltd.) C:\3DEmbroidery\DesignerSECommuni.exe
(KSIN Luxembourg II Sarl.) C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Google\Update\Install\{509B2AEE-4388-42B8-839D-CA2EA3B024DB}\32.0.1700.107_32.0.1700.102_chrome_updater.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\HPAsset.exe
(Google Inc.) C:\Windows\Temp\CR_2591C.tmp\setup.exe
(HP) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\hpdobject.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-294371208-3097446141-2468538785-1001\...\Run: [DesignerSECommuni.exe] - C:\3DEmbroidery\DesignerSECommuni.exe [69632 2005-07-08] (VSM Software Ltd.)
HKU\S-1-5-21-294371208-3097446141-2468538785-1001\...\Run: [EmbMachineComms.exe] - C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe [91136 2012-01-04] (KSIN Luxembourg II Sarl.)
HKU\S-1-5-21-294371208-3097446141-2468538785-1001\...\MountPoints2: {3f648627-e71a-11e1-b5ca-806e6f6e6963} - F:\setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mumbojumbo.iplay.com/?o=shp
SearchScopes: HKLM - {A7099074-89F7-47F1-82F4-968233C52034} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10795
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {C830BB4D-7DB4-4E46-844C-21D8DB943DC0} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\searchplugins\egames.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober701545934.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ []
Chrome:
=======
CHR DefaultSearchKeyword: findwide
CHR DefaultSearchProvider: FindWide
CHR DefaultSearchURL: http://search.findwide.com/serp?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&action=default_search&serpv=22&k={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Norton Identity Protection) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-16]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-05]
==================== Services (Whitelisted) =================
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-01] (WildTangent)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-03-15] (SafeNet Inc.)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303368 2013-03-15] (SafeNet Inc.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-28] (Symantec Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-15] (SafeNet Inc.)
R2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSvia64.sys [513184 2012-12-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\EX64.SYS [2087664 2013-01-18] (Symantec Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S2 SemLPT; C:\Windows\SysWow64\Drivers\SemLPT.sys [41984 1997-11-26] (Husqvarna Sewing Machines AB)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-29] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aksdf.sys DB262BADD56D97652D5E726B7C2ED9DF
C:\Windows\System32\DRIVERS\aksfridge.sys 2C3ACA835E99CAD1FF36E33D66AFBAA7
C:\Windows\System32\DRIVERS\akshasp.sys 35E43EE8FE28CFD581E8CE42847DFE2B
C:\Windows\System32\DRIVERS\akshhl.sys 053B204554F104CB5DC3D94B61BDA458
C:\Windows\System32\DRIVERS\aksusb.sys A25C21F6C040832B016F592B50F0259F
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys 866335C9C0E6733C753FB472C539A6B9
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys 2C6FFCCA37B002AAB3C7C31A6D780A76
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 53BD875C7C0808235BFB803C1A8BE009
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys C5BCCB378D0A896304A3E71BE7215983
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hardlock.sys A10972DB3BAAA1BE69AE8B27A31D5850
C:\Windows\SysWOW64\drivers\hardlock.sys ED32D389F8B0E74E400932E020BCFBDF
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSvia64.sys A48928D4CCA6F8B731989DB08CF2C0AB
C:\Windows\System32\DRIVERS\igdkmd64.sys 0089B53F1BEFD34B7D8CA4AB021335FA
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys AE594CC17C33AC146739494615E14851
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\ENG64.SYS 88A2F45CE66B904285978D6BB13AFEB2
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\EX64.SYS D2A545DA3A90BBFA40E020C23F1B7A48
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 31609B481CC202BFB441E37FEBCDEA05
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS 891793E00432FA055CF040605C260E49
C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS 1CB7BB3B0561FB5ECFE37F7731E8BF3E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EBC1A5E076A9BE314D3D9E8ED19ABB0A
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS 8B2430762099598DA40686F754632EFD
C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS 5CB7F2FD7E30A0F52F93574BFC3A8041
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 898BB48C797483420DF523B2BBC1ECDB
C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS 5013A76CAAA1D7CF1C55214B490B4E35
C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS 3911BD0E68C010E5438A87706ABBE9AB
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 18:25 - 2014-02-04 18:26 - 00035095 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-02-04 18:25 - 2014-02-04 18:25 - 00000000 ____D () C:\FRST
2014-02-04 18:24 - 2014-02-04 18:24 - 02080256 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-02-04 18:24 - 2014-02-04 18:24 - 02080256 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-02-03 20:02 - 2014-02-03 20:03 - 00001525 _____ () C:\Windows\SysWOW64\PCloudCleanerService.log
2014-02-03 20:01 - 2013-04-08 15:30 - 00022752 _____ () C:\Windows\system32\PCloudBroom64.exe
2014-02-02 14:03 - 2014-02-02 14:03 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-02 14:03 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-02-02 14:02 - 2014-02-02 14:02 - 27969272 _____ (Panda Security ) C:\Users\Linda\Downloads\PandaCloudCleaner.exe
2014-02-02 14:01 - 2014-02-02 14:01 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-02 14:01 - 2014-02-02 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-02 13:56 - 2014-02-02 13:57 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\Linda\Downloads\AdbeRdr11006_en_US.exe
2014-02-02 13:51 - 2014-02-02 13:51 - 00001999 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-02-02 13:51 - 2014-02-02 13:51 - 00001969 _____ () C:\Users\Linda\Desktop\Update Checker.lnk
2014-02-02 13:51 - 2014-02-02 13:51 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-02-02 13:49 - 2014-02-02 13:49 - 00264757 _____ () C:\Users\Linda\Downloads\FHSetup.exe
2014-02-01 11:26 - 2014-02-01 11:26 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 11:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-01 11:24 - 2014-02-01 11:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Desktop\rizf9y5094.exe
2014-02-01 11:14 - 2014-02-01 11:14 - 00984576 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50906(1).msi
2014-01-25 23:10 - 2014-01-25 23:10 - 00008096 _____ () C:\Users\Linda\Desktop\Attach2.txt
2014-01-25 23:04 - 2014-01-25 23:04 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).scr
2014-01-25 22:54 - 2014-01-25 22:54 - 00002217 _____ () C:\Users\Linda\Desktop\HP Support Assistant.lnk
2014-01-25 22:52 - 2014-01-25 22:52 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-21 20:52 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 20:52 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 20:52 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 20:52 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 13:34 - 2014-01-11 14:04 - 00000000 ____D () C:\Users\Linda\Desktop\New folder
2014-01-11 12:33 - 2014-01-11 12:33 - 00050356 _____ () C:\Users\Linda\Desktop\sDt.vp3
2014-01-10 20:25 - 2014-01-10 20:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-09 19:31 - 2014-01-09 19:31 - 00006732 _____ () C:\Users\Linda\Desktop\01092014_191402.log
2014-01-09 19:22 - 2014-02-01 11:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 19:22 - 2014-01-09 19:22 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-09 19:22 - 2014-01-09 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-09 19:14 - 2014-01-09 19:14 - 00000000 ____D () C:\_OTL
2014-01-09 19:11 - 2014-01-09 19:11 - 00984576 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50906.msi
2014-01-09 07:12 - 2014-01-09 07:12 - 00144968 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-01-09 06:29 - 2014-01-09 06:29 - 00144968 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-01-09 06:29 - 2014-01-09 06:29 - 00068396 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-01-09 06:16 - 2014-01-09 06:16 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Desktop\OTL.exe
2014-01-09 06:15 - 2014-01-09 06:15 - 00001489 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-01-09 06:06 - 2014-01-21 20:34 - 00000000 ____D () C:\Windows\ERUNT
2014-01-09 06:06 - 2014-01-09 06:06 - 01037068 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-01-08 20:17 - 2014-01-21 20:32 - 00000000 ____D () C:\AdwCleaner
2014-01-08 20:17 - 2014-01-08 20:17 - 01233962 _____ () C:\Users\Linda\Downloads\AdwCleaner.exe
2014-01-08 20:07 - 2014-01-08 20:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LINDA-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-08 20:06 - 2014-01-21 20:26 - 00000000 ____D () C:\RegBackup
2014-01-08 20:06 - 2014-01-21 20:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-01-08 20:06 - 2014-01-08 20:06 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-08 20:05 - 2014-01-08 20:05 - 03927696 _____ () C:\Users\Linda\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-08 20:03 - 2014-01-08 20:03 - 00001122 _____ () C:\Users\Linda\Desktop\Continue Zip Opener Installation.lnk
2014-01-07 21:14 - 2014-01-07 21:14 - 00001906 _____ () C:\Users\Linda\Desktop\aswMBR.txt
2014-01-07 21:14 - 2014-01-07 21:14 - 00000512 _____ () C:\Users\Linda\Desktop\MBR.dat
2014-01-07 21:02 - 2014-01-25 23:06 - 00008096 _____ () C:\Users\Linda\Desktop\attach.txt
2014-01-07 21:02 - 2014-01-25 23:05 - 00020333 _____ () C:\Users\Linda\Desktop\dds.txt
2014-01-07 21:02 - 2014-01-07 21:02 - 04745728 _____ (AVAST Software) C:\Users\Linda\Downloads\aswMBR.exe
2014-01-07 21:00 - 2014-01-07 21:00 - 00688992 ____R (Swearware) C:\Users\Linda\Desktop\dds.scr
2014-01-07 20:57 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ERDNT
2014-01-07 20:56 - 2014-01-21 20:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-01-07 20:56 - 2014-01-07 20:56 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup(1).exe
2014-01-07 20:56 - 2014-01-07 20:56 - 00000905 _____ () C:\Users\Linda\Desktop\ERUNT.lnk
2014-01-07 20:55 - 2014-01-07 20:55 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe
==================== One Month Modified Files and Folders =======
2014-02-04 18:27 - 2013-12-31 16:56 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLinda
2014-02-04 18:27 - 2013-12-31 16:56 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLinda.job
2014-02-04 18:26 - 2014-02-04 18:25 - 00035095 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-02-04 18:25 - 2014-02-04 18:25 - 00000000 ____D () C:\FRST
2014-02-04 18:25 - 2013-02-05 14:36 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-04 18:25 - 2012-12-25 19:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-04 18:24 - 2014-02-04 18:24 - 02080256 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-02-04 18:24 - 2014-02-04 18:24 - 02080256 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-02-04 18:23 - 2013-01-16 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 18:23 - 2013-01-16 14:51 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 18:23 - 2013-01-16 14:51 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 18:23 - 2012-08-15 00:49 - 01849584 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 20:11 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:11 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:03 - 2014-02-03 20:02 - 00001525 _____ () C:\Windows\SysWOW64\PCloudCleanerService.log
2014-02-03 20:02 - 2012-12-29 17:02 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-03 20:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 20:02 - 2009-07-13 23:51 - 00049038 _____ () C:\Windows\setupact.log
2014-02-03 19:43 - 2012-12-24 16:49 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A1AB3CF-C556-4CFE-9667-70CDCC87CA8F}
2014-02-02 15:17 - 2010-11-20 22:47 - 00170736 _____ () C:\Windows\PFRO.log
2014-02-02 14:03 - 2014-02-02 14:03 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-02 14:02 - 2014-02-02 14:02 - 27969272 _____ (Panda Security ) C:\Users\Linda\Downloads\PandaCloudCleaner.exe
2014-02-02 14:01 - 2014-02-02 14:01 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-02 14:01 - 2014-02-02 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-02 14:01 - 2012-08-14 23:42 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-02 13:57 - 2014-02-02 13:56 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\Linda\Downloads\AdbeRdr11006_en_US.exe
2014-02-02 13:51 - 2014-02-02 13:51 - 00001999 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-02-02 13:51 - 2014-02-02 13:51 - 00001969 _____ () C:\Users\Linda\Desktop\Update Checker.lnk
2014-02-02 13:51 - 2014-02-02 13:51 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-02-02 13:49 - 2014-02-02 13:49 - 00264757 _____ () C:\Users\Linda\Downloads\FHSetup.exe
2014-02-01 11:26 - 2014-02-01 11:26 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 11:26 - 2014-01-09 19:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 11:24 - 2014-02-01 11:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Desktop\rizf9y5094.exe
2014-02-01 11:14 - 2014-02-01 11:14 - 00984576 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50906(1).msi
2014-01-27 19:12 - 2012-12-24 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-26 11:56 - 2013-12-21 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-25 23:10 - 2014-01-25 23:10 - 00008096 _____ () C:\Users\Linda\Desktop\Attach2.txt
2014-01-25 23:06 - 2014-01-07 21:02 - 00008096 _____ () C:\Users\Linda\Desktop\attach.txt
2014-01-25 23:05 - 2014-01-07 21:02 - 00020333 _____ () C:\Users\Linda\Desktop\dds.txt
2014-01-25 23:04 - 2014-01-25 23:04 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).scr
2014-01-25 22:54 - 2014-01-25 22:54 - 00002217 _____ () C:\Users\Linda\Desktop\HP Support Assistant.lnk
2014-01-25 22:54 - 2012-08-14 23:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 22:53 - 2012-08-14 23:19 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-25 22:52 - 2014-01-25 22:52 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-25 22:51 - 2012-08-14 23:37 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-25 22:50 - 2011-02-10 14:23 - 00000000 ____D () C:\SWSetup
2014-01-25 22:46 - 2013-06-05 10:16 - 00772470 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-25 22:46 - 2009-07-14 00:13 - 00797442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-22 03:20 - 2009-07-13 23:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-22 03:03 - 2013-08-15 13:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-22 03:00 - 2012-12-24 17:12 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-21 20:36 - 2012-12-24 16:46 - 00000000 ____D () C:\Users\Linda
2014-01-21 20:34 - 2014-01-09 06:06 - 00000000 ____D () C:\Windows\ERUNT
2014-01-21 20:34 - 2012-12-25 22:39 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\WildTangent
2014-01-21 20:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-21 20:33 - 2012-12-25 22:54 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-01-21 20:33 - 2012-12-24 16:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\Hewlett-Packard
2014-01-21 20:33 - 2012-08-15 00:55 - 00000000 ____D () C:\ProgramData\Norton
2014-01-21 20:33 - 2012-08-14 23:27 - 00000000 ____D () C:\ProgramData\WildTangent
2014-01-21 20:33 - 2012-08-14 23:27 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-01-21 20:32 - 2014-01-08 20:17 - 00000000 ____D () C:\AdwCleaner
2014-01-21 20:32 - 2014-01-07 20:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-01-21 20:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-01-21 20:30 - 2014-01-07 20:57 - 00000000 ____D () C:\Windows\ERDNT
2014-01-21 20:29 - 2014-01-01 19:43 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\4 Friends Games
2014-01-21 20:26 - 2014-01-08 20:06 - 00000000 ____D () C:\RegBackup
2014-01-21 20:23 - 2014-01-08 20:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-01-21 20:21 - 2013-12-20 19:00 - 00000000 ____D () C:\Program Files (x86)\eGames
2014-01-21 19:55 - 2012-12-25 22:39 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2014-01-17 19:21 - 2012-08-15 01:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-11 14:04 - 2014-01-11 13:34 - 00000000 ____D () C:\Users\Linda\Desktop\New folder
2014-01-11 12:33 - 2014-01-11 12:33 - 00050356 _____ () C:\Users\Linda\Desktop\sDt.vp3
2014-01-10 20:25 - 2014-01-10 20:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-09 19:31 - 2014-01-09 19:31 - 00006732 _____ () C:\Users\Linda\Desktop\01092014_191402.log
2014-01-09 19:22 - 2014-01-09 19:22 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-09 19:22 - 2014-01-09 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-09 19:14 - 2014-01-09 19:14 - 00000000 ____D () C:\_OTL
2014-01-09 19:11 - 2014-01-09 19:11 - 00984576 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50906.msi
2014-01-09 07:12 - 2014-01-09 07:12 - 00144968 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-01-09 06:29 - 2014-01-09 06:29 - 00144968 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-01-09 06:29 - 2014-01-09 06:29 - 00068396 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-01-09 06:16 - 2014-01-09 06:16 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Desktop\OTL.exe
2014-01-09 06:15 - 2014-01-09 06:15 - 00001489 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-01-09 06:06 - 2014-01-09 06:06 - 01037068 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-01-08 20:20 - 2009-07-14 00:08 - 00024926 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-08 20:17 - 2014-01-08 20:17 - 01233962 _____ () C:\Users\Linda\Downloads\AdwCleaner.exe
2014-01-08 20:07 - 2014-01-08 20:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LINDA-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-08 20:06 - 2014-01-08 20:06 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-08 20:05 - 2014-01-08 20:05 - 03927696 _____ () C:\Users\Linda\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-08 20:03 - 2014-01-08 20:03 - 00001122 _____ () C:\Users\Linda\Desktop\Continue Zip Opener Installation.lnk
2014-01-07 21:14 - 2014-01-07 21:14 - 00001906 _____ () C:\Users\Linda\Desktop\aswMBR.txt
2014-01-07 21:14 - 2014-01-07 21:14 - 00000512 _____ () C:\Users\Linda\Desktop\MBR.dat
2014-01-07 21:02 - 2014-01-07 21:02 - 04745728 _____ (AVAST Software) C:\Users\Linda\Downloads\aswMBR.exe
2014-01-07 21:00 - 2014-01-07 21:00 - 00688992 ____R (Swearware) C:\Users\Linda\Desktop\dds.scr
2014-01-07 20:56 - 2014-01-07 20:56 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup(1).exe
2014-01-07 20:56 - 2014-01-07 20:56 - 00000905 _____ () C:\Users\Linda\Desktop\ERUNT.lnk
2014-01-07 20:55 - 2014-01-07 20:55 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-02 15:02
==================== End Of Log ============================
Dakeyras
2014-02-05, 18:37
Hi. :)
Sounds good, thank you.
You're welcome!
Ensure Norton Internet Security is enabled again after completing the below as at present it appears to be disabled. Also it would be prudent to disable Windows Defender as it will actually cause a security conflict with Norton Internet Security.
How to do so can be read here (http://www.malwarebytes.org/forums/index.php?showtopic=8279)(even though it states for Vista, the principle is the same for Windows 7).
Now we just have a few ophaned entries to take care of and some settings relating to Google Chrome as follows...
Set your homepage with Google Chrome (https://support.google.com/chrome/answer/95314?hl=en) <-- Follow the instructions on the web-page to do so etc.
Cusrtom FRST Script:
Please download the attached fixlist.txt(see below) and save to the desktop.
Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
A log will now open named Fixlog and it will also be on the desktop >> close FRST.
Reboot your machine(ensure you do this) and post the contents of the aforementioned Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
OK, I was thinking of actually removing Norton on this computer and installing ESET as I have it already on another computer and seem to like it. Please let me know if you have a different recommendation.
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2014
Ran by Linda at 2014-02-05 19:51:10 Run:1
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {C830BB4D-7DB4-4E46-844C-21D8DB943DC0} - No File
End
*****************
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C830BB4D-7DB4-4E46-844C-21D8DB943DC0} => Value deleted successfully.
HKCR\CLSID\{C830BB4D-7DB4-4E46-844C-21D8DB943DC0} => Key not found.
==== End of Fixlog ====
Dakeyras
2014-02-06, 15:15
Hi. :)
I was thinking of actually removing Norton on this computer and installing ESET as I have it already on another computer and seem to like it.
Fair play, the security software from Eset is very good indeed...
Now in ther event you do decide to change the seucirty software it would be prudent to download and run the Norton Removal Tool (ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe). Rather than actually use the inbuilt uninstaller as that at times does not fully remove all components etc.
Please let me know if you have a different recommendation.
I normally recommend either of the below freeware alternatives:-
Avast! Free Antivirus (http://www.filehippo.com/download_avast_antivirus/).
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/).
Both are reputable and will provide more than adequate protection used in-conjunctive with what is known as layered security and safe online practices.
Next:
Congratulations your computer appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Uninstall AdwCleaner:
Right-click on recommend.exe and select Run as Administrator to start the program
Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Clean up with recommend:
Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.
Any left over merely delete yourself and empty the Recycle Bin.
Reset the System Restore points:
Create a new, clean System Restore point:-
Right click on Computer and select Properties >> System protection >> Create....
Give this restore point a descriptive name and click Create.
When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!
Flush Old System Restore points:-
Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
Select the system drive, C >> OK.
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Click on Clean up system files >> Select the system drive, C >> OK.
Now click on the More Options tab.
Under:-
System Restore and Shadow Copies
Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.
Other installed security software:
Which ever Anti-Virus software you opt for, should automatically check for updates and download/install such with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also at least once per week.
Registry Backup:
Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).
Further reading/resources:
This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/en-gb/security/default.aspx)
As is this: Computer Security - a short guide to staying safer online (http://malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
And these are worth reading also: Understanding Windows Firewall settings (http://windows.microsoft.com/en-gb/windows7/understanding-windows-firewall-settings) & Securing Your Router (http://www.staysafeonline.org/stay-safe-online/keep-a-clean-machine/securing-your-home-network)
Keep Your System Updated:
Microsoft releases patches for Windows and other products regularly:
Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates (http://windows.microsoft.com/en-US/windows/help/windows-update) is enabled.
Be careful when opening attachments and downloading files:
1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2 - Never open emails from unknown senders.
4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo (http://filehippo.com/) or MajorGeeks (http://www.majorgeeks.com/)
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications
My friendly advice is to avoid these types of software applications.
Consider the below extra/layered security for your machine:
Custom Host File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above!
CryptoPrevent Tool:
How to prevent your computer from becoming infected by CryptoLocker (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent)
WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here (http://www.winpatrol.com/download.html).
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).
Next:
Any questions? Feel free to ask, if not stay safe!
Great! Thank you so much! :)
Dakeyras
2014-02-08, 19:39
Great! Thank you so much! :)
You're most welcome! :)
Dakeyras
2014-02-10, 10:53
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)