Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Malware issues serve.bannersdontwork conduit search etc?


  • Please log in to reply
22 replies to this topic

#1 lemoncakeuk72

lemoncakeuk72

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 29 October 2013 - 07:38 AM

Can you please have a look think I may have a few interlopers!

 

My Laptop is running very slow, taking ages to load pages if at all. I have pop ups appear when I change tab etc

 

Also gets incredibly hot and is working overtime ALL the time.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Lynn at 12:26:44 on 2013-10-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5610.3606 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=0fcee352-996b-412f-8e10-e98b1cbfaa6d&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=0fcee352-996b-412f-8e10-e98b1cbfaa6d&searchtype=ds&q={searchTerms}
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Bee Coupons BHO: {FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Bee Coupons-repairJob] wscript.exe "C:\Users\Lynn\AppData\Local\Bee Coupons\repair.js"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0F5FDC9A-AA5C-4517-AF07-398C4E9E8CB3} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{38B44764-624C-4A5E-B475-01F03E7578D7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{93727F3E-9F8B-472A-A481-CF68E439CBC7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{93727F3E-9F8B-472A-A481-CF68E439CBC7}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{93727F3E-9F8B-472A-A481-CF68E439CBC7}\244584572633D234830573 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{93727F3E-9F8B-472A-A481-CF68E439CBC7}\244584F6D65684572623D2B4A464A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{93727F3E-9F8B-472A-A481-CF68E439CBC7}\7786964756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CD7052CA-D2E0-4148-96C0-2A34F7737031} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FA75FA72-7C8E-453F-BD7A-C01E3D77F5A5} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=     
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Bee Coupons BHO: {FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Bee Coupons: {814C44E6-B2BA-4413-AEB3-F958AD419DB4} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-11 01:58; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF - ExtSQL: 2013-10-11 14:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-10-11 18:28; addon@bazaarfriend.com; C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\addon@bazaarfriend.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 6ec7ee11000000000000642737bf311a
FF - user.js: extensions.BabylonToolbar_i.hardId - 6ec7ee11000000000000642737bf311a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15517
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:21:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.id - 6ec7ee110000000000006427377b3655
FF - user.js: extensions.claro.instlDay - 15619
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:17:17
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 6ec7ee11000000000000582c80139263
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:47:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=160713_91114&tsp=4945
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-7-19 317808]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\drivers\SMR410.SYS [2013-10-29 96856]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-10-28 168096]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-27 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-10-17 284176]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-10-17 399312]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-22 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-27 2413056]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-10-28 143928]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-7-11 232288]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-8-12 144368]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-25 1907896]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-17 1444120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-1-31 48128]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-27 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [2013-10-22 1524824]
R3 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccSetx64.sys [2013-8-12 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-28 140376]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131025.002\IDSviA64.sys [2013-10-28 521816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-1-27 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-27 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\SymDS64.sys [2013-8-12 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys [2013-8-12 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\Ironx64.sys [2013-8-12 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-8-12 433752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-1-27 133672]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-1-27 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-1-27 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-27 39976]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-18 17920]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-5-19 11776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-3 1255736]
.
=============== Created Last 30 ================
.
2013-10-29 04:58:35 -------- d-----w- C:\ProgramData\Oracle
2013-10-29 04:53:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 04:35:52 96856 ----a-w- C:\Windows\System32\drivers\SMR410.SYS
2013-10-29 04:33:56 -------- d-----w- C:\Users\Lynn\AppData\Local\NPE
2013-10-28 12:36:32 168096 ----a-r- C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys
2013-10-28 12:36:12 -------- d-----w- C:\Windows\System32\drivers\MCLIENTx64\0302020.00C
2013-10-28 02:01:02 -------- d-----w- C:\Windows\System32\drivers\MCLIENTx64
2013-10-28 02:01:02 -------- d-----w- C:\Program Files (x86)\Norton Management
2013-10-28 01:21:15 -------- d-----w- C:\Users\Lynn\AppData\Local\BenchUpdater
2013-10-28 01:21:15 -------- d-----w- C:\Program Files (x86)\Bee Coupons
2013-10-28 01:21:11 -------- d-----w- C:\Program Files (x86)\Bench
2013-10-28 01:21:10 -------- d-----w- C:\Users\Lynn\AppData\Local\Bee Coupons
2013-10-28 01:12:42 -------- d-----w- C:\Program Files (x86)\Conduit
2013-10-28 01:03:41 -------- d-----w- C:\Users\Lynn\AppData\Local\VisualBeeExe
2013-10-28 01:03:13 -------- d-----w- C:\ProgramData\VisualBee
2013-10-28 01:03:08 -------- d-----w- C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:00:30 -------- d-----w- C:\Users\Lynn\AppData\Local\Bundled software uninstaller
2013-10-10 20:22:51 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 20:21:51 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21:50 984512 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 20:21:50 265152 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-10-10 20:21:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21:48 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-08 21:06:41 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-10-17 15:05:00 317808 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-10-08 21:06:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 21:06:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-12 12:51:29 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:28:20.15 ===============
 


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 30 October 2013 - 05:20 PM

Hi lemoncake

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.


Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
JRT.txt
AdwCleaner report
and both reports from FRST


Thanks.

unite1.png


#3 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 30 October 2013 - 06:34 PM

Thank you here is the JRT scan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Lynn on 30/10/2013 at 23:09:03.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1073022473-4053925900-3669206230-1002\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2801948
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3225826
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_artrage_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_artrage_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_artrage_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_artrage_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3DAD20A2-FF80-440B-BF0C-058263ADF7F7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3DAD20A2-FF80-440B-BF0C-058263ADF7F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Lynn\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\supreme savings"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free ride games"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\onlinevault"
Successfully deleted: [Folder] "C:\Program Files (x86)\shopping sidekick"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Users\Lynn\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Lynn\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0008D4BF-95C6-41D3-9D11-3C1A2096026B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{01AA3162-8A2A-436B-82E2-9DF6855B4D1B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{02CDEF39-0277-459D-9607-96A24CA071AF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{02DEF8CE-1B2B-4B50-A01E-5D98624516BB}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{034DAB1E-1EB1-4D69-8FC7-228E0F7BF2AA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{059955A0-03C5-4DBD-8917-19B40D6A23C0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{08527E8E-D6C6-4215-A308-5C1C710F9397}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{08C4C633-E107-495B-8EEA-E0C6E6CD52D9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0B0F3B0A-42C8-49BB-BE4C-941AED3D4D9C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0B191AA5-9687-4815-A163-43C81A6EB919}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0BA73673-F164-4998-A2FD-F19441BED756}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0BF55E7D-531F-44CD-9C7E-06E66474A146}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0C1BB7B4-2382-486F-BCC8-50D1E540FEE4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0C90DCFD-A3F9-4B31-9392-7B47AAE37FF2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0C991570-326A-41AC-A3C5-3410F0AD2295}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0CF0EF14-4FDF-4EBF-BC3D-DB322D3087FB}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0D2E39E0-7284-4E5F-A8AE-CCE765549124}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0DAEFC8E-9FA4-4586-A9F8-58FC9DE4D48F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0DBB9924-BDD4-44BD-85FE-12FFEC89D644}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0E052259-E701-4504-9895-8B8BCCDEC024}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0EB213B3-E563-49F8-A4D5-B872F3CDA3CE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{0EB4A21B-24A5-4DB9-86A1-4067FACBE351}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1046FBB9-5B1A-4332-927A-72A44C644873}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{10AEB7B7-FFD7-4343-A334-8B7377AC700A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{10C650F4-9B6E-41EA-84C4-48F5E300EB5E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{11459AF0-40DE-4155-95B9-DEB28DE0587F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{126E2400-076A-4785-A23F-0B06607CF7DE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{13FE2DBE-E792-408C-B3A4-CBDC457BA180}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{146910FF-D168-4B47-B6A3-603731E80EC5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{16AC67BF-47B8-4809-B497-90A7573F275C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{19D546FC-9F12-43AF-817A-EF98308A5C22}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1A1DC83D-9775-4A60-AAB6-DF6CBEF64784}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1A2A0C78-1AC5-489C-B47B-D0AEC7C25C3A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1A7617CA-2130-41F3-BBAC-C94C0A3482F0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1A7DD174-02E2-44A5-81CB-DBEE7C50B8D8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1C382254-039D-40F1-889A-448875812B2A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1CF81F23-AC6C-40B9-B90F-0CFFF5FE88C0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1CF89645-E653-47D2-8D6E-04FF3880C3A0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1D23787E-EAF7-476B-AA26-8708E78393FA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1DA49FC3-B3D9-43BE-8A2E-040EBF01B4CF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1E027562-905E-4883-AFDB-BFAF44C9363F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1E2B002F-880A-41E1-A7A8-57A41319ABEA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1EBE3299-FA6E-4333-8DAB-56BDAAA48434}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1ED6B253-BA6B-4724-99A6-E8053E6F1051}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1ED9275F-67ED-45AD-A42F-BE75A2710CDF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{1F72BBA1-76ED-4D4E-A46D-8B3D5F732B55}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2030ED5E-9772-4ADB-8845-FA0B93FA6978}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{22841FF5-9AC6-4AB3-98E6-FA9FF1074BBA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{233C2953-BAEF-4864-BDE8-3D74FDDE3531}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{235DE85B-5BD6-45A9-85BE-D2F0F9B800C5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{23DFA7BD-F033-48A8-B61F-FFCF0D2F8D5A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{24414937-17C3-470C-AD40-DB9342223480}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{250EB0B6-EC3F-4D92-B08B-B6D08A25DDD7}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{254E6CEA-7F50-4708-A7B8-5C0247CF47B4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{25BE720C-C46C-4603-BF36-7AC9F880828B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{26F51EA5-53F8-4AF5-9CB9-8ECD62B4FA20}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{271F2188-A504-4776-AB13-DEEAC25AC8B4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{289A3EC6-78D0-4117-9A74-6B3DCB040F0A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{289C7A2B-F492-44FB-B178-ACFA0B4570C2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{28AF0653-E33B-4BEE-8EF0-D0E9AD39D6DB}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{28E8425E-66F2-44A5-8DC6-BCDE789C780E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2947A573-77F4-4785-8A40-F45315B53617}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{29B10178-834D-4146-A553-B2ABCCEE1435}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2B65A40F-029F-486D-A63E-F7C9163133C4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2B776F25-C57D-4211-BAAB-306459D9E9A3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2BD18E7B-5984-4ADC-8ED2-6F17BE0A7CE3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2BF7492A-BCF7-4211-92A3-AEDDDCAD2B6C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2C652226-79E6-4354-9B89-D28C2D9BD3DF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2F78385A-4371-4589-B264-B46788FDE40A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{2F9CD41C-1FCE-47D8-B593-5B48BB2C1768}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3141201C-5C63-4442-B041-41270101D2BC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{32C98100-A098-4E1B-B673-FB3EEFC34170}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{32F3044E-68CC-4902-8FBF-B017818D920C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{33166055-42FB-41F4-A05D-F1D67061C11D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{33955869-2782-4960-A685-68E8F3F18776}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{33CCC8B3-0CBF-4888-A890-63D07C7F5C2E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{33D84A77-F7E9-4F05-A4AB-7E243544C58C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{34795BAE-5528-4C7E-B45E-1968C238264F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{353EE243-FDFF-465B-B986-267736551696}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{35BF0E08-3C13-4B73-9C02-51F67D9F85C1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{35F64281-91CC-43DA-98F8-8C74F960B871}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3607B789-2B91-4EE0-BE3C-0B98A4514992}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3631C18F-DA83-498C-82D2-6993CAFD8620}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{365F6823-7A07-4DC6-A1CB-2EF45EBD9EE1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{370F1C28-583F-4393-BE1E-4E0198B56D0C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{372A8082-3FCF-4922-B2BC-9C7D4ECB6A72}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{379651A0-3F0D-4F17-BFFE-A921C98F7422}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{379F83F9-E18F-4B25-8147-95DACADE7ABC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{37D00B2D-1C81-40D6-9986-3DA21C312C57}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3823FC19-BD1A-4EFF-8770-B4CECF60EC62}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3962D303-2E76-4B7E-8F90-D62D26EF6866}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{39EA0291-89F8-4251-AB10-04477AAD4D34}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{39F72765-C60A-4D98-89BF-203EBC2D5928}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3A448B93-E2FB-4001-A9FD-5ED9460616BC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3A617482-CC0D-49A3-875C-07D81E0F3DC8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3D1DC361-855A-416A-8227-95A6E616662A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3DDA8F60-C049-4F45-9CEC-ED2EE5760061}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3E123C7C-16F5-4996-AE1E-EF9480B71E51}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3E4A17C9-2F6A-4A9F-AE84-6C790000EE50}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3F5BFECF-A703-44BD-A1D4-AAF75D7AC9AE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{3FB0DA9A-DF2D-4071-84FB-05A1609B54B8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4056915E-4689-4BA7-BF80-B6F1F2BA2C5F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{416F91E2-6EBC-4784-ACCA-B33917741EA9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{437383E1-49F1-4037-8F03-90BD8D8B7316}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{447E7CC5-4BD9-4B63-BC8A-DC9228057A9C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{454A3842-CF3D-4125-B638-D52832E3A5F4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{455B5E93-DD9E-443D-972F-82FC38748781}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{45B03A5B-6D0C-4148-BA81-DE9519589863}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{45CD4901-33C4-4B2F-9A66-687452EA9666}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{46FE9CA5-95C3-419D-B848-7DE4E46820E6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{474AD266-B1CF-4D92-A89D-B1275848C61D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{474E0567-70C8-4DCD-9815-79292D98BE2A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{47814319-DEC0-4A32-885B-17275AD1ED1D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{49D361AC-02A8-46AF-A0E3-B988A0F47B78}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4A1AF1EA-918B-43E8-8E57-BDB60F5ED38C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4AA8846A-D328-4886-AFEF-DF1C1C90A8C9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4AED2D94-55DA-45FB-8295-7058B79183AE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4BC164B9-15E8-4E24-9EC5-4084E2FCF89E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4CCE79BE-9617-424C-AFB8-EF8CC461A0BE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4DD0AAA2-8532-49DD-B8A5-1901F6F23270}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4E67842B-053E-487A-AEDC-56873AA62697}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4F2B4BBC-6B50-4905-A6F5-E599456B8FDA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4F39AD61-0765-47BF-9E77-C2680A59D0CC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4F8A64CB-8501-482A-AD7E-2167EEB4EC8D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{4F9058C4-F4AF-401D-9696-BB416969117E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5003951E-BE20-48DB-B10B-7EF90DAE74F9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5005195F-B3CC-4FEF-A8F9-559B15EE3380}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{511037C8-8AA3-4317-8B72-0A8A035C1D5C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5173F143-8367-4578-AC11-350E2E482AD8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{523E00F5-F6F6-4482-A354-B1BA4C55260D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{534D3624-5DE6-43E2-9B1B-E848986EC1BF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{53589AAF-AFFE-4DB1-9313-5B293D8B0F16}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{53787F2B-5927-4B88-8CA1-3767C79C5BB4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{548144D4-40EE-4641-8A4C-38E76057FC17}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{54A6D0EC-CE99-4ED8-B356-FEE9BCF7A624}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{54AE1AAB-3684-477C-95CA-78C0552B5CEE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5674DCE7-7E07-4AA0-84BF-A7A08A36C718}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{56927C83-2FA1-4DAD-B053-1784F0B54C96}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{56DDFD55-D864-4B3C-ACD6-5C8BB6539F38}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{56F27BD6-A625-4BAB-9E9D-88AE710AD66C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{57DB21B3-734B-433D-8CE7-45E9BFB743E8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5807CE60-3403-419F-B48D-AC511CA890CA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{58B19F58-62CA-49FD-A62B-7265AD5006E9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{597B6191-160B-40CD-A56B-BEF2D3EC23C8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{59D07DDE-28F8-44D7-907F-6070AABF9B5E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{5C764F93-9302-41A4-B400-AF9FF6021685}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{604D9CAB-3D0F-4C74-99EC-A87F0AE7B8AD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6150C985-4236-4343-BD72-6FB9F2F760ED}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6373CD65-16CE-405B-A7CF-2B52BFCD19D6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{63862F52-5EAA-45E6-A6B0-3FBF322A5517}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{63A5D12E-2486-4263-8CCC-55027C17F1C8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{64D36218-B4BD-4788-86BF-1A60EA92166F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{65034AE2-1281-464D-B7C4-ABF5109B9293}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{65B47BF7-B2DE-42C1-98C2-69E2C93788BE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{672DC7A2-EF91-44A9-8DAE-1D1F36D89CCC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{68169B88-3990-44E3-8899-BE81BD643DAE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{68192E39-D443-4534-BDE7-E06FC8817A13}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{68902B48-1C06-4F4E-B5D9-02CC0D686592}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{68CB8E54-B0F2-4BE0-BD39-C2FA39FAFD0B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6982201C-6658-4E00-99C3-31215CF89F2A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{69B7FFC4-3EF7-4BF2-9773-3C2FE23C9357}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{69D8DAA7-DE74-4AB9-BA8C-4E34763E0313}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6B3E24AC-707C-4680-96E7-D1219A192927}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6B5C6282-6C9D-4B59-AB18-203B7C833E25}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6BFDB300-EE87-4A76-8239-A139BD5DABB8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{6CC22833-3814-40A4-BB5C-150C34D56529}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{705339D5-3B0C-4F39-B4FE-C0BB72C35D1B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{70D519B8-3D61-4116-90E8-C6AA097545E8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{71FC6087-48E8-492B-82A0-592BC107EA53}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{723464F0-9AC6-4685-8B77-77FE1BC46AA3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7321207F-F4B8-48B8-8F73-7965FDEC080B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{736E58CF-5621-4395-82D6-47BD889B533B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{73D50514-220D-4539-ADAA-94B89DCB44BC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{74AF41EB-59E4-46CD-B9B6-FB860770C5ED}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{74D46908-F370-4236-AC6A-BBDC84DA69D2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{74EACF1E-45F6-43FA-BBBE-27D4EC9960D0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{75B0E2AC-6DF1-44D3-9DFF-279B1AD0CC68}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{75FE6A9C-2675-4EF6-BEBC-08E18383529C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{76D624D2-FEFC-4538-91BC-ED9E62CD98C6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7708D867-A5F4-42A6-9908-B5216B1CA345}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7717B125-B1EE-4D12-B5D0-D8E3BE76E310}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{77C611FE-65FF-4E1A-B518-0E9B9A2F83F3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7896F85E-EA5F-493A-BD4A-FAF96A6068EE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{78BA8F0D-9FDE-4E4F-83AF-AB5EFCC41AD9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{79307CED-9168-4114-8BB1-A3D1AAB02DD5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{79C2463F-D3A8-4AE9-AE63-FBE14267960D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{79CDD3AF-2047-4B9D-87AB-F6FE5CFC5CCC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7C93E150-E9F8-41F1-BDD5-CC9584B344FE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7F282E68-042F-441C-928D-8815CFD8C78B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7F42045C-83CC-4398-8563-31613A12F6CA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7F5C1EF2-ED67-41EC-BFAA-09FC9EA249A1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{7FF0AAB9-A3F1-41A8-93F2-FEC2FA3312FF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{806C1BBD-38C3-4302-818B-44551AF305B6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8326CE16-4577-425C-B5EE-8AD53DC09A6D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{836DB6DD-4BEB-4AE7-99F0-E2832DDEF06A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{839994DA-BA64-4399-BDD6-C9D7DA04FAFC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{83EA5AC1-8E1B-4F23-AA6F-477E29B73A99}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{84B517B4-180E-4104-AE04-B9F15DB0868A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{867C54F5-9DC5-4E5A-B8C4-3F07F90521E0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8694BF3F-76EA-4C7D-B2CF-831CDCCDD181}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{878C7981-2147-446A-942B-EB23E639E58D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{88BAFC39-8B05-4477-A374-3266B733DE40}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{890879B9-9C2A-4CD2-AEDD-70C9E3C2A546}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8A109C88-C101-43C5-80F6-6EB0A66A0AF6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8AC2A45F-E81D-4085-8E42-ACBFCD5DB61B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8AFC866B-FFCD-4077-8561-5972A4A9B5CD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8CBEE8A4-6807-4A97-942E-C21FE20EE5B8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8DFE2E16-0498-4647-8774-AE9DB6E0B9B1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8E2A089E-C317-4A81-9D1B-11384B01D67B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8EB02C4B-2AA4-404E-BEF3-7BEC4ACCC77A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8F2650E4-372A-4904-9A06-298E26DE988A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{8FE794E4-CCA2-4396-9B76-5DE73F1B4534}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{91043F2B-BC65-4C53-B4D1-BB9E1FAC5E34}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{93485250-65E0-4303-89F3-5CF5F86FFFE6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{935EFFA4-5CAC-47FF-BE2D-C4FE9C862B51}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{93BD7918-0396-464B-8F59-87CEC0665D72}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{93CF6C21-6071-4A33-8933-ABA8775A42CC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{949483EC-C460-45FF-92DF-9D2760F44C1F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{957F0E0E-6EB0-4894-8F8E-C58306C3BD28}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{959F42AA-5FCE-49F9-B221-7EF93BFBF73A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{95AB4E03-C200-4ADE-BD68-717EE9837751}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{96D27C0A-D277-43EE-BFAD-EC4397CF2827}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9701B904-7FF1-420E-88AD-93721DE551B4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{97BD4279-37A1-41F1-80E1-892958C8F31D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{97CEBEC8-25B9-4549-8A91-51F91802F059}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{99CB677A-B604-4526-922C-B9FDC045EC36}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9A9383A7-0D03-446B-8613-36132EBD09D5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9AAAF392-98DE-4D79-BB95-0C4EA5662230}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9B9784E3-E19E-4CCA-B287-C13F957461D5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9BDB96CD-4F43-40D7-804C-8E119EC571D8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9C001725-BF79-4D9E-87AD-599016358294}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9D6D8449-4F3E-4957-8CE0-34006F94AEC5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9E5E2ED8-5FD7-40CC-B8D4-212367C84A31}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9E92822C-A637-4074-9D4B-7F1D6035129A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9F719D05-0471-4DE0-B2CD-EC4950E12A2C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9F7B7F49-8E80-458E-A285-4EC98B54B525}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9F87946D-7626-4268-A9E5-C53CFE542144}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9F9CDCA6-6963-441A-82E6-9B93BFC01B7A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{9FEB4FB7-99A4-4BB2-99A2-DC3AC2D2A6D4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A1ABE6DA-9776-4FF7-86B5-5EEF89CC2B5D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A2F26FE6-6E8F-4498-9D79-23454413146B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A30C6D9B-9C0D-414B-9A83-08DB6C7014DE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A3280A8D-3BF8-4001-9F39-B0B450E3A7A8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A3AA860A-85C9-41A3-9DA8-8CA3FD76D778}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A423FD83-51D8-417B-8026-1CC87815B574}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A45AE0EB-E9D6-452B-913E-ABD488535BE9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A461C757-D648-4B0E-BB63-21AB2EF2EE74}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A4ABDCA6-1CAD-4F3E-A6F8-09137C71AEDC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A5234E7C-9E3D-4A2E-A167-EC7FE185BFE5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A5805104-5300-4226-A454-E84DB0F132F8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A6139D53-7C36-45BF-9126-7ED849959492}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A801925A-E4F0-4D2A-8439-65A0722FBD77}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A82FA52A-6FF9-437D-928F-D674D3355D39}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{A92222AA-DAB4-4BB5-A91B-38A49728152D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{AA00DFCC-996C-4552-A309-88CD2C527666}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{ABB086D4-E900-434A-8A7C-DA690B59D802}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{AC21CC08-87C7-405E-B4BE-92A1E01AEC84}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{ADB93E48-AF86-4AE5-B223-76F09E0C1BC8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{ADD5EA91-EDAA-44F1-AAD5-FD4B41C2045C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{AF2C5608-4A52-4F05-9A99-1D64B1ED7BAF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{AF450D6A-6849-4844-A892-7E25ED5D22E4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B06C2959-F13C-4E6B-B31C-D82D12F97263}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B11BFA5A-BB9E-4E3A-A155-F189C56BC689}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B152940B-0110-4A69-AD27-DE2328FD68E8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B1EAFEF3-C3AD-4929-BBA7-1CA3855FC813}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B3AE687B-1F8B-4E0C-AA3A-8D649E686922}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B4012723-B9AA-47D1-8808-A9E6994EA060}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B45C0CF1-1F75-41A3-BEB1-02A07330C402}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B4E05CA4-D43C-4E37-A27A-1A13A4282062}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B586B89A-B7EE-42B3-B294-D5763B15BD9D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B5CEBED0-11B4-4921-857E-5BE152763BEE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B5DF1E93-7365-4E92-B3F3-D81CC85399FA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B6E04747-D709-4192-9232-E5A4BC401CCD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B7DF93CF-6A94-4B3A-85A4-E0B137E48FA2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B7FC6EE9-28D3-4A37-A8BC-39AD1D62F81E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{B81C7BCC-20F8-4C33-9E68-BCABCE6DFB74}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BA0E1931-299E-4FC5-9AB3-E2A2DC3B8B54}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BAA97C0C-070A-46B2-A93B-A530A8A80F08}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BB89747E-9081-4BA6-9FFD-C8E4DE8C74CF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BC4D1B5D-D29B-40F8-A9DB-FC53345A6EE9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BEB0127C-280C-4954-8C37-4606B147F8B8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BF369A5C-8162-4173-8DB6-B1E06BE4A086}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BF91EE7A-C92F-4742-A9B1-C50F30D10866}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{BFB412DF-9A59-41FE-9594-08D8BDD2D80D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C09451BE-EFA6-4643-B588-ACDD48D47C07}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C144297F-50A3-4F8F-855A-0C98492120C8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C2231D73-CF78-4F59-A50D-0C09F03EAF5B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C2BAE7E2-60D3-479F-A509-39B8AD105807}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C318329B-C944-4A17-A490-92E7D445EAAA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C31AB127-2417-4427-BD44-85D6415692A4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C3D3CAF1-B301-497D-AA9D-1E6225B72578}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C424AB70-7FCA-45DF-8033-6C4AFB06CD0F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C4C22BAB-CDD9-49AE-8CBA-F1A794A12310}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C54187AA-1159-4D6A-88A1-928C4B2879F3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C8044CAF-7E21-468F-BC39-8BFE84A283A1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C8531F0F-672E-4540-9DC4-F74FC2971484}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C91AA44F-E98F-4A41-8429-60524EFE4611}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C93E5A11-C107-428F-979C-7DB5D73555FD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C9B2C269-C909-443C-B74B-E428FEE5C59C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{C9F6A8E0-C3FE-4FEC-82D6-DB6C1DF345B4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CA10C61C-5DE5-457D-87D3-1660CE8A2E93}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CAF72E9F-916F-4BA5-8612-00B2C1333FAD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CB76A0B1-2597-4B96-A410-1A992BDA7F98}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CB8D4FB8-87A8-4119-864F-C40BE99FA7F2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CBBF1B4E-03B5-4295-B314-157DA55BB6E2}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CBD5769A-3255-485A-8155-1303D951447F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CC0CD2FC-1D53-494E-8174-3984B847D049}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CCAB8EEE-9587-42EA-B5D7-637DF0233335}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CCC5B90E-7546-4FA0-B0B1-9FEFFC7F2A84}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CD8799EB-2394-4B9C-9C73-7B231960AB83}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CDE3C6E9-273F-4622-A033-5A0077127BB5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CDEDF6DB-CF23-4E39-A1ED-4A5058B1DAF1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{CE6CE007-95DF-4468-A3F6-FC1E3AAC3142}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D0028844-CABF-47AB-BB8D-6BEB8BC9F5E4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D0ABCF15-E4C3-4F8F-9031-45B28EAC03DA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D1DF8E93-50FB-491C-B3EC-85A271E52EFE}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D3E9C0CD-17A9-46CE-81AD-1E1417A6C088}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D407B08F-473E-4491-9777-FAED6BD8E184}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D46D2739-4A1E-44F6-B0B3-84A2D7218101}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D6636235-47EC-4142-AF23-A733348AB64F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D6A058BB-CB7A-4CCD-A6DA-DC252A76A2D4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D7193ADF-E592-4933-B00A-F7306D3E7B08}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D74CBCFE-B982-4112-A647-15A987A77F33}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D7AA91A1-0191-459D-BB0E-794DF6CB1AE3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D7AEE6A8-8050-4291-AAFD-002143B585D8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D7D2CDE7-20A5-4629-992F-D2DA7DF26414}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D8490344-B2EC-4D50-BEA8-D08DD65B67C0}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D8E6BE0E-3F3D-4A62-A348-F46B7DE28694}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{D90058B2-28A9-44F9-B0CF-62DAF8AE13EC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DA27B869-DAE8-4FB3-9BED-1741BA9DABB8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DA2D1ADA-5720-4CE3-AA48-8ABDF71623F6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DB165E2B-5F97-4392-9AE3-457A82DD01A3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DB63DC43-90E3-47F3-9B90-60916A373013}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DB9BC341-4BF5-4A44-9875-F6666BAB3FB9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DC1C2296-1BD7-4B96-8B5A-5199969FA45E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DCE0C08A-69BA-4FCE-99AB-AD6353D18D4F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DD55E588-2E6F-4E13-AD7D-0A923D652F80}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DDE707C8-36F3-4D23-AAD9-86AE2F062448}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DE73B619-CDB7-4D26-B687-35BE205AAD0D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{DEC14FE4-3CC1-467A-AFE1-552C1B5B94F5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E0877986-A8D5-4D27-B51B-CF4838243AD1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E210A19E-B813-4BF7-B043-CED392E48042}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E23EC350-BC88-4729-B550-A88CB62F71BD}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E2868D7A-B635-4C77-9B98-0A14FC032C96}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E28AC109-FAFF-419A-BA8B-FAF1E59ABA80}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E2D5CC42-CDF5-4ED8-B1FF-32B3D27510DC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E366E155-45DE-492D-AA03-963AB4CF7419}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E39B3B6A-DB1A-4C89-A205-4673AE123FA4}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E49E25E0-4B12-4C5A-8AFF-7C3479107233}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E4B23890-CF74-4107-9568-3A2FE090F7FB}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E61A252E-D940-42A5-A30F-8F48CDC19423}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E7BB4DFA-30F3-4ACB-A9DD-AF05EB341E1E}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E7EFAD05-6F4B-4A1A-B6C6-6A57855EA10F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E894D2CC-B54E-4A02-8270-A5794CA5FC19}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E8D2F1F3-18FA-4CBA-BEE2-86064A5438BC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E9060266-CCE7-4D6C-8071-A709007E51C8}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E99E5341-9EE0-4A7B-966E-2A42E61A6112}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{E9FF94F8-8068-46B6-B6CE-B63C2E20EC91}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EA199459-69D3-43A6-A9D8-53BB060E1366}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EA47F3F8-28DB-4849-93E4-4B2FDC52A65A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EA6C7463-8176-45FF-80D8-3A42CA9A6659}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EB94A44B-4300-4651-A63B-BD573AE70D26}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EC551BF7-C58B-4F9C-B07E-E9AD947CF04D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{ECA1209D-E430-425A-9E9A-32BD0AE84F03}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{ED368A0E-A0A0-4A04-B10F-DE51318AEA60}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{EE3DEA14-E898-4F74-9960-F806F496F66F}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F2241963-565B-4D47-A5F9-AA17E84BD4FA}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F399C4AD-99AC-46F8-82CB-0A4AC23DCE4C}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F41E69DB-0F03-47BB-8217-ECE1C8D5756B}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F481C1EE-F5E1-481A-B7B9-3D4CD32D5B8A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F55C571B-00C0-4769-B929-2A8F48E7EB1A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F618D84F-1777-4421-9CE9-2B8812CEFFED}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F7A3FD12-7471-422F-9908-D2EF75B60A7D}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F80ECDB6-8FE4-456D-9FE0-FD4AB415B3CC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F841B5B1-7DFF-4293-9415-FD39F28129B1}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F8D57D6D-5661-450E-B3F8-307926290AB3}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F91EAF98-84E8-4674-8430-69ED83EFB511}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{F9484E57-435F-4279-B7A0-E15E5B8D24D7}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FA0DA295-F2B1-4087-8FB5-A3ECC18CBAA9}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FABC0DA4-9D45-40B3-932D-30C74B5D16DC}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FAF40F51-232C-4A64-B55B-92A1EA7EB804}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FAFD60BF-7648-426E-90C1-CE79A0115B3A}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FB53FCFE-70EE-44B8-87F8-A8E9A9376F18}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FBB4EB10-CB6B-403F-8292-E96FD64FB9BF}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FCBCAEB3-6EBD-4823-A541-FE71EB9BB6C6}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FD49B711-8E1E-4DE7-B085-255F537377D5}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FD4F282C-01B6-4654-B319-2A6404972C00}
Successfully deleted: [Empty Folder] C:\Users\Lynn\appdata\local\{FE5A4A56-CD5B-4A6E-9664-EDD4713C34E2}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\user.js
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\extensions\torntv2@torntv.com.xpi
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\searchplugins\bprotect.xml
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\smartbar
Successfully deleted: [Folder] C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
Successfully deleted the following from C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\prefs.js
 
user_pref("CT2801948.1000082.isDisplayHidden", "true");
user_pref("CT2801948.1000082.isPlayDisplay", "true");
user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description\":\"Virgin Radio Classic Rock\",\"url\":\"hxxp://www.smgradio.com/core/aud
user_pref("CT2801948.1000234.TWC_TMP_city", "LONDON");
user_pref("CT2801948.1000234.TWC_TMP_country", "UK");
user_pref("CT2801948.1000234.TWC_locId", "UKXX0085");
user_pref("CT2801948.1000234.TWC_location", "London, United Kingdom");
user_pref("CT2801948.1000234.TWC_region", "GB");
user_pref("CT2801948.1000234.TWC_temp_dis", "c");
user_pref("CT2801948.1000234.TWC_wind_dis", "mph");
user_pref("CT2801948.1000234.weatherData", "{\"icon\":\"20.png\",\"temperature\":\"7°C\",\"temperatureClear\":\"7°C\",\"highTemperature\":\"7°C\",\"lowTemperature\":\"5°C\
user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.FirstTime", "true");
user_pref("CT2801948.FirstTimeFF3", "true");
user_pref("CT2801948.LoginRevertSettingsEnabled", true);
user_pref("CT2801948.RevertSettingsEnabled", true);
user_pref("CT2801948.SearchAppState.enc", "Mw==");
user_pref("CT2801948.SearchAppTracking.enc", "c2VudA==");
user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
user_pref("CT2801948.UserID", "UN63991438884927719");
user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2801948.autoDisableScopes", -1);
user_pref("CT2801948.browser.search.defaultthis.engineName", true);
user_pref("CT2801948.defaultSearch", "true");
user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2801948.enableAlerts", "always");
user_pref("CT2801948.enableFix404ByUser", "TRUE");
user_pref("CT2801948.enableSearchFromAddressBar", "true");
user_pref("CT2801948.firstTimeDialogOpened", "true");
user_pref("CT2801948.fixPageNotFoundError", "true");
user_pref("CT2801948.fixPageNotFoundErrorByUser", "true");
user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2801948.fixUrls", true);
user_pref("CT2801948.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
user_pref("CT2801948.installId", "conduitinstaller.exe");
user_pref("CT2801948.installType", "conduitnsisintegration");
user_pref("CT2801948.isCheckedStartAsHidden", true);
user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.isFirstTimeToolbarLoading", "false");
user_pref("CT2801948.isNewTabEnabled", true);
user_pref("CT2801948.isPerformedSmartBarTransition", "true");
user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2801948.keyword", true);
user_pref("CT2801948.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2801948&octid=CT2801948&SearchSource=15&CUI=UN6399143888492771
user_pref("CT2801948.lastVersion", "10.14.65.43");
user_pref("CT2801948.migrateAppsAndComponents", true);
user_pref("CT2801948.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3225826%26SearchSource%3D13%26CUI%3DSB_CUI\",\"EB_MAIN_FRA
user_pref("CT2801948.openThankYouPage", "false");
user_pref("CT2801948.openUninstallPage", "true");
user_pref("CT2801948.search.searchAppId", "129306881621438061");
user_pref("CT2801948.search.searchCount", "1");
user_pref("CT2801948.searchInNewTabEnabledByUser", "true");
user_pref("CT2801948.searchInNewTabEnabledInHidden", "true");
user_pref("CT2801948.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHEN.OurToolbar.com//xpi\"}");
user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362359734400");
user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1362536306260");
user_pref("CT2801948.serviceLayer_services_clientErrorLog_lastUpdate", "1352201161951");
user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362359734318");
user_pref("CT2801948.serviceLayer_services_location_lastUpdate", "1362536306256");
user_pref("CT2801948.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352224141796");
user_pref("CT2801948.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359912137353");
user_pref("CT2801948.serviceLayer_services_login_10.14.42.7_lastUpdate", "1362359733935");
user_pref("CT2801948.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362536306152");
user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362359734126");
user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1362536306460");
user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1362536305888");
user_pref("CT2801948.serviceLayer_services_setupAPI_lastUpdate", "1362536306264");
user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362359734270");
user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1362536306080");
user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1362536306055");
user_pref("CT2801948.settingsINI", true);
user_pref("CT2801948.shouldFirstTimeDialog", "false");
user_pref("CT2801948.smartbar.CTID", "CT2801948");
user_pref("CT2801948.smartbar.Uninstall", "0");
user_pref("CT2801948.smartbar.homepage", true);
user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
user_pref("CT2801948.toolbarBornServerTime", "28-10-2012");
user_pref("CT2801948.toolbarCurrentServerTime", "6-3-2013");
user_pref("CT2801948.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
user_pref("CT2801948.upgradeFromClearSBVersion", true);
user_pref("CT2801948_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365206063073,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2MjM1OTYyNCwidXVpZCI6NTg2NDg4MzIzNTM1MTE4LCJzZXFfaWQiOjUsInNzYiI6MTM1ODgwNDIzM30=");
user_pref("CT3225826.CBOpenMAMSettings.enc", "MA==");
user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.FirstTime", "true");
user_pref("CT3225826.FirstTimeFF3", "true");
user_pref("CT3225826.LoginRevertSettingsEnabled", true);
user_pref("CT3225826.RevertSettingsEnabled", true);
user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&q=&SearchSource=2");
user_pref("CT3225826.UserID", "UN52062187570603672");
user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3225826.autoDisableScopes", -1);
user_pref("CT3225826.browser.search.defaultthis.engineName", true);
user_pref("CT3225826.cbcountry_001.enc", "R0I=");
user_pref("CT3225826.cbfirsttime.enc", "TW9uIEphbiAyMSAyMDEzIDIxOjM3OjEyIEdNVCswMDAwIChHTVQgU3RhbmRhcmQgVGltZSk=");
user_pref("CT3225826.defaultSearch", "true");
user_pref("CT3225826.enableAlerts", "always");
user_pref("CT3225826.enableFix404ByUser", "FALSE");
user_pref("CT3225826.enableSearchFromAddressBar", "true");
user_pref("CT3225826.firstTimeDialogOpened", "true");
user_pref("CT3225826.fixPageNotFoundError", "true");
user_pref("CT3225826.fixPageNotFoundErrorByUser", "true");
user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3225826.fixUrls", true);
user_pref("CT3225826.installType", "xpe");
user_pref("CT3225826.isCheckedStartAsHidden", true);
user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
user_pref("CT3225826.isNewTabEnabled", true);
user_pref("CT3225826.isPerformedSmartBarTransition", "true");
user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3225826.keyword", true);
user_pref("CT3225826.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3225826&octid=CT3225826&SearchSource=15&CUI=UN5206218757060367
user_pref("CT3225826.lastVersion", "10.14.65.43");
user_pref("CT3225826.migrateAppsAndComponents", true);
user_pref("CT3225826.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3225826%26SearchSource%3D13%26CUI%3DSB_CUI\",\"EB_MAIN_FRA
user_pref("CT3225826.openThankYouPage", "true");
user_pref("CT3225826.openUninstallPage", "false");
user_pref("CT3225826.revertSettingsEnabled", "false");
user_pref("CT3225826.search.searchAppId", "129830626805552092");
user_pref("CT3225826.search.searchCount", "0");
user_pref("CT3225826.searchInNewTabEnabledByUser", "true");
user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3225826\"}");
user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BitTorrentControlv12.OurToolbar.com//xpi\"}");
user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BitTorrentControl_v12\"}");
user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359912258806");
user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1359912138014");
user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358804230043");
user_pref("CT3225826.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359912138139");
user_pref("CT3225826.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362536305903");
user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358804230632");
user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1359912138191");
user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1362536305637");
user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358804230583");
user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1362536305706");
user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1362536305867");
user_pref("CT3225826.settingsINI", true);
user_pref("CT3225826.shouldFirstTimeDialog", "false");
user_pref("CT3225826.smartbar.CTID", "CT3225826");
user_pref("CT3225826.smartbar.Uninstall", "0");
user_pref("CT3225826.smartbar.homepage", true);
user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
user_pref("CT3225826.toolbarBornServerTime", "22-1-2013");
user_pref("CT3225826.toolbarCurrentServerTime", "6-3-2013");
user_pref("CT3225826.url_history0001.enc", "amF2YXNjcmlwdDpfX2RvUG9zdEJhY2soJ0FTUHhQYW5lbDFGcm9tV2ViJHYyX1dlYlVzZXJDb250cm9sRnJvbVdlYlBhZ2UxJExpbmtCdXR0b24zJywnJyk6OjpjbGlja2h
user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365206062948,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13&CUI=SB_CUI");
user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&q=&SearchSource=2");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.claro-search.com/?affID=114508&tt=4012_4&babsrc=KW_clro&mntrId=6ec7ee110000000000006427377b3655&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4012_4&babsrc=HP_clro&mntrId=6ec7ee110000000000006427377b3655");
user_pref("avg.install.userSPSettings", "Claro Search");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=060612_7_");
user_pref("extensions.BabylonToolbar_i.hardId", "6ec7ee11000000000000642737bf311a");
user_pref("extensions.BabylonToolbar_i.id", "6ec7ee11000000000000642737bf311a");
user_pref("extensions.BabylonToolbar_i.instlDay", "15517");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:21:56");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "6ec7ee110000000000006427377b3655");
user_pref("extensions.claro.instlDay", "15619");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.vrsn", "1.6.4.1");
user_pref("extensions.claro.vrsni", "1.6.4.1");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.6.4.10:17:17");
user_pref("extensions.crossriderapp19962.adsOldValue", 14);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "6ec7ee11000000000000582c80139263");
user_pref("extensions.delta.instlDay", "15902");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.516:47:45");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tt=160713_91114&tsp=4945");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("smartBar.searchInNewTabOwner", "CT2801948");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13&CUI=SB_CUI");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&CUI=SB_CUI&q=,hxxp://search.conduit.com/ResultsExt.a
user_pref("smartbar.machineId", "F0KGYJSO+KPNJH2FHLCLZA1BKDSRDQE//HA9VU0LTFVIJ22KXZVPGUIH5Q6N4//SKLR8CCPU3/7E+VAQMCD5GG");
user_pref("smartbar.originalHomepage", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=0fcee352-996b-412f-8e10-e98b1cbfaa6d&searchtype=hp");
user_pref("smartbar.originalSearchAddressUrl", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=0fcee352-996b-412f-8e10-e98b1cbfaa6d&searchtyp
user_pref("smartbar.originalSearchEngine", "Web Search");
Emptied folder: C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\iz9jtl5h.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Lynn\appdata\local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Folder] C:\Users\Lynn\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/10/2013 at 23:29:04.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 30 October 2013 - 06:48 PM

awdcleaner:

 

# AdwCleaner v3.010 - Report created 30/10/2013 at 23:41:33
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lynn - LYNN-HP
# Running from : C:\Users\Lynn\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Lynn\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\CT2801948
Folder Deleted : C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\5d538ddee169ed40
Key Deleted : HKLM\SOFTWARE\5d538ddee169ed40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\prefs.js ]
 
Line Deleted : user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description\":\"Virgin Radio Classic Rock\",\"url\":\"hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=v[...]
Line Deleted : user_pref("CT2801948.1000234.weatherData", "{\"icon\":\"20.png\",\"temperature\":\"7°C\",\"temperatureClear\":\"7°C\",\"highTemperature\":\"7°C\",\"lowTemperature\":\"5°C\",\"feelsLike\":\"7°C\",\"con[...]
Line Deleted : user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2801948.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2801948&octid=CT2801948&SearchSource=15&CUI=UN63991438884927719&SSPV=NT_FF_RD&Lay=1&UM=[...]
Line Deleted : user_pref("CT2801948.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3225826%26SearchSource%3D13%26CUI%3DSB_CUI\",\"EB_MAIN_FRAME_TITLE\":\"Search%20\",[...]
Line Deleted : user_pref("CT2801948.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHEN.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365206063073,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3225826&octid=CT3225826&SearchSource=15&CUI=UN52062187570603672&SSPV=EB_SSPV&Lay=1&UM=U[...]
Line Deleted : user_pref("CT3225826.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3225826%26SearchSource%3D13%26CUI%3DSB_CUI\",\"EB_MAIN_FRAME_TITLE\":\"Search%20\",[...]
Line Deleted : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3225826\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BitTorrentControlv12.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BitTorrentControl_v12\"}");
Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365206062948,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8736 octets] - [30/10/2013 23:36:54]
AdwCleaner[S0].txt - [8751 octets] - [30/10/2013 23:41:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8811 octets] ##########


#5 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 30 October 2013 - 06:53 PM

This popped up as well

 

I think its malware

http://dellilasnotebook.blogspot.co.uk/2013/10/url.html

 

copied on to an unused blog page :)



#6 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 30 October 2013 - 06:57 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Lynn (administrator) on LYNN-HP on 30-10-2013 23:53:57
Running from C:\Users\Lynn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-22] (IDT, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {484233fe-8491-11e1-b26f-642737bf311a} - G:\AutoRun.exe
MountPoints2: {5a9531a9-845f-11e1-b71d-6427377b3655} - G:\AutoRun.exe
MountPoints2: {b97c0d42-1935-11e2-97a1-642737bf311a} - G:\AutoRun.exe
MountPoints2: {b97c0d81-1935-11e2-97a1-642737bf311a} - G:\AutoRun.exe
MountPoints2: {d08e334c-82f5-11e1-a77d-642737bf311a} - G:\AutoRun.exe
MountPoints2: {d08e3382-82f5-11e1-a77d-642737bf311a} - G:\AutoRun.exe
MountPoints2: {d277a387-a1bd-11e1-9f4e-642737bf311a} - G:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [335872 2009-02-17] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bee Coupons-repairJob] - wscript.exe "C:\Users\Lynn\AppData\Local\Bee Coupons\repair.js"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Evan\...\Policies\system: [DisableLockWorkstation] 0
HKU\Evan\...\Policies\system: [DisableChangePassword] 0
HKU\Evan\...\Policies\system: [LogonHoursAction] 2
HKU\Evan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs:      [0 ] ()
AppInit_DLLs-x32:      [0 ] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.gmail.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bee Coupons BHO - {FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bee Coupons - {814C44E6-B2BA-4413-AEB3-F958AD419DB4} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default
FF SearchEngineOrder.2: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
FF Extension: Bazaar Friend - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\addon@bazaarfriend.com
FF Extension: Update Service - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\updater@foxstart.com
FF Extension: Bee Coupons - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\{E2697576-0B98-89B0-92AF-4C2D1E7959E8}
FF Extension: torntv - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\torntv@torntv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.ebay.co.uk/", "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dmm&scc=1&ltmpl=default&ltmplcache=2", "hxxp://www.facebook.com/Dame.Lemon.Fancy.Woman", "https://twitter.com/", "https://www.google.co.uk/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Unity Player) - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbgjfdieajmokelnlapbedknchgenne\10.21.1.507_15
CHR Extension: (Google Search) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Raster) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp\1.0_0
CHR Extension: (Bee Coupons ) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjhfhgaljiijlajckpemcnbohjfjoi\1.0_0
CHR Extension: (Gmail) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\Lynn\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Lynn\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\Lynn\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2012-01-31] (FS)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131029.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131030.001\ENG64.SYS [126040 2013-10-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131030.001\EX64.SYS [2099288 2013-10-25] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2010-12-21] (CACE Technologies)
S3 NPF; C:\Windows\SysWow64\drivers\npf.sys [34064 2010-12-21] (CACE Technologies)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-27] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552512 2009-03-12] ()
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-30 23:53 - 2013-10-30 23:53 - 01956614 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:36 - 2013-10-30 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:33 - 2013-10-29 04:58 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 02:02 - 2013-10-28 23:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 02:01 - 2013-10-28 23:34 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 01:21 - 2013-10-30 22:42 - 00000342 _____ C:\Windows\Tasks\bench-sys.job
2013-10-28 01:21 - 2013-10-30 22:42 - 00000342 _____ C:\Windows\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002.job
2013-10-28 01:21 - 2013-10-30 19:38 - 00000000 ____D C:\Users\Lynn\AppData\Local\Bee Coupons
2013-10-28 01:21 - 2013-10-28 01:21 - 00003238 _____ C:\Windows\System32\Tasks\bench-sys
2013-10-28 01:21 - 2013-10-28 01:21 - 00003214 _____ C:\Windows\System32\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Users\Lynn\AppData\Local\BenchUpdater
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Program Files (x86)\Bench
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Program Files (x86)\Bee Coupons
2013-10-28 01:06 - 2013-10-28 01:15 - 00000639 _____ C:\Windows\wininit.ini
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:10 - 2013-10-27 23:02 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:32 - 2013-10-26 20:32 - 00000869 _____ C:\Users\Lynn\Desktop\BitTorrent.lnk
2013-10-26 20:32 - 2013-10-26 20:32 - 00000849 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:41 - 2013-10-12 11:43 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:01 - 2013-10-11 18:06 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 02:22 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:22 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:22 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:22 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:22 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 20:22 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 20:22 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 20:22 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 20:22 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 20:22 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 20:22 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 20:22 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 20:22 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 20:22 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 20:22 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 20:22 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 20:22 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 20:22 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 20:22 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 20:22 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 20:22 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 20:22 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 20:22 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 20:22 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 20:22 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 20:22 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 20:21 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 20:21 - 2013-08-01 09:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 20:21 - 2013-08-01 09:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-10 20:21 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:18 - 2013-10-29 04:10 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-09 19:31 - 2013-10-10 22:53 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-09 19:30 - 2013-10-10 22:50 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-10-30 23:54 - 2013-04-22 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 23:53 - 2013-10-30 23:53 - 01956614 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:52 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 23:52 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 23:49 - 2009-07-14 05:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 23:46 - 2012-01-27 22:12 - 01336090 _____ C:\Windows\WindowsUpdate.log
2013-10-30 23:45 - 2013-04-22 15:26 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 23:45 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-10-30 23:44 - 2012-12-03 15:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-30 23:44 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 23:44 - 2009-07-14 04:51 - 00154641 _____ C:\Windows\setupact.log
2013-10-30 23:42 - 2013-10-30 23:36 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:16 - 2012-07-02 20:22 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-30 23:06 - 2012-05-16 01:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 22:42 - 2013-10-28 01:21 - 00000342 _____ C:\Windows\Tasks\bench-sys.job
2013-10-30 22:42 - 2013-10-28 01:21 - 00000342 _____ C:\Windows\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002.job
2013-10-30 19:38 - 2013-10-28 01:21 - 00000000 ____D C:\Users\Lynn\AppData\Local\Bee Coupons
2013-10-30 17:41 - 2012-04-04 19:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B554D3E2-C714-4869-8FA7-DFA1B1E8B779}
2013-10-30 00:49 - 2012-04-01 18:47 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4DB3067-FF68-42F1-AFE9-BEF6C1D1B1BD}
2013-10-29 20:28 - 2012-04-04 19:56 - 00000000 ____D C:\Users\Evan
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 12:07 - 2013-02-15 15:06 - 00000000 ____D C:\Windows\pss
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:58 - 2013-10-29 04:33 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:34 - 2012-01-27 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-10-29 04:10 - 2013-10-10 13:18 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-29 02:16 - 2010-11-21 03:47 - 00654380 _____ C:\Windows\PFRO.log
2013-10-28 23:39 - 2013-10-28 02:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 23:34 - 2013-10-28 02:01 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 16:24 - 2012-12-12 15:28 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2013-10-28 16:24 - 2012-12-12 15:28 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLynn.job
2013-10-28 14:02 - 2012-04-30 13:42 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-28 14:02 - 2012-04-02 13:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 10:22 - 2012-04-04 19:56 - 00001230 __RSH C:\Users\Evan\ntuser.pol
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 02:00 - 2013-08-12 12:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-28 02:00 - 2012-04-04 19:51 - 00000632 __RSH C:\Users\Lynn\ntuser.pol
2013-10-28 02:00 - 2012-04-01 18:45 - 00000000 ____D C:\Users\Lynn
2013-10-28 01:25 - 2013-01-09 21:35 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\BitTorrent
2013-10-28 01:24 - 2012-04-01 18:47 - 00000000 ___RD C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 01:21 - 2013-10-28 01:21 - 00003238 _____ C:\Windows\System32\Tasks\bench-sys
2013-10-28 01:21 - 2013-10-28 01:21 - 00003214 _____ C:\Windows\System32\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Users\Lynn\AppData\Local\BenchUpdater
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Program Files (x86)\Bench
2013-10-28 01:21 - 2013-10-28 01:21 - 00000000 ____D C:\Program Files (x86)\Bee Coupons
2013-10-28 01:15 - 2013-10-28 01:06 - 00000639 _____ C:\Windows\wininit.ini
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\ProgramData\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-28 01:14 - 2012-04-10 17:46 - 00000000 ____D C:\Users\Lynn\AppData\Local\CrashDumps
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-28 00:53 - 2012-09-14 13:05 - 00000000 ____D C:\Users\Lynn\AppData\Local\WinZip
2013-10-27 23:02 - 2013-10-26 21:10 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:32 - 2013-10-26 20:32 - 00000869 _____ C:\Users\Lynn\Desktop\BitTorrent.lnk
2013-10-26 20:32 - 2013-10-26 20:32 - 00000849 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2013-10-26 20:32 - 2013-01-09 21:36 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-25 20:19 - 2012-04-08 09:23 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\SoftGrid Client
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-10-17 15:05 - 2013-07-19 22:23 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-17 02:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 00:13 - 2012-05-15 19:01 - 00000000 ____D C:\Users\Lynn\Documents\OnLive App
2013-10-13 20:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:43 - 2013-10-12 11:41 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:19 - 2012-12-14 15:04 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\vlc
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:06 - 2013-10-11 18:01 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 07:39 - 2012-04-04 19:57 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:45 - 2009-07-14 04:45 - 00436072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:18 - 2012-01-27 22:16 - 00765636 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:11 - 2013-07-18 15:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:08 - 2012-04-14 22:03 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 22:53 - 2013-10-09 19:31 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-10 22:50 - 2013-10-09 19:30 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-10 09:41 - 2013-04-22 15:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-10 09:41 - 2012-04-01 19:09 - 00000000 ____D C:\Users\Lynn\AppData\Local\Google
2013-10-10 07:49 - 2013-04-22 15:26 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 07:49 - 2013-04-22 15:26 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 07:45 - 2013-09-25 18:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:06 - 2011-11-10 03:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-04 07:58 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Lynn\AppData\Local\Temp\mpegc.dll
C:\Users\Lynn\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-22 10:10
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by Lynn at 2013-10-30 23:55:57
Running from C:\Users\Lynn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0928.607.9079)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD System Monitor (x32 Version: 1.0.9)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArtRage Studio Pro Demo (x32 Version: 3.0.8)
Audible Download Manager (x32 Version: 6.6.0.15)
Bejeweled 3 (x32 Version: 2.2.0.97)
BitTorrent (HKCU Version: 7.8.2.30265)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
blinkbox Download Manager (x32 Version: 2.0.7)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.140)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079)
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079)
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079)
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079)
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079)
CCC Help Czech (x32 Version: 2011.0928.0606.9079)
CCC Help Danish (x32 Version: 2011.0928.0606.9079)
CCC Help Dutch (x32 Version: 2011.0928.0606.9079)
CCC Help English (x32 Version: 2011.0928.0606.9079)
CCC Help Finnish (x32 Version: 2011.0928.0606.9079)
CCC Help French (x32 Version: 2011.0928.0606.9079)
CCC Help German (x32 Version: 2011.0928.0606.9079)
CCC Help Greek (x32 Version: 2011.0928.0606.9079)
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079)
CCC Help Italian (x32 Version: 2011.0928.0606.9079)
CCC Help Japanese (x32 Version: 2011.0928.0606.9079)
CCC Help Korean (x32 Version: 2011.0928.0606.9079)
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079)
CCC Help Polish (x32 Version: 2011.0928.0606.9079)
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079)
CCC Help Russian (x32 Version: 2011.0928.0606.9079)
CCC Help Spanish (x32 Version: 2011.0928.0606.9079)
CCC Help Swedish (x32 Version: 2011.0928.0606.9079)
CCC Help Thai (x32 Version: 2011.0928.0606.9079)
CCC Help Turkish (x32 Version: 2011.0928.0606.9079)
ccc-utility64 (Version: 2011.0928.607.9079)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ConverterLite 1.5.0 (x32 Version: 1.5.0)
Coupon Printer (x32 Version: 2.0)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 28.0.1315.0)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Photo Creations (x32 Version: 1.0.0.11502)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.15.0005)
HP Quick Launch (x32 Version: 2.6.3)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.11)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HUE HD Webcam Video Software (x32 Version: 5.8.48202.103)
IDT Audio (x32 Version: 1.0.6381.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4535.1511)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1)
Mozilla Firefox 14.0.1 (x86 en-US) (HKCU Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 13.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 (x32 Version: 20.4.0.40)
Norton Management (x32 Version: 3.2.2.12)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
OnLive (x32)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Pivot Stickfigure Animator version 2.2.7 (x32 Version: 2.2.7)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Rapport (x32 Version: 3.5.1304.13)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
SAM Animation 1.3 (x32 Version: 1.3)
SpyroDriver (x32 Version: 1.07.0000)
SpyroPortalDriver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.13)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
VideoPad Video Editor (x32 Version: 3.04)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.0.1 (x32 Version: 1.0.1)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Password Unlocker Standard 5.3.0.0 (x32)
WinZip 16.5 (Version: 16.5.10095)
ZTE_1.2059.0.8 (x32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
18-10-2013 23:17:00 Scheduled Checkpoint
27-10-2013 20:59:39 Installed Rapport
28-10-2013 01:11:58 Removed Rapport
28-10-2013 01:24:42 Removed Rapport
29-10-2013 04:46:14 Removed Java 7 Update 7
29-10-2013 04:49:17 Removed JavaFX 2.1.1
29-10-2013 04:52:45 Installed Java 7 Update 45
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2012-11-10 10:49 - 00000849 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {000AE052-0F10-4381-86AB-0BA961CA5705} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {076823BD-E067-4D16-ADE9-DEFF01446848} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {0933FFF8-BA47-4366-BF6F-DB3DED3155C4} - System32\Tasks\HPCeeScheduleForLynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B79A101-295B-4B25-9DF8-2B5DCD861E20} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CDB4A0B-D9B4-45F2-B304-636B86631E9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {121C782B-BA0C-43F1-BC3B-A8C6334D876E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-11] ()
Task: {13687D07-4B9F-4F15-AAA4-4DB7DE4D0F9C} - System32\Tasks\Google Updater and Installer => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1B7E9C06-0AA4-4173-8230-063C21D83AE5} - System32\Tasks\{251B2580-5488-4436-8B98-31A8080486D2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {2A2C9A84-43FC-415F-ACE4-35F0BD901770} - System32\Tasks\{E3D1FC44-166F-4342-8841-75CB465C86A2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {2CBBCA63-D581-4819-9C64-16C82246179C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {35937ADE-5EE8-4948-AF1B-7088604ACDA4} - System32\Tasks\{DAC2A945-57F0-48AD-806A-F6DDDFBBA0E1} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {380F67E5-AE23-41DF-BB5C-7D2E0E855929} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {4098FECD-6988-40D9-AA20-3D585D010435} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {55AFFEA2-E480-44C3-A63B-75882CD9ACEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {590571D9-3424-464F-8BB3-2FC2E22C3087} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-10-28] (Hewlett-Packard)
Task: {788B4799-10B1-4071-BF50-F56EC5201716} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {79344078-B81D-472A-A83D-399331B4F7E7} - System32\Tasks\NCH Software\debutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {79E93BCB-0512-47C8-9029-B60CED3D356A} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {7C40A76A-27B7-44E8-872C-E62FA7B16580} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-10] (Microsoft Corporation)
Task: {7EE29785-61A5-4EA4-8A1C-BD61DC0E9C7A} - System32\Tasks\{493C4D1B-9688-4CFA-BEF3-B10DA2B3BB9C} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A3C1E02B-894E-4E74-A686-D98D3500D940} - System32\Tasks\{42E41325-7B4C-4AD0-850D-7BAA907EBA99} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A5251222-2B5B-4E19-8E9F-8AF9A21CE98D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7C085DD-680D-49C8-A7D8-FE71FF7F606A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AAE649DC-EEE4-4A61-A276-158319E7B733} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {ABDD1914-F997-4632-ACEA-F84D46646998} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\Updater.exe [2013-10-16] ()
Task: {BC1784D8-47AC-4EAE-B030-19C0493ECCF2} - System32\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002 => C:\Program Files (x86)\Bench\Updater\Updater.exe [2013-10-16] ()
Task: {C7B22719-9010-4DDC-97BC-C5E5AA2B36F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CF88D049-4AEF-4D0F-A78B-68D05D9C4DD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {D183C194-7A3C-4A3B-A2D2-F0C5D555F6E6} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {D1FE4FE1-A255-428A-942F-838E03C3C314} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D24FA78C-8F48-4D5D-ADF4-C3BACD642139} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {E3C634ED-6DD6-4FF8-A6C4-ED6AACF0D8D5} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {E5F78C75-0F45-4A5C-BBB9-4F2086633BE5} - System32\Tasks\Updater19962.exe => C:\Users\Lynn\AppData\Local\Updater19962\Updater19962.exe
Task: {F7FB501C-57CB-4E1A-AD9C-E72CFB77FB7C} - System32\Tasks\{C4BBCEAC-35CD-4EC3-B791-F2F7A841C093} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002.job => C:\Program Files (x86)\Bench\Updater\Updater.exe
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\Updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-25 19:10 - 2013-09-25 19:10 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-19 22:23 - 2013-10-27 21:04 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-03 14:02 - 2011-11-03 14:02 - 00142336 _____ () C:\Program Files (x86)\FS\Spyro Portal\SpyroLibrary.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-18 18:00 - 2013-10-09 00:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 18:00 - 2013-10-09 00:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 18:00 - 2013-10-09 00:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 18:00 - 2013-10-09 00:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 18:00 - 2013-10-09 00:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 18:00 - 2013-10-09 00:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-08-12 12:50 - 2012-05-30 14:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 20702 Bluetooth 4.0 Adapter
Description: Broadcom 20702 Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/30/2013 11:45:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/30/2013 11:46:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (10/30/2013 11:45:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 5609.91 MB
Available physical RAM: 3399.03 MB
Total Pagefile: 11217.99 MB
Available Pagefile: 8621.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.13 GB) (Free:545.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B034BE95)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 30 October 2013 - 06:58 PM

Ok, thanks for that.
Please post the 2 FRST reports, then i can see what else we need to do.

I won't be able to reply again until after work tomorrow ( oops... today)

Thanks.

Edit:
sorry we seem to have posted at the same.
Disregard this post.

Edited by Starbuck, 30 October 2013 - 06:59 PM.

unite1.png


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 31 October 2013 - 02:00 PM

Hi lemoncake,

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Ares, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.
Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

unite1.png


#9 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 01 November 2013 - 05:00 PM

OK son been well and truly reprimanded for installing crap on my system, it has been removed!!

 

Combo Fix report:

 

ComboFix 13-11-01.03 - Lynn 01/11/2013  21:23:35.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5610.3952 [GMT 0:00]
Running from: c:\users\Lynn\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-10-30 23:53 . 2013-10-30 23:53 -------- d-----w- C:\FRST
2013-10-30 23:36 . 2013-10-30 23:42 -------- d-----w- C:\AdwCleaner
2013-10-30 23:09 . 2013-10-30 23:09 -------- d-----w- c:\windows\ERUNT
2013-10-29 04:58 . 2013-10-29 04:58 -------- d-----w- c:\programdata\Oracle
2013-10-29 04:54 . 2013-10-29 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-29 04:53 . 2013-10-29 04:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 04:53 . 2013-10-29 04:53 -------- d-----w- c:\program files (x86)\Java
2013-10-29 04:33 . 2013-10-29 04:58 -------- d-----w- c:\users\Lynn\AppData\Local\NPE
2013-10-28 02:01 . 2013-10-28 23:34 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64
2013-10-28 02:01 . 2013-10-28 02:01 -------- d-----w- c:\program files (x86)\Norton Management
2013-10-28 01:21 . 2013-10-28 01:21 -------- d-----w- c:\program files (x86)\Bee Coupons
2013-10-28 01:21 . 2013-10-28 01:21 -------- d-----w- c:\users\Lynn\AppData\Local\BenchUpdater
2013-10-28 01:21 . 2013-10-28 01:21 -------- d-----w- c:\program files (x86)\Bench
2013-10-28 01:21 . 2013-10-30 19:38 -------- d-----w- c:\users\Lynn\AppData\Local\Bee Coupons
2013-10-28 01:03 . 2013-10-28 01:03 -------- d-----w- c:\users\Lynn\AppData\Local\emaze
2013-10-10 20:22 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 20:21 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-10 20:21 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:21 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 21:06 . 2013-10-08 21:06 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:05 . 2013-07-19 22:23 317808 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-10-11 02:08 . 2012-04-14 22:03 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 07:39 . 2013-09-25 19:09 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-08 21:06 . 2012-05-16 01:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:06 . 2011-11-10 03:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-12 12:51 . 2013-08-12 12:51 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-05 02:25 . 2013-09-11 21:37 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-02-17 335872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Bee Coupons-repairJob"="wscript.exe" [2009-07-14 141824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131031.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131031.001\IDSvia64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMNETS.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:55 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 21:06]
.
2013-11-01 c:\windows\Tasks\bench-S-1-5-21-1073022473-4053925900-3669206230-1002.job
- c:\program files (x86)\Bench\Updater\Updater.exe [2013-10-16 14:10]
.
2013-11-01 c:\windows\Tasks\bench-sys.job
- c:\program files (x86)\Bench\Updater\Updater.exe [2013-10-16 14:10]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-11 22:27]
.
2013-10-28 c:\windows\Tasks\HPCeeScheduleForLynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}]
2013-10-16 19:27 322600 ----a-w- c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{814C44E6-B2BA-4413-AEB3-F958AD419DB4}"= "c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll" [2013-10-16 322600]
.
[HKEY_CLASSES_ROOT\CLSID\{814C44E6-B2BA-4413-AEB3-F958AD419DB4}]
[HKEY_CLASSES_ROOT\TypeLib\{5546F41B-E2D6-4C0A-A3E8-73C033DAA56B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-10 07:41 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-10 07:41 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-10 07:41 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\
FF - ExtSQL: 2013-10-11 01:58; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF - ExtSQL: 2013-10-11 14:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-10-11 18:28; addon@bazaarfriend.com; c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\addon@bazaarfriend.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-11-01  21:58:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-01 21:57
.
Pre-Run: 586,327,089,152 bytes free
Post-Run: 585,589,231,616 bytes free
.
- - End Of File - - 7A27959F1CE9C7EBEB833A82A62CC79A
A36C5E4F47E84449FF07ED3517B43A31


#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 01 November 2013 - 05:31 PM

Hi lemoncake

son been well and truly reprimanded for installing crap on my system,

Been there, done that, got the t shirt.
Now they're older and left home, i don't have that worry anymore. :)

A quick question before i continue.......
Did you actually install this yourself? .....Bee Coupons
There's very little info on it. ( which isn't always a good thing! )
It seems to have been installed along with Bench .... which is a Wireless Key Generator.
Did you install Bench or did your son?

Thanks

unite1.png


#11 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 05 November 2013 - 11:38 AM

Mmmmmm I don't know what it is or Bench....Must have been son  :devil:

 

My chrome is getting worse daily - having better luck browsing with Firefox atm :(



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 05 November 2013 - 01:26 PM

Hi lemoncake
 

My chrome is getting worse daily

Ok, let's see if we can deal with this then.
There does seem a lot to do here, but it won't take too long.
Take each step at a time and any questions just shout.

We need to run a Combofix script.... this would have been easier if Combofix had been downloaded to the Desktop. ( you'll see why when we get to the script)

Running from: c:\users\Lynn\Downloads\ComboFix.exe

So to make it easy for you, we need to move the Combofix program to the Desktop.
Navigate to:
c:\users\Lynn\Downloads\ComboFix.exe
Make sure that the page is not maximized. (use the middle icon on the page... top right hand corner. half size will do nicely) and make sure you can see the Desktop as well.
Now right click on the Combofix icon, hold the right click button and drag the icon to the Desktop.
Release the right click button and select 'Move Here' from the menu that comes up.(left click)
You should now have Combofix on your Desktop.

Step 1
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
File::
c:\windows\Tasks\bench-sys.job
c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll

Folder::
c:\program files (x86)\Bee Coupons
c:\users\Lynn\AppData\Local\BenchUpdater
c:\program files (x86)\Bench
c:\users\Lynn\AppData\Local\Bee Coupons
C:\Users\Lynn\AppData\Local\Updater19962

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{814C44E6-B2BA-4413-AEB3-F958AD419DB4}"=_
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Bee Coupons-repairJob"=_
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below. (use the left mouse button)
cf.gif

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash



Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Your Desktop icons will disappear while TFC is running, this is normal and they will return when it's finished.


Step 3
Please reset the Google Chrome Browser:

To reset Google Chrome
  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.
Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.



Step 4
Please run another FRST scan and post the report for me.
Before you press the Scan button, look below it and make sure there's a tick against Addition.txt.
If not, just tick it.
Now press the scan button.
It will produce 2 reports as before.


In your next reply, please submit:
New Combofix.txt
new reports from Frst
and let me know if Chrome is any better now we have reset it.


Thanks.

Edited by Starbuck, 05 November 2013 - 01:30 PM.

unite1.png


#13 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 06 November 2013 - 03:59 AM

ComboFix 13-11-04.01 - Lynn 06/11/2013   8:25.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5610.3919 [GMT 0:00]
Running from: c:\users\Lynn\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Evan\AppData\Local\temp
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 16:45 . 2013-11-05 19:12 -------- d-----w- c:\program files\office.tmp
2013-11-05 15:35 . 2013-11-05 15:35 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-11-05 15:35 . 2013-11-05 15:35 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-11-05 15:35 . 2013-11-05 15:35 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-11-05 15:35 . 2013-11-05 15:35 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-10-30 23:53 . 2013-10-30 23:53 -------- d-----w- C:\FRST
2013-10-30 23:36 . 2013-10-30 23:42 -------- d-----w- C:\AdwCleaner
2013-10-30 23:09 . 2013-10-30 23:09 -------- d-----w- c:\windows\ERUNT
2013-10-29 04:58 . 2013-10-29 04:58 -------- d-----w- c:\programdata\Oracle
2013-10-29 04:54 . 2013-10-29 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-29 04:53 . 2013-10-29 04:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 04:53 . 2013-10-29 04:53 -------- d-----w- c:\program files (x86)\Java
2013-10-29 04:33 . 2013-10-29 04:58 -------- d-----w- c:\users\Lynn\AppData\Local\NPE
2013-10-28 02:01 . 2013-10-28 23:34 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64
2013-10-28 02:01 . 2013-10-28 02:01 -------- d-----w- c:\program files (x86)\Norton Management
2013-10-28 01:03 . 2013-10-28 01:03 -------- d-----w- c:\users\Lynn\AppData\Local\emaze
2013-10-10 20:22 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 20:21 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-10 20:21 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:21 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 21:06 . 2013-10-08 21:06 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:05 . 2013-07-19 22:23 317808 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-10-11 02:08 . 2012-04-14 22:03 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 07:39 . 2013-09-25 19:09 566480 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-08 21:06 . 2012-05-16 01:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:06 . 2011-11-10 03:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-12 12:51 . 2013-08-12 12:51 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-02-17 335872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Bee Coupons-repairJob"="wscript.exe" [2009-07-14 141824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:55 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 21:06]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-11 22:27]
.
2013-11-05 c:\windows\Tasks\HPCeeScheduleForLynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{814C44E6-B2BA-4413-AEB3-F958AD419DB4}"= "c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll" [BU]
.
[HKEY_CLASSES_ROOT\CLSID\{814C44E6-B2BA-4413-AEB3-F958AD419DB4}]
[HKEY_CLASSES_ROOT\TypeLib\{5546F41B-E2D6-4C0A-A3E8-73C033DAA56B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\
FF - ExtSQL: 2013-10-11 01:58; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF - ExtSQL: 2013-10-11 14:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-10-11 18:28; addon@bazaarfriend.com; c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\addon@bazaarfriend.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-06  08:56:16
ComboFix-quarantined-files.txt  2013-11-06 08:56
ComboFix2.txt  2013-11-05 21:00
ComboFix3.txt  2013-11-05 20:08
ComboFix4.txt  2013-11-01 21:58
.
Pre-Run: 591,903,051,776 bytes free
Post-Run: 591,824,359,424 bytes free
.
- - End Of File - - A60BDCAFE9A5C7AF1E2ADA6AF56C8B58
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Lynn (administrator) on LYNN-HP on 05-11-2013 20:23:35
Running from C:\Users\Lynn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-22] (IDT, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [335872 2009-02-17] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bee Coupons-repairJob] - wscript.exe "C:\Users\Lynn\AppData\Local\Bee Coupons\repair.js"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Evan\...\Policies\system: [DisableLockWorkstation] 0
HKU\Evan\...\Policies\system: [DisableChangePassword] 0
HKU\Evan\...\Policies\system: [LogonHoursAction] 2
HKU\Evan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bee Coupons - {814C44E6-B2BA-4413-AEB3-F958AD419DB4} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default
FF SearchEngineOrder.2: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
FF Extension: Bazaar Friend - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\addon@bazaarfriend.com
FF Extension: Update Service - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\updater@foxstart.com
FF Extension: Bee Coupons - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\{E2697576-0B98-89B0-92AF-4C2D1E7959E8}
FF Extension: torntv - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\torntv@torntv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Unity Player) - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbgjfdieajmokelnlapbedknchgenne\10.21.1.507_15
CHR Extension: (Google Search) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Raster) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Bee Coupons ) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjhfhgaljiijlajckpemcnbohjfjoi\1.0_0
CHR Extension: (Gmail) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\Lynn\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Lynn\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\Lynn\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2012-01-31] (FS)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\ENG64.SYS [126040 2013-10-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\EX64.SYS [2099288 2013-10-25] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-27] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552512 2009-03-12] ()
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:45 - 2013-11-05 19:12 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:13 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-01 21:13 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-01 21:13 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-01 21:12 - 2013-11-05 20:08 - 00000000 ____D C:\Qoobox
2013-11-01 21:11 - 2013-11-05 19:28 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-01 21:11 - 2013-11-01 21:54 - 00000000 ____D C:\Windows\erdnt
2013-10-30 23:55 - 2013-10-30 23:56 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:36 - 2013-10-30 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:33 - 2013-10-29 04:58 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 02:02 - 2013-10-28 23:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 02:01 - 2013-10-28 23:34 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:10 - 2013-10-27 23:02 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:41 - 2013-10-12 11:43 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:01 - 2013-10-11 18:06 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 02:22 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:22 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:22 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:22 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:22 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 20:22 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 20:22 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 20:22 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 20:22 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 20:22 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 20:22 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 20:22 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 20:22 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 20:22 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 20:22 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 20:22 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 20:22 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 20:22 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 20:22 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 20:22 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 20:22 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 20:22 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 20:22 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 20:22 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 20:22 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 20:22 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 20:21 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 20:21 - 2013-08-01 09:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 20:21 - 2013-08-01 09:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-10 20:21 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:18 - 2013-10-29 04:10 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-09 19:31 - 2013-10-10 22:53 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-09 19:30 - 2013-10-10 22:50 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:22 - 2009-07-14 05:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 20:20 - 2012-01-27 22:12 - 01582725 _____ C:\Windows\WindowsUpdate.log
2013-11-05 20:18 - 2013-04-22 15:26 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 20:16 - 2012-12-03 15:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-05 20:16 - 2010-11-21 03:47 - 00657648 _____ C:\Windows\PFRO.log
2013-11-05 20:16 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 20:16 - 2009-07-14 04:51 - 00155593 _____ C:\Windows\setupact.log
2013-11-05 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 20:08 - 2013-11-01 21:12 - 00000000 ____D C:\Qoobox
2013-11-05 20:06 - 2012-05-16 01:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 20:03 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-11-05 19:55 - 2013-04-22 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 19:28 - 2013-11-01 21:11 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:16 - 2012-07-02 20:22 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-11-05 19:12 - 2013-11-05 16:45 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 18:37 - 2012-04-08 09:23 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\SoftGrid Client
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:47 - 2011-11-10 03:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-05 15:35 - 2012-04-05 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 15:31 - 2012-10-16 10:09 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-04 23:14 - 2012-04-01 18:47 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4DB3067-FF68-42F1-AFE9-BEF6C1D1B1BD}
2013-11-04 18:42 - 2012-04-30 13:42 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-04 18:42 - 2012-04-02 13:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:24 - 2012-12-12 15:28 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2013-11-01 22:24 - 2012-12-12 15:28 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLynn.job
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:58 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-01 21:54 - 2013-11-01 21:11 - 00000000 ____D C:\Windows\erdnt
2013-11-01 21:48 - 2009-07-14 02:34 - 82313216 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-01 19:32 - 2013-01-09 21:35 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\BitTorrent
2013-10-30 23:56 - 2013-10-30 23:55 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:42 - 2013-10-30 23:36 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-30 17:41 - 2012-04-04 19:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B554D3E2-C714-4869-8FA7-DFA1B1E8B779}
2013-10-29 20:28 - 2012-04-04 19:56 - 00000000 ____D C:\Users\Evan
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 12:07 - 2013-02-15 15:06 - 00000000 ____D C:\Windows\pss
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:58 - 2013-10-29 04:33 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:34 - 2012-01-27 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-10-29 04:10 - 2013-10-10 13:18 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-28 23:39 - 2013-10-28 02:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 23:34 - 2013-10-28 02:01 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 10:22 - 2012-04-04 19:56 - 00001230 __RSH C:\Users\Evan\ntuser.pol
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 02:00 - 2013-08-12 12:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-28 02:00 - 2012-04-04 19:51 - 00000632 __RSH C:\Users\Lynn\ntuser.pol
2013-10-28 02:00 - 2012-04-01 18:45 - 00000000 ____D C:\Users\Lynn
2013-10-28 01:24 - 2012-04-01 18:47 - 00000000 ___RD C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\ProgramData\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-28 01:14 - 2012-04-10 17:46 - 00000000 ____D C:\Users\Lynn\AppData\Local\CrashDumps
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-28 00:53 - 2012-09-14 13:05 - 00000000 ____D C:\Users\Lynn\AppData\Local\WinZip
2013-10-27 23:02 - 2013-10-26 21:10 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:32 - 2013-01-09 21:36 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-10-17 15:05 - 2013-07-19 22:23 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-17 02:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 00:13 - 2012-05-15 19:01 - 00000000 ____D C:\Users\Lynn\Documents\OnLive App
2013-10-13 20:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:43 - 2013-10-12 11:41 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:19 - 2012-12-14 15:04 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\vlc
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:06 - 2013-10-11 18:01 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 07:39 - 2012-04-04 19:57 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:45 - 2009-07-14 04:45 - 00436072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:18 - 2012-01-27 22:16 - 00765636 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:11 - 2013-07-18 15:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:08 - 2012-04-14 22:03 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 22:53 - 2013-10-09 19:31 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-10 22:50 - 2013-10-09 19:30 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-10 09:41 - 2013-04-22 15:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-10 09:41 - 2012-04-01 19:09 - 00000000 ____D C:\Users\Lynn\AppData\Local\Google
2013-10-10 07:49 - 2013-04-22 15:26 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 07:49 - 2013-04-22 15:26 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:06 - 2011-11-10 03:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 21:23
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Lynn at 2013-11-05 20:25:08
Running from C:\Users\Lynn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0928.607.9079)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD System Monitor (x32 Version: 1.0.9)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArtRage Studio Pro Demo (x32 Version: 3.0.8)
Audible Download Manager (x32 Version: 6.6.0.15)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
blinkbox Download Manager (x32 Version: 2.0.7)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.140)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079)
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079)
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079)
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079)
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079)
CCC Help Czech (x32 Version: 2011.0928.0606.9079)
CCC Help Danish (x32 Version: 2011.0928.0606.9079)
CCC Help Dutch (x32 Version: 2011.0928.0606.9079)
CCC Help English (x32 Version: 2011.0928.0606.9079)
CCC Help Finnish (x32 Version: 2011.0928.0606.9079)
CCC Help French (x32 Version: 2011.0928.0606.9079)
CCC Help German (x32 Version: 2011.0928.0606.9079)
CCC Help Greek (x32 Version: 2011.0928.0606.9079)
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079)
CCC Help Italian (x32 Version: 2011.0928.0606.9079)
CCC Help Japanese (x32 Version: 2011.0928.0606.9079)
CCC Help Korean (x32 Version: 2011.0928.0606.9079)
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079)
CCC Help Polish (x32 Version: 2011.0928.0606.9079)
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079)
CCC Help Russian (x32 Version: 2011.0928.0606.9079)
CCC Help Spanish (x32 Version: 2011.0928.0606.9079)
CCC Help Swedish (x32 Version: 2011.0928.0606.9079)
CCC Help Thai (x32 Version: 2011.0928.0606.9079)
CCC Help Turkish (x32 Version: 2011.0928.0606.9079)
ccc-utility64 (Version: 2011.0928.607.9079)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ConverterLite 1.5.0 (x32 Version: 1.5.0)
Coupon Printer (x32 Version: 2.0)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 28.0.1315.0)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Photo Creations (x32 Version: 1.0.0.11502)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.15.0005)
HP Quick Launch (x32 Version: 2.6.3)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.11)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HUE HD Webcam Video Software (x32 Version: 5.8.48202.103)
IDT Audio (x32 Version: 1.0.6381.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1)
Mozilla Firefox 20.0.1 (x86 en-US) (HKCU Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 13.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 (x32 Version: 20.4.0.40)
Norton Management (x32 Version: 3.2.2.12)
OnLive (x32)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Pivot Stickfigure Animator version 2.2.7 (x32 Version: 2.2.7)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Rapport (x32 Version: 3.5.1304.13)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
SAM Animation 1.3 (x32 Version: 1.3)
SpyroDriver (x32 Version: 1.07.0000)
SpyroPortalDriver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.13)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
VideoPad Video Editor (x32 Version: 3.04)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.0.1 (x32 Version: 1.0.1)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Password Unlocker Standard 5.3.0.0 (x32)
WinZip 16.5 (Version: 16.5.10095)
ZTE_1.2059.0.8 (x32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
28-10-2013 01:24:42 Removed Rapport
29-10-2013 04:46:14 Removed Java 7 Update 7
29-10-2013 04:49:17 Removed JavaFX 2.1.1
29-10-2013 04:52:45 Installed Java 7 Update 45
01-11-2013 21:13:44 ComboFix created restore point
05-11-2013 19:35:02 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2013-11-05 20:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {000AE052-0F10-4381-86AB-0BA961CA5705} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {076823BD-E067-4D16-ADE9-DEFF01446848} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {0933FFF8-BA47-4366-BF6F-DB3DED3155C4} - System32\Tasks\HPCeeScheduleForLynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B79A101-295B-4B25-9DF8-2B5DCD861E20} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CDB4A0B-D9B4-45F2-B304-636B86631E9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {121C782B-BA0C-43F1-BC3B-A8C6334D876E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-11] ()
Task: {13687D07-4B9F-4F15-AAA4-4DB7DE4D0F9C} - System32\Tasks\Google Updater and Installer => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1B7E9C06-0AA4-4173-8230-063C21D83AE5} - System32\Tasks\{251B2580-5488-4436-8B98-31A8080486D2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {2A2C9A84-43FC-415F-ACE4-35F0BD901770} - System32\Tasks\{E3D1FC44-166F-4342-8841-75CB465C86A2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {35937ADE-5EE8-4948-AF1B-7088604ACDA4} - System32\Tasks\{DAC2A945-57F0-48AD-806A-F6DDDFBBA0E1} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {380F67E5-AE23-41DF-BB5C-7D2E0E855929} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {4098FECD-6988-40D9-AA20-3D585D010435} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {55AFFEA2-E480-44C3-A63B-75882CD9ACEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {590571D9-3424-464F-8BB3-2FC2E22C3087} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-10-28] (Hewlett-Packard)
Task: {788B4799-10B1-4071-BF50-F56EC5201716} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {79344078-B81D-472A-A83D-399331B4F7E7} - System32\Tasks\NCH Software\debutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {79E93BCB-0512-47C8-9029-B60CED3D356A} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {7EE29785-61A5-4EA4-8A1C-BD61DC0E9C7A} - System32\Tasks\{493C4D1B-9688-4CFA-BEF3-B10DA2B3BB9C} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A3C1E02B-894E-4E74-A686-D98D3500D940} - System32\Tasks\{42E41325-7B4C-4AD0-850D-7BAA907EBA99} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A5251222-2B5B-4E19-8E9F-8AF9A21CE98D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7C085DD-680D-49C8-A7D8-FE71FF7F606A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AAE649DC-EEE4-4A61-A276-158319E7B733} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {C7B22719-9010-4DDC-97BC-C5E5AA2B36F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CF88D049-4AEF-4D0F-A78B-68D05D9C4DD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {D183C194-7A3C-4A3B-A2D2-F0C5D555F6E6} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {D1FE4FE1-A255-428A-942F-838E03C3C314} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D24FA78C-8F48-4D5D-ADF4-C3BACD642139} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {E3C634ED-6DD6-4FF8-A6C4-ED6AACF0D8D5} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {E5F78C75-0F45-4A5C-BBB9-4F2086633BE5} - System32\Tasks\Updater19962.exe => C:\Users\Lynn\AppData\Local\Updater19962\Updater19962.exe
Task: {F7FB501C-57CB-4E1A-AD9C-E72CFB77FB7C} - System32\Tasks\{C4BBCEAC-35CD-4EC3-B791-F2F7A841C093} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-19 22:23 - 2013-10-27 21:04 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-03 14:02 - 2011-11-03 14:02 - 00142336 _____ () C:\Program Files (x86)\FS\Spyro Portal\SpyroLibrary.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-08-12 12:50 - 2012-05-30 14:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
System errors:
=============
Error: (11/05/2013 08:17:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:03:10 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 08:01:15 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 08:01:14 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 07:49:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 07:28:44 PM) (Source: Service Control Manager) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/05/2013 07:14:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 01:38:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-05 20:01:15.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.749
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 5609.91 MB
Available physical RAM: 3951.71 MB
Total Pagefile: 11217.99 MB
Available Pagefile: 9316.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.13 GB) (Free:548.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B034BE95)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
 
Chrome seems much better so far! :)
 
 
 

 


ComboFix 13-11-04.01 - Lynn 06/11/2013   8:25.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5610.3919 [GMT 0:00]
Running from: c:\users\Lynn\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Evan\AppData\Local\temp
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 16:45 . 2013-11-05 19:12 -------- d-----w- c:\program files\office.tmp
2013-11-05 15:35 . 2013-11-05 15:35 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-11-05 15:35 . 2013-11-05 15:35 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-11-05 15:35 . 2013-11-05 15:35 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-11-05 15:35 . 2013-11-05 15:35 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-10-30 23:53 . 2013-10-30 23:53 -------- d-----w- C:\FRST
2013-10-30 23:36 . 2013-10-30 23:42 -------- d-----w- C:\AdwCleaner
2013-10-30 23:09 . 2013-10-30 23:09 -------- d-----w- c:\windows\ERUNT
2013-10-29 04:58 . 2013-10-29 04:58 -------- d-----w- c:\programdata\Oracle
2013-10-29 04:54 . 2013-10-29 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-29 04:53 . 2013-10-29 04:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 04:53 . 2013-10-29 04:53 -------- d-----w- c:\program files (x86)\Java
2013-10-29 04:33 . 2013-10-29 04:58 -------- d-----w- c:\users\Lynn\AppData\Local\NPE
2013-10-28 02:01 . 2013-10-28 23:34 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64
2013-10-28 02:01 . 2013-10-28 02:01 -------- d-----w- c:\program files (x86)\Norton Management
2013-10-28 01:03 . 2013-10-28 01:03 -------- d-----w- c:\users\Lynn\AppData\Local\emaze
2013-10-10 20:22 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 20:21 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-10 20:21 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:21 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 21:06 . 2013-10-08 21:06 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:05 . 2013-07-19 22:23 317808 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-10-11 02:08 . 2012-04-14 22:03 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 07:39 . 2013-09-25 19:09 566480 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-08 21:06 . 2012-05-16 01:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:06 . 2011-11-10 03:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-12 12:51 . 2013-08-12 12:51 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-02-17 335872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Bee Coupons-repairJob"="wscript.exe" [2009-07-14 141824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:55 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 21:06]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-11 22:27]
.
2013-11-05 c:\windows\Tasks\HPCeeScheduleForLynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{814C44E6-B2BA-4413-AEB3-F958AD419DB4}"= "c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll" [BU]
.
[HKEY_CLASSES_ROOT\CLSID\{814C44E6-B2BA-4413-AEB3-F958AD419DB4}]
[HKEY_CLASSES_ROOT\TypeLib\{5546F41B-E2D6-4C0A-A3E8-73C033DAA56B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\
FF - ExtSQL: 2013-10-11 01:58; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF - ExtSQL: 2013-10-11 14:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-10-11 18:28; addon@bazaarfriend.com; c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\addon@bazaarfriend.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-06  08:56:16
ComboFix-quarantined-files.txt  2013-11-06 08:56
ComboFix2.txt  2013-11-05 21:00
ComboFix3.txt  2013-11-05 20:08
ComboFix4.txt  2013-11-01 21:58
.
Pre-Run: 591,903,051,776 bytes free
Post-Run: 591,824,359,424 bytes free
.
- - End Of File - - A60BDCAFE9A5C7AF1E2ADA6AF56C8B58
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Lynn (administrator) on LYNN-HP on 05-11-2013 20:23:35
Running from C:\Users\Lynn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-22] (IDT, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [335872 2009-02-17] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bee Coupons-repairJob] - wscript.exe "C:\Users\Lynn\AppData\Local\Bee Coupons\repair.js"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Evan\...\Policies\system: [DisableLockWorkstation] 0
HKU\Evan\...\Policies\system: [DisableChangePassword] 0
HKU\Evan\...\Policies\system: [LogonHoursAction] 2
HKU\Evan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bee Coupons - {814C44E6-B2BA-4413-AEB3-F958AD419DB4} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default
FF SearchEngineOrder.2: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
FF Extension: Bazaar Friend - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\addon@bazaarfriend.com
FF Extension: Update Service - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\updater@foxstart.com
FF Extension: Bee Coupons - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\{E2697576-0B98-89B0-92AF-4C2D1E7959E8}
FF Extension: torntv - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\torntv@torntv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Unity Player) - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbgjfdieajmokelnlapbedknchgenne\10.21.1.507_15
CHR Extension: (Google Search) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Raster) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Bee Coupons ) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjhfhgaljiijlajckpemcnbohjfjoi\1.0_0
CHR Extension: (Gmail) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\Lynn\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Lynn\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\Lynn\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2012-01-31] (FS)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\ENG64.SYS [126040 2013-10-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\EX64.SYS [2099288 2013-10-25] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-27] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552512 2009-03-12] ()
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:45 - 2013-11-05 19:12 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:13 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-01 21:13 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-01 21:13 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-01 21:12 - 2013-11-05 20:08 - 00000000 ____D C:\Qoobox
2013-11-01 21:11 - 2013-11-05 19:28 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-01 21:11 - 2013-11-01 21:54 - 00000000 ____D C:\Windows\erdnt
2013-10-30 23:55 - 2013-10-30 23:56 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:36 - 2013-10-30 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:33 - 2013-10-29 04:58 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 02:02 - 2013-10-28 23:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 02:01 - 2013-10-28 23:34 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:10 - 2013-10-27 23:02 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:41 - 2013-10-12 11:43 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:01 - 2013-10-11 18:06 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 02:22 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:22 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:22 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:22 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:22 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 20:22 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 20:22 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 20:22 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 20:22 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 20:22 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 20:22 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 20:22 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 20:22 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 20:22 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 20:22 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 20:22 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 20:22 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 20:22 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 20:22 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 20:22 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 20:22 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 20:22 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 20:22 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 20:22 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 20:22 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 20:22 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 20:21 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 20:21 - 2013-08-01 09:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 20:21 - 2013-08-01 09:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-10 20:21 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:18 - 2013-10-29 04:10 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-09 19:31 - 2013-10-10 22:53 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-09 19:30 - 2013-10-10 22:50 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:22 - 2009-07-14 05:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 20:20 - 2012-01-27 22:12 - 01582725 _____ C:\Windows\WindowsUpdate.log
2013-11-05 20:18 - 2013-04-22 15:26 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 20:16 - 2012-12-03 15:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-05 20:16 - 2010-11-21 03:47 - 00657648 _____ C:\Windows\PFRO.log
2013-11-05 20:16 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 20:16 - 2009-07-14 04:51 - 00155593 _____ C:\Windows\setupact.log
2013-11-05 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 20:08 - 2013-11-01 21:12 - 00000000 ____D C:\Qoobox
2013-11-05 20:06 - 2012-05-16 01:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 20:03 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-11-05 19:55 - 2013-04-22 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 19:28 - 2013-11-01 21:11 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:16 - 2012-07-02 20:22 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-11-05 19:12 - 2013-11-05 16:45 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 18:37 - 2012-04-08 09:23 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\SoftGrid Client
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:47 - 2011-11-10 03:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-05 15:35 - 2012-04-05 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 15:31 - 2012-10-16 10:09 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-04 23:14 - 2012-04-01 18:47 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4DB3067-FF68-42F1-AFE9-BEF6C1D1B1BD}
2013-11-04 18:42 - 2012-04-30 13:42 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-04 18:42 - 2012-04-02 13:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:24 - 2012-12-12 15:28 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2013-11-01 22:24 - 2012-12-12 15:28 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLynn.job
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:58 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-01 21:54 - 2013-11-01 21:11 - 00000000 ____D C:\Windows\erdnt
2013-11-01 21:48 - 2009-07-14 02:34 - 82313216 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-01 19:32 - 2013-01-09 21:35 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\BitTorrent
2013-10-30 23:56 - 2013-10-30 23:55 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:42 - 2013-10-30 23:36 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-30 17:41 - 2012-04-04 19:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B554D3E2-C714-4869-8FA7-DFA1B1E8B779}
2013-10-29 20:28 - 2012-04-04 19:56 - 00000000 ____D C:\Users\Evan
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 12:07 - 2013-02-15 15:06 - 00000000 ____D C:\Windows\pss
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:58 - 2013-10-29 04:33 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:34 - 2012-01-27 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-10-29 04:10 - 2013-10-10 13:18 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-28 23:39 - 2013-10-28 02:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 23:34 - 2013-10-28 02:01 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 10:22 - 2012-04-04 19:56 - 00001230 __RSH C:\Users\Evan\ntuser.pol
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 02:00 - 2013-08-12 12:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-28 02:00 - 2012-04-04 19:51 - 00000632 __RSH C:\Users\Lynn\ntuser.pol
2013-10-28 02:00 - 2012-04-01 18:45 - 00000000 ____D C:\Users\Lynn
2013-10-28 01:24 - 2012-04-01 18:47 - 00000000 ___RD C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\ProgramData\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-28 01:14 - 2012-04-10 17:46 - 00000000 ____D C:\Users\Lynn\AppData\Local\CrashDumps
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-28 00:53 - 2012-09-14 13:05 - 00000000 ____D C:\Users\Lynn\AppData\Local\WinZip
2013-10-27 23:02 - 2013-10-26 21:10 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:32 - 2013-01-09 21:36 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-10-17 15:05 - 2013-07-19 22:23 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-17 02:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 00:13 - 2012-05-15 19:01 - 00000000 ____D C:\Users\Lynn\Documents\OnLive App
2013-10-13 20:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:43 - 2013-10-12 11:41 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:19 - 2012-12-14 15:04 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\vlc
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:06 - 2013-10-11 18:01 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 07:39 - 2012-04-04 19:57 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:45 - 2009-07-14 04:45 - 00436072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:18 - 2012-01-27 22:16 - 00765636 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:11 - 2013-07-18 15:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:08 - 2012-04-14 22:03 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 22:53 - 2013-10-09 19:31 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-10 22:50 - 2013-10-09 19:30 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-10 09:41 - 2013-04-22 15:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-10 09:41 - 2012-04-01 19:09 - 00000000 ____D C:\Users\Lynn\AppData\Local\Google
2013-10-10 07:49 - 2013-04-22 15:26 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 07:49 - 2013-04-22 15:26 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:06 - 2011-11-10 03:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 21:23
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Lynn at 2013-11-05 20:25:08
Running from C:\Users\Lynn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0928.607.9079)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD System Monitor (x32 Version: 1.0.9)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArtRage Studio Pro Demo (x32 Version: 3.0.8)
Audible Download Manager (x32 Version: 6.6.0.15)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
blinkbox Download Manager (x32 Version: 2.0.7)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.140)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079)
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079)
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079)
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079)
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079)
CCC Help Czech (x32 Version: 2011.0928.0606.9079)
CCC Help Danish (x32 Version: 2011.0928.0606.9079)
CCC Help Dutch (x32 Version: 2011.0928.0606.9079)
CCC Help English (x32 Version: 2011.0928.0606.9079)
CCC Help Finnish (x32 Version: 2011.0928.0606.9079)
CCC Help French (x32 Version: 2011.0928.0606.9079)
CCC Help German (x32 Version: 2011.0928.0606.9079)
CCC Help Greek (x32 Version: 2011.0928.0606.9079)
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079)
CCC Help Italian (x32 Version: 2011.0928.0606.9079)
CCC Help Japanese (x32 Version: 2011.0928.0606.9079)
CCC Help Korean (x32 Version: 2011.0928.0606.9079)
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079)
CCC Help Polish (x32 Version: 2011.0928.0606.9079)
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079)
CCC Help Russian (x32 Version: 2011.0928.0606.9079)
CCC Help Spanish (x32 Version: 2011.0928.0606.9079)
CCC Help Swedish (x32 Version: 2011.0928.0606.9079)
CCC Help Thai (x32 Version: 2011.0928.0606.9079)
CCC Help Turkish (x32 Version: 2011.0928.0606.9079)
ccc-utility64 (Version: 2011.0928.607.9079)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ConverterLite 1.5.0 (x32 Version: 1.5.0)
Coupon Printer (x32 Version: 2.0)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 28.0.1315.0)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Photo Creations (x32 Version: 1.0.0.11502)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.15.0005)
HP Quick Launch (x32 Version: 2.6.3)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.11)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HUE HD Webcam Video Software (x32 Version: 5.8.48202.103)
IDT Audio (x32 Version: 1.0.6381.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1)
Mozilla Firefox 20.0.1 (x86 en-US) (HKCU Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 13.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 (x32 Version: 20.4.0.40)
Norton Management (x32 Version: 3.2.2.12)
OnLive (x32)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Pivot Stickfigure Animator version 2.2.7 (x32 Version: 2.2.7)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Rapport (x32 Version: 3.5.1304.13)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
SAM Animation 1.3 (x32 Version: 1.3)
SpyroDriver (x32 Version: 1.07.0000)
SpyroPortalDriver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.13)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
VideoPad Video Editor (x32 Version: 3.04)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.0.1 (x32 Version: 1.0.1)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Password Unlocker Standard 5.3.0.0 (x32)
WinZip 16.5 (Version: 16.5.10095)
ZTE_1.2059.0.8 (x32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
28-10-2013 01:24:42 Removed Rapport
29-10-2013 04:46:14 Removed Java 7 Update 7
29-10-2013 04:49:17 Removed JavaFX 2.1.1
29-10-2013 04:52:45 Installed Java 7 Update 45
01-11-2013 21:13:44 ComboFix created restore point
05-11-2013 19:35:02 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2013-11-05 20:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {000AE052-0F10-4381-86AB-0BA961CA5705} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {076823BD-E067-4D16-ADE9-DEFF01446848} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {0933FFF8-BA47-4366-BF6F-DB3DED3155C4} - System32\Tasks\HPCeeScheduleForLynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B79A101-295B-4B25-9DF8-2B5DCD861E20} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CDB4A0B-D9B4-45F2-B304-636B86631E9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {121C782B-BA0C-43F1-BC3B-A8C6334D876E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-11] ()
Task: {13687D07-4B9F-4F15-AAA4-4DB7DE4D0F9C} - System32\Tasks\Google Updater and Installer => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1B7E9C06-0AA4-4173-8230-063C21D83AE5} - System32\Tasks\{251B2580-5488-4436-8B98-31A8080486D2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {2A2C9A84-43FC-415F-ACE4-35F0BD901770} - System32\Tasks\{E3D1FC44-166F-4342-8841-75CB465C86A2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {35937ADE-5EE8-4948-AF1B-7088604ACDA4} - System32\Tasks\{DAC2A945-57F0-48AD-806A-F6DDDFBBA0E1} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {380F67E5-AE23-41DF-BB5C-7D2E0E855929} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {4098FECD-6988-40D9-AA20-3D585D010435} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {55AFFEA2-E480-44C3-A63B-75882CD9ACEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {590571D9-3424-464F-8BB3-2FC2E22C3087} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-10-28] (Hewlett-Packard)
Task: {788B4799-10B1-4071-BF50-F56EC5201716} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {79344078-B81D-472A-A83D-399331B4F7E7} - System32\Tasks\NCH Software\debutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {79E93BCB-0512-47C8-9029-B60CED3D356A} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {7EE29785-61A5-4EA4-8A1C-BD61DC0E9C7A} - System32\Tasks\{493C4D1B-9688-4CFA-BEF3-B10DA2B3BB9C} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A3C1E02B-894E-4E74-A686-D98D3500D940} - System32\Tasks\{42E41325-7B4C-4AD0-850D-7BAA907EBA99} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A5251222-2B5B-4E19-8E9F-8AF9A21CE98D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7C085DD-680D-49C8-A7D8-FE71FF7F606A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AAE649DC-EEE4-4A61-A276-158319E7B733} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {C7B22719-9010-4DDC-97BC-C5E5AA2B36F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CF88D049-4AEF-4D0F-A78B-68D05D9C4DD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {D183C194-7A3C-4A3B-A2D2-F0C5D555F6E6} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {D1FE4FE1-A255-428A-942F-838E03C3C314} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D24FA78C-8F48-4D5D-ADF4-C3BACD642139} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {E3C634ED-6DD6-4FF8-A6C4-ED6AACF0D8D5} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {E5F78C75-0F45-4A5C-BBB9-4F2086633BE5} - System32\Tasks\Updater19962.exe => C:\Users\Lynn\AppData\Local\Updater19962\Updater19962.exe
Task: {F7FB501C-57CB-4E1A-AD9C-E72CFB77FB7C} - System32\Tasks\{C4BBCEAC-35CD-4EC3-B791-F2F7A841C093} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-19 22:23 - 2013-10-27 21:04 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-03 14:02 - 2011-11-03 14:02 - 00142336 _____ () C:\Program Files (x86)\FS\Spyro Portal\SpyroLibrary.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-08-12 12:50 - 2012-05-30 14:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
System errors:
=============
Error: (11/05/2013 08:17:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:03:10 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 08:01:15 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 08:01:14 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 07:49:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 07:28:44 PM) (Source: Service Control Manager) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/05/2013 07:14:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 01:38:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-05 20:01:15.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.749
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 5609.91 MB
Available physical RAM: 3951.71 MB
Total Pagefile: 11217.99 MB
Available Pagefile: 9316.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.13 GB) (Free:548.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B034BE95)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
 
Chrome seems much better so far! :)
 
 
 

 



#14 lemoncakeuk72

lemoncakeuk72
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:16 PM

Posted 06 November 2013 - 04:06 AM

ComboFix 13-11-04.01 - Lynn 06/11/2013   8:25.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5610.3919 [GMT 0:00]
Running from: c:\users\Lynn\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Evan\AppData\Local\temp
2013-11-06 08:51 . 2013-11-06 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 16:45 . 2013-11-05 19:12 -------- d-----w- c:\program files\office.tmp
2013-11-05 15:35 . 2013-11-05 15:35 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-11-05 15:35 . 2013-11-05 15:35 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-11-05 15:35 . 2013-11-05 15:35 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-11-05 15:35 . 2013-11-05 15:35 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-10-30 23:53 . 2013-10-30 23:53 -------- d-----w- C:\FRST
2013-10-30 23:36 . 2013-10-30 23:42 -------- d-----w- C:\AdwCleaner
2013-10-30 23:09 . 2013-10-30 23:09 -------- d-----w- c:\windows\ERUNT
2013-10-29 04:58 . 2013-10-29 04:58 -------- d-----w- c:\programdata\Oracle
2013-10-29 04:54 . 2013-10-29 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-29 04:53 . 2013-10-29 04:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-29 04:53 . 2013-10-29 04:53 -------- d-----w- c:\program files (x86)\Java
2013-10-29 04:33 . 2013-10-29 04:58 -------- d-----w- c:\users\Lynn\AppData\Local\NPE
2013-10-28 02:01 . 2013-10-28 23:34 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64
2013-10-28 02:01 . 2013-10-28 02:01 -------- d-----w- c:\program files (x86)\Norton Management
2013-10-28 01:03 . 2013-10-28 01:03 -------- d-----w- c:\users\Lynn\AppData\Local\emaze
2013-10-10 20:22 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 20:21 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-10 20:21 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:21 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 21:06 . 2013-10-08 21:06 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:05 . 2013-07-19 22:23 317808 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-10-11 02:08 . 2012-04-14 22:03 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 07:39 . 2013-09-25 19:09 566480 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-08 21:06 . 2012-05-16 01:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:06 . 2011-11-10 03:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-12 12:51 . 2013-08-12 12:51 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 222712 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-02-17 335872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Bee Coupons-repairJob"="wscript.exe" [2009-07-14 141824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:55 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 21:06]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22 15:26]
.
2013-11-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-11 22:27]
.
2013-11-05 c:\windows\Tasks\HPCeeScheduleForLynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{814C44E6-B2BA-4413-AEB3-F958AD419DB4}"= "c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll" [BU]
.
[HKEY_CLASSES_ROOT\CLSID\{814C44E6-B2BA-4413-AEB3-F958AD419DB4}]
[HKEY_CLASSES_ROOT\TypeLib\{5546F41B-E2D6-4C0A-A3E8-73C033DAA56B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-25 19:29 261624 ----a-w- c:\users\Lynn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\
FF - ExtSQL: 2013-10-11 01:58; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF - ExtSQL: 2013-10-11 14:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-10-11 18:28; addon@bazaarfriend.com; c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\extensions\addon@bazaarfriend.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-06  08:56:16
ComboFix-quarantined-files.txt  2013-11-06 08:56
ComboFix2.txt  2013-11-05 21:00
ComboFix3.txt  2013-11-05 20:08
ComboFix4.txt  2013-11-01 21:58
.
Pre-Run: 591,903,051,776 bytes free
Post-Run: 591,824,359,424 bytes free
.
- - End Of File - - A60BDCAFE9A5C7AF1E2ADA6AF56C8B58
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Lynn (administrator) on LYNN-HP on 05-11-2013 20:23:35
Running from C:\Users\Lynn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-22] (IDT, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [335872 2009-02-17] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bee Coupons-repairJob] - wscript.exe "C:\Users\Lynn\AppData\Local\Bee Coupons\repair.js"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Evan\...\Policies\system: [DisableLockWorkstation] 0
HKU\Evan\...\Policies\system: [DisableChangePassword] 0
HKU\Evan\...\Policies\system: [LogonHoursAction] 2
HKU\Evan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=519
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bee Coupons - {814C44E6-B2BA-4413-AEB3-F958AD419DB4} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default
FF SearchEngineOrder.2: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
FF Extension: Bazaar Friend - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\addon@bazaarfriend.com
FF Extension: Update Service - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\updater@foxstart.com
FF Extension: Bee Coupons - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\{E2697576-0B98-89B0-92AF-4C2D1E7959E8}
FF Extension: torntv - C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\iz9jtl5h.default\Extensions\torntv@torntv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Unity Player) - C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbgjfdieajmokelnlapbedknchgenne\10.21.1.507_15
CHR Extension: (Google Search) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Raster) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Bee Coupons ) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjhfhgaljiijlajckpemcnbohjfjoi\1.0_0
CHR Extension: (Gmail) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\Lynn\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Lynn\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\Lynn\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2012-01-31] (FS)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\ENG64.SYS [126040 2013-10-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131104.024\EX64.SYS [2099288 2013-10-25] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-27] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552512 2009-03-12] ()
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:45 - 2013-11-05 19:12 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:13 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-01 21:13 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-01 21:13 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-01 21:13 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-01 21:12 - 2013-11-05 20:08 - 00000000 ____D C:\Qoobox
2013-11-01 21:11 - 2013-11-05 19:28 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-01 21:11 - 2013-11-01 21:54 - 00000000 ____D C:\Windows\erdnt
2013-10-30 23:55 - 2013-10-30 23:56 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:36 - 2013-10-30 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:33 - 2013-10-29 04:58 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 02:02 - 2013-10-28 23:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 02:01 - 2013-10-28 23:34 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:10 - 2013-10-27 23:02 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:41 - 2013-10-12 11:43 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:01 - 2013-10-11 18:06 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 02:22 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:22 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:22 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:22 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:22 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:22 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:22 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:22 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 20:22 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 20:22 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 20:22 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 20:22 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 20:22 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 20:22 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 20:22 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 20:22 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 20:22 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 20:22 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 20:22 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 20:22 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 20:22 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 20:22 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 20:22 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 20:22 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 20:22 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 20:22 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 20:22 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 20:22 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 20:22 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 20:22 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 20:22 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 20:22 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 20:22 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 20:22 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 20:22 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 20:22 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 20:22 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 20:22 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 20:22 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 20:22 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 20:22 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 20:21 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 20:21 - 2013-08-01 09:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 20:21 - 2013-08-01 09:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-10 20:21 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:21 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:18 - 2013-10-29 04:10 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-09 19:31 - 2013-10-10 22:53 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-09 19:30 - 2013-10-10 22:50 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-05 20:22 - 2013-11-05 20:22 - 01957098 _____ (Farbar) C:\Users\Lynn\Downloads\FRST64.exe
2013-11-05 20:22 - 2009-07-14 05:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 20:20 - 2012-01-27 22:12 - 01582725 _____ C:\Windows\WindowsUpdate.log
2013-11-05 20:18 - 2013-04-22 15:26 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 20:16 - 2012-12-03 15:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-05 20:16 - 2010-11-21 03:47 - 00657648 _____ C:\Windows\PFRO.log
2013-11-05 20:16 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 20:16 - 2009-07-14 04:51 - 00155593 _____ C:\Windows\setupact.log
2013-11-05 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-11-05 20:11 - 2013-11-05 20:11 - 00448512 _____ (OldTimer Tools) C:\Users\Lynn\Desktop\TFC.exe
2013-11-05 20:08 - 2013-11-05 20:08 - 00042511 _____ C:\ComboFix.txt
2013-11-05 20:08 - 2013-11-01 21:12 - 00000000 ____D C:\Qoobox
2013-11-05 20:06 - 2012-05-16 01:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 20:03 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-11-05 19:55 - 2013-04-22 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 19:28 - 2013-11-01 21:11 - 05144303 ____R (Swearware) C:\Users\Lynn\Desktop\ComboFix.exe
2013-11-05 19:27 - 2013-11-05 19:27 - 00003792 _____ C:\Users\Lynn\Desktop\help.txt
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:21 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 19:16 - 2012-07-02 20:22 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-11-05 19:12 - 2013-11-05 16:45 - 00000000 ____D C:\Program Files\office.tmp
2013-11-05 18:37 - 2012-04-08 09:23 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\SoftGrid Client
2013-11-05 17:32 - 2013-11-05 17:32 - 00000000 ____D C:\Users\Lynn\Desktop\lemons swaps Nov 2013
2013-11-05 16:47 - 2011-11-10 03:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-05 15:35 - 2012-04-05 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 15:31 - 2012-10-16 10:09 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-11-05 15:26 - 2013-11-05 15:26 - 00000787 _____ C:\Users\Lynn\Desktop\bt.txt
2013-11-04 23:14 - 2012-04-01 18:47 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4DB3067-FF68-42F1-AFE9-BEF6C1D1B1BD}
2013-11-04 18:42 - 2012-04-30 13:42 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-04 18:42 - 2012-04-02 13:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-03 02:33 - 2013-11-03 02:33 - 00000559 _____ C:\Users\Lynn\Desktop\pp.txt
2013-11-01 22:24 - 2012-12-12 15:28 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2013-11-01 22:24 - 2012-12-12 15:28 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLynn.job
2013-11-01 22:05 - 2013-11-01 22:05 - 00000011 _____ C:\Users\Lynn\Desktop\jsa.txt
2013-11-01 21:58 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-01 21:54 - 2013-11-01 21:11 - 00000000 ____D C:\Windows\erdnt
2013-11-01 21:48 - 2009-07-14 02:34 - 82313216 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-01 21:48 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-01 19:32 - 2013-01-09 21:35 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\BitTorrent
2013-10-30 23:56 - 2013-10-30 23:55 - 00024216 _____ C:\Users\Lynn\Downloads\Addition.txt
2013-10-30 23:53 - 2013-10-30 23:53 - 00000000 ____D C:\FRST
2013-10-30 23:42 - 2013-10-30 23:36 - 00000000 ____D C:\AdwCleaner
2013-10-30 23:35 - 2013-10-30 23:35 - 01060070 _____ C:\Users\Lynn\Downloads\AdwCleaner.exe
2013-10-30 23:29 - 2013-10-30 23:29 - 00073900 _____ C:\Users\Lynn\Desktop\JRT.txt
2013-10-30 23:09 - 2013-10-30 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 23:08 - 2013-10-30 23:08 - 01033335 _____ (Thisisu) C:\Users\Lynn\Downloads\JRT.exe
2013-10-30 17:41 - 2012-04-04 19:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B554D3E2-C714-4869-8FA7-DFA1B1E8B779}
2013-10-29 20:28 - 2012-04-04 19:56 - 00000000 ____D C:\Users\Evan
2013-10-29 12:28 - 2013-10-29 12:28 - 00032216 _____ C:\Users\Lynn\Desktop\dds.txt
2013-10-29 12:28 - 2013-10-29 12:28 - 00010463 _____ C:\Users\Lynn\Desktop\attach.txt
2013-10-29 12:24 - 2013-10-29 12:24 - 00688992 ____R (Swearware) C:\Users\Lynn\Downloads\dds.com
2013-10-29 12:20 - 2013-10-29 12:20 - 00007625 _____ C:\Users\Lynn\AppData\Local\Resmon.ResmonCfg
2013-10-29 12:07 - 2013-02-15 15:06 - 00000000 ____D C:\Windows\pss
2013-10-29 04:58 - 2013-10-29 04:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 04:58 - 2013-10-29 04:33 - 00000000 ____D C:\Users\Lynn\AppData\Local\NPE
2013-10-29 04:53 - 2013-10-29 04:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-29 04:53 - 2013-10-29 04:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 04:53 - 2013-10-29 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 04:50 - 2013-10-29 04:50 - 00915368 _____ (Oracle Corporation) C:\Users\Lynn\Downloads\chromeinstall-7u45.exe
2013-10-29 04:35 - 2013-10-29 04:35 - 03053496 ____N (Symantec Corporation) C:\Users\Lynn\Downloads\NPE.exe
2013-10-29 04:34 - 2012-01-27 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-10-29 04:10 - 2013-10-10 13:18 - 00000000 ____D C:\Users\Lynn\Desktop\downloads oct 2013
2013-10-28 23:39 - 2013-10-28 02:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton Management
2013-10-28 23:34 - 2013-10-28 02:01 - 00000000 ____D C:\Windows\system32\Drivers\MCLIENTx64
2013-10-28 13:18 - 2013-10-28 13:18 - 00000104 _____ C:\Users\Lynn\Desktop\grades.txt
2013-10-28 10:22 - 2012-04-04 19:56 - 00001230 __RSH C:\Users\Evan\ntuser.pol
2013-10-28 02:01 - 2013-10-28 02:01 - 00000000 ____D C:\Program Files (x86)\Norton Management
2013-10-28 02:00 - 2013-08-12 12:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-28 02:00 - 2012-04-04 19:51 - 00000632 __RSH C:\Users\Lynn\ntuser.pol
2013-10-28 02:00 - 2012-04-01 18:45 - 00000000 ____D C:\Users\Lynn
2013-10-28 01:24 - 2012-04-01 18:47 - 00000000 ___RD C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\ProgramData\NCH Software
2013-10-28 01:15 - 2012-10-24 09:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-28 01:14 - 2012-04-10 17:46 - 00000000 ____D C:\Users\Lynn\AppData\Local\CrashDumps
2013-10-28 01:04 - 2013-10-28 01:04 - 00000151 _____ C:\Users\Lynn\Downloads\THE+PASSWORD+ULTIMATE.txt
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\Desktop\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00001218 _____ C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-10-28 01:03 - 2013-10-28 01:03 - 00000000 ____D C:\Users\Lynn\AppData\Local\emaze
2013-10-28 01:01 - 2013-10-28 01:01 - 00509968 _____ C:\Users\Lynn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-10-28 00:58 - 2013-10-28 00:58 - 00167536 _____ () C:\Users\Lynn\Downloads\OnlineWeather-aL1JshO.exe
2013-10-28 00:53 - 2012-09-14 13:05 - 00000000 ____D C:\Users\Lynn\AppData\Local\WinZip
2013-10-27 23:02 - 2013-10-26 21:10 - 00000000 ____D C:\Users\Lynn\Downloads\About Time 2013 DVDRip XviD-3LT0N
2013-10-27 16:59 - 2013-10-27 16:59 - 00000000 ____D C:\Users\Lynn\AppData\OICE_15_974FA576_32C1D314_A89
2013-10-27 15:46 - 2013-10-27 15:46 - 00000062 _____ C:\Users\Lynn\Desktop\sky codes.txt
2013-10-26 21:04 - 2013-10-26 21:04 - 00000000 ____D C:\Users\Lynn\Downloads\The Worlds End (2013) BRRip XviD Trusted Post
2013-10-26 20:32 - 2013-01-09 21:36 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-10-26 20:29 - 2013-10-26 20:29 - 01137240 _____ (BitTorrent Inc.) C:\Users\Lynn\Downloads\BitTorrent.exe
2013-10-23 14:08 - 2013-10-23 14:08 - 00002810 _____ C:\Users\Lynn\Desktop\crem reading.txt
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 18:00 - 2013-04-22 15:27 - 00002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-10-17 15:05 - 2013-07-19 22:23 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-17 02:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 00:13 - 2012-05-15 19:01 - 00000000 ____D C:\Users\Lynn\Documents\OnLive App
2013-10-13 20:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ___HD C:\Users\Lynn\Desktop\@service_player_internal
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\DCIM
2013-10-12 11:47 - 2013-10-12 11:47 - 00000000 ____D C:\Users\Lynn\Desktop\.doodlemobile_featureviewnew
2013-10-12 11:43 - 2013-10-12 11:41 - 00000000 ____D C:\Users\Lynn\Desktop\card to check
2013-10-11 18:19 - 2012-12-14 15:04 - 00000000 ____D C:\Users\Lynn\AppData\Roaming\vlc
2013-10-11 18:18 - 2013-10-11 18:18 - 00000000 ____D C:\Users\Lynn\Desktop\GPS_FW
2013-10-11 18:17 - 2013-10-11 18:17 - 62167040 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.exe
2013-10-11 18:06 - 2013-10-11 18:01 - 62053148 _____ C:\Users\Lynn\Downloads\WB850_FW_F206276.zip
2013-10-11 07:39 - 2012-04-04 19:57 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:45 - 2013-03-13 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:45 - 2009-07-14 04:45 - 00436072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:18 - 2012-01-27 22:16 - 00765636 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:11 - 2013-07-18 15:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:08 - 2012-04-14 22:03 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 22:53 - 2013-10-09 19:31 - 00000000 ____D C:\Users\Lynn\Desktop\2013-2
2013-10-10 22:50 - 2013-10-09 19:30 - 00000000 ____D C:\Users\Lynn\Desktop\video voice 2013
2013-10-10 09:41 - 2013-04-22 15:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-10 09:41 - 2012-04-01 19:09 - 00000000 ____D C:\Users\Lynn\AppData\Local\Google
2013-10-10 07:49 - 2013-04-22 15:26 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 07:49 - 2013-04-22 15:26 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 21:06 - 2013-10-08 21:06 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:06 - 2012-05-16 01:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:06 - 2011-11-10 03:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 21:23
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Lynn at 2013-11-05 20:25:08
Running from C:\Users\Lynn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0928.607.9079)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD System Monitor (x32 Version: 1.0.9)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArtRage Studio Pro Demo (x32 Version: 3.0.8)
Audible Download Manager (x32 Version: 6.6.0.15)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
blinkbox Download Manager (x32 Version: 2.0.7)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.140)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079)
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079)
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079)
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079)
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079)
CCC Help Czech (x32 Version: 2011.0928.0606.9079)
CCC Help Danish (x32 Version: 2011.0928.0606.9079)
CCC Help Dutch (x32 Version: 2011.0928.0606.9079)
CCC Help English (x32 Version: 2011.0928.0606.9079)
CCC Help Finnish (x32 Version: 2011.0928.0606.9079)
CCC Help French (x32 Version: 2011.0928.0606.9079)
CCC Help German (x32 Version: 2011.0928.0606.9079)
CCC Help Greek (x32 Version: 2011.0928.0606.9079)
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079)
CCC Help Italian (x32 Version: 2011.0928.0606.9079)
CCC Help Japanese (x32 Version: 2011.0928.0606.9079)
CCC Help Korean (x32 Version: 2011.0928.0606.9079)
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079)
CCC Help Polish (x32 Version: 2011.0928.0606.9079)
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079)
CCC Help Russian (x32 Version: 2011.0928.0606.9079)
CCC Help Spanish (x32 Version: 2011.0928.0606.9079)
CCC Help Swedish (x32 Version: 2011.0928.0606.9079)
CCC Help Thai (x32 Version: 2011.0928.0606.9079)
CCC Help Turkish (x32 Version: 2011.0928.0606.9079)
ccc-utility64 (Version: 2011.0928.607.9079)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ConverterLite 1.5.0 (x32 Version: 1.5.0)
Coupon Printer (x32 Version: 2.0)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 28.0.1315.0)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Photo Creations (x32 Version: 1.0.0.11502)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.15.0005)
HP Quick Launch (x32 Version: 2.6.3)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.11)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HUE HD Webcam Video Software (x32 Version: 5.8.48202.103)
IDT Audio (x32 Version: 1.0.6381.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1)
Mozilla Firefox 20.0.1 (x86 en-US) (HKCU Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 13.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 (x32 Version: 20.4.0.40)
Norton Management (x32 Version: 3.2.2.12)
OnLive (x32)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Pivot Stickfigure Animator version 2.2.7 (x32 Version: 2.2.7)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Rapport (x32 Version: 3.5.1304.13)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
SAM Animation 1.3 (x32 Version: 1.3)
SpyroDriver (x32 Version: 1.07.0000)
SpyroPortalDriver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.13)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
VideoPad Video Editor (x32 Version: 3.04)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.0.1 (x32 Version: 1.0.1)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Password Unlocker Standard 5.3.0.0 (x32)
WinZip 16.5 (Version: 16.5.10095)
ZTE_1.2059.0.8 (x32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
28-10-2013 01:24:42 Removed Rapport
29-10-2013 04:46:14 Removed Java 7 Update 7
29-10-2013 04:49:17 Removed JavaFX 2.1.1
29-10-2013 04:52:45 Installed Java 7 Update 45
01-11-2013 21:13:44 ComboFix created restore point
05-11-2013 19:35:02 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2013-11-05 20:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {000AE052-0F10-4381-86AB-0BA961CA5705} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {076823BD-E067-4D16-ADE9-DEFF01446848} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {0933FFF8-BA47-4366-BF6F-DB3DED3155C4} - System32\Tasks\HPCeeScheduleForLynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B79A101-295B-4B25-9DF8-2B5DCD861E20} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CDB4A0B-D9B4-45F2-B304-636B86631E9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {121C782B-BA0C-43F1-BC3B-A8C6334D876E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-11] ()
Task: {13687D07-4B9F-4F15-AAA4-4DB7DE4D0F9C} - System32\Tasks\Google Updater and Installer => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1B7E9C06-0AA4-4173-8230-063C21D83AE5} - System32\Tasks\{251B2580-5488-4436-8B98-31A8080486D2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {2A2C9A84-43FC-415F-ACE4-35F0BD901770} - System32\Tasks\{E3D1FC44-166F-4342-8841-75CB465C86A2} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {35937ADE-5EE8-4948-AF1B-7088604ACDA4} - System32\Tasks\{DAC2A945-57F0-48AD-806A-F6DDDFBBA0E1} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {380F67E5-AE23-41DF-BB5C-7D2E0E855929} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {4098FECD-6988-40D9-AA20-3D585D010435} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {55AFFEA2-E480-44C3-A63B-75882CD9ACEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {590571D9-3424-464F-8BB3-2FC2E22C3087} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-10-28] (Hewlett-Packard)
Task: {788B4799-10B1-4071-BF50-F56EC5201716} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {79344078-B81D-472A-A83D-399331B4F7E7} - System32\Tasks\NCH Software\debutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {79E93BCB-0512-47C8-9029-B60CED3D356A} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2012-10-24] (NCH Software)
Task: {7EE29785-61A5-4EA4-8A1C-BD61DC0E9C7A} - System32\Tasks\{493C4D1B-9688-4CFA-BEF3-B10DA2B3BB9C} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A3C1E02B-894E-4E74-A686-D98D3500D940} - System32\Tasks\{42E41325-7B4C-4AD0-850D-7BAA907EBA99} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {A5251222-2B5B-4E19-8E9F-8AF9A21CE98D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7C085DD-680D-49C8-A7D8-FE71FF7F606A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AAE649DC-EEE4-4A61-A276-158319E7B733} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {C7B22719-9010-4DDC-97BC-C5E5AA2B36F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CF88D049-4AEF-4D0F-A78B-68D05D9C4DD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {D183C194-7A3C-4A3B-A2D2-F0C5D555F6E6} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {D1FE4FE1-A255-428A-942F-838E03C3C314} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D24FA78C-8F48-4D5D-ADF4-C3BACD642139} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {E3C634ED-6DD6-4FF8-A6C4-ED6AACF0D8D5} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {E5F78C75-0F45-4A5C-BBB9-4F2086633BE5} - System32\Tasks\Updater19962.exe => C:\Users\Lynn\AppData\Local\Updater19962\Updater19962.exe
Task: {F7FB501C-57CB-4E1A-AD9C-E72CFB77FB7C} - System32\Tasks\{C4BBCEAC-35CD-4EC3-B791-F2F7A841C093} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-19 22:23 - 2013-10-27 21:04 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-03 14:02 - 2011-11-03 14:02 - 00142336 _____ () C:\Program Files (x86)\FS\Spyro Portal\SpyroLibrary.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-08-12 12:50 - 2012-05-30 14:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
System errors:
=============
Error: (11/05/2013 08:17:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Norton Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/05/2013 08:03:10 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 08:01:15 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 08:01:14 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/05/2013 07:49:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/05/2013 07:28:44 PM) (Source: Service Control Manager) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/05/2013 07:14:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2013 01:38:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2013 08:18:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 07:14:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2013 03:08:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0deaadb7-885b-4586-a8d9-dcf1b35cba93.dmp
 
Error: (11/05/2013 03:08:44 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\391cadb2-ebdb-492f-b743-b03d50c4acd6.dmp
 
Error: (11/05/2013 03:08:27 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ed2fa7d6-7b4d-467d-a940-f09a9f5f5a3d.dmp
 
Error: (11/05/2013 03:07:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c3dd9c91-471f-43a9-a3d5-979403d64c0c.dmp
 
Error: (11/05/2013 03:07:24 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\12bcea3a-753e-42d7-9df7-039b1d95fed2.dmp
 
Error: (11/05/2013 03:06:08 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\552eac36-3882-40bb-8e6c-f4638349a405.dmp
 
Error: (11/05/2013 03:05:03 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6497fcee-0d14-4124-8cb6-b89d70e3d73a.dmp
 
Error: (11/05/2013 03:04:49 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d42d9756-b95a-4ac4-bc1a-1e088fec4230.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-05 20:01:15.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-05 20:01:14.749
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 21:46:37.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 5609.91 MB
Available physical RAM: 3951.71 MB
Total Pagefile: 11217.99 MB
Available Pagefile: 9316.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.13 GB) (Free:548.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B034BE95)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
 
 
Chrome seems much better so far! :)

 



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:16 PM

Posted 06 November 2013 - 01:22 PM

Hi lemoncake
 

Running from: c:\users\Lynn\Desktop\ComboFix.exe

I see that you moved Combofix ok.
Unfortunately the fix wasn't run.... the normal Combofix was run.
That's why some of the entries are still showing in the report.
Not to worry though, we'll remove them with FRST.

Did you remove Bench, because its no longer showing in the reports.
 

Chrome seems much better so far!

That's good.
The report is showing that Chrome may still need some work though.

Step 1
Please download the attached fixlist.txt (bottom of this post) file and save it to the Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
That is why i stated the Download folder as that is where FRST is located

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Attached Files


unite1.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users