Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton 360 shows up twice in my taskbar


  • This topic is locked This topic is locked
75 replies to this topic

#1 mrsbeautiful05

mrsbeautiful05

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 11 February 2014 - 04:22 PM

Norton 360 shows up twice in my Windows taskbar as Windows loads. It has been happening for several weeks now. I have done so many scans up to this point and nothing seems to fix it. I've ran MBAM, Norton, Avast free scans, Mini Tool. Right now i'm also getting an error in iTunes that says, "The registry settings used by the iTunes drivers for importing and burning CDs and DVDs are missing. This can happen as a result of installing another burning software. Please reinstall iTunes" I've had that message before, and have gone to Apple support. They helped me fix it. But my web mail shows up as doubles randomly too, both on my phone and online. Haven't been able to fix that. Just got a totally new phone, and it's still happening. Also, my cursor flickers a lot as if there is constant background activities. I hope someone can help with this. Thanks so much.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Kate at 15:58:57 on 2014-02-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2413 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Users\Kate\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\system32\RunDll32.exe
C:\Users\Kate\AppData\Local\Autobahn\nexdef.exe
C:\Users\Kate\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Fix it Center\Matsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AutoLogin: {598B818E-71F1-486E-A0BE-9952B5851367} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [B1D9C154A42887D98B0223C0ABAA1BDEE96F5523._service_run] "C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Spotify Web Helper] "C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Google Update] "C:\Users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HPCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Kate\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\034324431323735383331383 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\25E6B40393035387F6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\25E6B4933303870353 : DHCPNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\35C6F6D67553 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\8725E693366647773303 : DHCPNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\E45445745414253373D25374 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Kate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Kate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Kate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kate\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: !HIDDEN! 2012-03-09 20:46; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-19 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-19 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [2013-11-19 162392]
R1 ccSet_NZ;Norton Zone Settings Manager;C:\Windows\System32\drivers\NZx64\0101000.004\ccSetx64.sys [2013-12-20 162392]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-25 46792]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140207.001\IDSviA64.sys [2014-2-9 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-19 590936]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 350792]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-5-29 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-1 418376]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-19 264360]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [2013-11-19 129424]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
R2 NZ;Norton Zone;C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe [2013-12-20 522592]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-4-15 826352]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-13 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-10-14 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-1 25928]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-12 42184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-20 26168]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2012/03/05 16:58:31;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2012-3-5 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-1 701512]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-22 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-19 111616]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 SMIUSBAVCALL;SMI Grabber Device 4CH1CH ALL;C:\Windows\System32\drivers\SmiUsbGrabber3F.sys [2012-11-2 153344]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-11-17 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-02-06 19:41:54    --------    d-----w-    C:\Windows\System32\catroot2
2014-02-06 19:15:55    --------    d-----w-    C:\Windows\System32\wbem\repository
2014-02-06 19:14:34    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-02-06 17:18:37    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-02-01 22:49:15    --------    d-----w-    C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-29 15:05:22    --------    d-----w-    C:\Windows\Migration
2014-01-28 19:55:20    --------    d-----w-    C:\Program Files (x86)\ESET
2014-01-23 01:31:53    --------    d-----w-    C:\Program Files\iPod
2014-01-23 01:31:52    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 01:31:52    --------    d-----w-    C:\Program Files\iTunes
2014-01-17 22:59:20    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 20:00:40    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 20:00:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 20:00:40    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 20:00:40    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 20:00:40    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 20:00:40    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 20:00:40    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 20:00:38    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 20:00:35    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-13 19:30:13    --------    d-----w-    C:\ProgramData\SMR410
.
==================== Find3M  ====================
.
2014-02-05 20:41:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 20:41:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 06:11:52    354656    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-20 00:32:21    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 16:03:35.13 ===============
 

Attached Files


Edited by mrsbeautiful05, 11 February 2014 - 04:24 PM.

Namaste!

Love & Light

:flowers:


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 10,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 16 February 2014 - 04:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523983 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 16 February 2014 - 07:09 PM

I'm still having the problem where Norton 360 shows up double as Windows loads. It seems to happen randomly, but quite often. I have run a number of tests to get to this point, and nothing has worked so far. My tech had me run DDS, Mini Tool, Eset, AswMBR, and I posted my DDS log with attach in my first post. I will run it again as directed. Thank you for your time. I do not have my original Win7 CD, as it was an upgrade online.

 

Also, now as i load iTunes, it gives me an error that says, "The registry settings used by the iTunes drivers for importing and burning CD's and DVD's are missing. This can happen as a result of installing other CD burning software. Please reinstall iTunes."  I reinstalled, after uninstalling, and still get the error.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Kate at 19:11:44 on 2014-02-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2437 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: AutoLogin: {598B818E-71F1-486E-A0BE-9952B5851367} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [B1D9C154A42887D98B0223C0ABAA1BDEE96F5523._service_run] "C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Spotify Web Helper] "C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\034324431323735383331383 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\25E6B40393035387F6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\25E6B4933303870353 : DHCPNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\35C6F6D67553 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\8725E693366647773303 : DHCPNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{EDB105BA-D716-4E01-86B6-5743CEB89262}\E45445745414253373D25374 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Kate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Kate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Kate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kate\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: !HIDDEN! 2012-03-09 20:46; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-19 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-19 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [2013-11-19 162392]
R1 ccSet_NZ;Norton Zone Settings Manager;C:\Windows\System32\drivers\NZx64\0101000.004\ccSetx64.sys [2013-12-20 162392]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-2-12 30752]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-25 46792]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSviA64.sys [2014-2-15 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-19 590936]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 350792]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-2-12 1168960]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-5-29 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-1 418376]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-19 264360]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [2013-11-19 129424]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
R2 NZ;Norton Zone;C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe [2013-12-20 522592]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-2-12 82160]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-4-15 826352]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-13 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-1 25928]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-12 42184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-20 26168]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2012/03/05 16:58:31;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2012-3-5 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-1 701512]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-10-14 228408]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-22 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 SMIUSBAVCALL;SMI Grabber Device 4CH1CH ALL;C:\Windows\System32\drivers\SmiUsbGrabber3F.sys [2012-11-2 153344]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-11-17 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 376168]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
.
=============== Created Last 30 ================
.
2014-02-16 23:46:31    6573056    ----a-w-    C:\Windows\System32\mstscax.dll
2014-02-16 23:46:31    5693440    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-02-15 21:52:29    --------    d-----w-    C:\Program Files\iPod
2014-02-15 21:52:28    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-15 21:52:28    --------    d-----w-    C:\Program Files\iTunes
2014-02-15 21:50:37    --------    d-----w-    C:\Program Files\Bonjour
2014-02-15 21:50:37    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-02-15 20:10:30    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-02-15 20:10:30    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-02-12 21:17:49    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-12 21:17:49    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-12 21:14:58    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-12 21:14:57    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-12 19:16:05    --------    d-----w-    C:\Users\Kate\AppData\Local\GearHead Connect
2014-02-12 19:15:23    --------    d-----w-    C:\Users\Kate\AppData\Local\Deployment
2014-02-12 19:09:09    2155152    ----a-w-    C:\Windows\System32\Incinerator64.dll
2014-02-12 19:09:06    --------    d-----w-    C:\ProgramData\ioloGovernor
2014-02-12 19:09:05    2097984    ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2014-02-12 19:09:03    82160    ----a-w-    C:\Windows\System32\drivers\PDFsFilter.sys
2014-02-12 19:09:03    57584    ----a-w-    C:\Windows\System32\iolobtdfg.exe
2014-02-12 19:09:03    26184    ----a-w-    C:\Windows\System32\smrgdf.exe
2014-02-12 19:09:01    69000    ----a-w-    C:\Windows\System32\offreg.dll
2014-02-12 19:09:01    56200    ----a-w-    C:\Windows\SysWow64\offreg.dll
2014-02-12 19:09:01    --------    d-----w-    C:\Users\Kate\AppData\Roaming\ioloGovernor
2014-02-12 19:09:00    --------    d-----w-    C:\Program Files (x86)\iolo
2014-02-12 18:53:31    30752    ----a-w-    C:\Windows\System32\drivers\ElRawDsk.sys
2014-02-12 18:53:25    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2014-02-12 18:52:06    --------    d-----w-    C:\iolo
2014-02-12 18:50:12    --------    d-----w-    C:\Users\Kate\AppData\Roaming\iolo
2014-02-12 18:50:12    --------    d-----w-    C:\ProgramData\iolo
2014-02-06 19:41:54    --------    d-----w-    C:\Windows\System32\catroot2
2014-02-06 19:15:55    --------    d-----w-    C:\Windows\System32\wbem\repository
2014-02-06 19:14:34    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-02-06 17:18:37    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-02-01 22:49:15    --------    d-----w-    C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-29 15:05:22    --------    d-----w-    C:\Windows\Migration
2014-01-28 19:55:20    --------    d-----w-    C:\Program Files (x86)\ESET
.
==================== Find3M  ====================
.
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-05 20:41:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 20:41:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-19 02:09:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 06:11:52    354656    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-11-20 00:32:21    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 19:14:20.89 ===============
 

Attached Files


Edited by mrsbeautiful05, 16 February 2014 - 07:18 PM.

Namaste!

Love & Light

:flowers:


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 17 February 2014 - 04:26 PM

Greetings mrsbeautiful05 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these things for me.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="GEARAspiWDM"
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer
  • Check iTunes
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the registry fix merge properly
  • Is iTunes behaving as it should?
  • FRST results
  • Addition log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 17 February 2014 - 07:02 PM

Hello, I'm Kate. iTunes still displays the same message after rebooting PC and doing the scan. Norton is still showing up doubly.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Kate (administrator) on KATE-PC on 17-02-2014 18:58:36
Running from C:\Users\Kate\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
() C:\Program Files (x86)\SMINST\BLService.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [376272 2009-04-15] (Seagate)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe [959672 2009-04-15] (Seagate)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKU\S-1-5-21-232263300-3608652338-1740726509-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-232263300-3608652338-1740726509-1000\...\Run: [B1D9C154A42887D98B0223C0ABAA1BDEE96F5523._service_run] - C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)
HKU\S-1-5-21-232263300-3608652338-1740726509-1000\...\Run: [Spotify Web Helper] - C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-05] (Spotify Ltd)
HKU\S-1-5-21-232263300-3608652338-1740726509-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x07423ACEC430CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=u219dhp&pc=u219
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {AAD6DA22-25BC-4FCD-8B2F-49EAA35EA802} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {B6A17F2D-9610-496F-AB33-4D4EB6635CEB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {B6A17F2D-9610-496F-AB33-4D4EB6635CEB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {2FA6BDF8-B117-47B5-9490-8CD6B107112B} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {2FA6BDF8-B117-47B5-9490-8CD6B107112B} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {6A992AEF-9F37-4524-B9EF-2C6B714A2AA8} URL = http://search.imgag.com/?appid=kwapp&c=&sbs=2&sc=2&f=web&vernum=1.0&uid=&did=%7b6A992AEF-9F37-4524-B9EF-2C6B714A2AA8%7d&component=&q={searchTerms}
SearchScopes: HKCU - {B6A17F2D-9610-496F-AB33-4D4EB6635CEB} URL =
BHO: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {598B818E-71F1-486E-A0BE-9952B5851367} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {BD8667B7-38D8-4C77-B580-18C3E146372C} http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/wpi,version=1.0 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Kate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Kate\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Kate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Kate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kate\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kate\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Kate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Kate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Kate\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kate\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Kate\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Test Pilot - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304\Extensions\[email protected] [2012-12-31]
FF Extension: NoScript - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Kate\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Kate\AppData\Roaming\Move Networks [2009-11-13]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09]

Chrome:
=======
CHR Extension: (Entanglement) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-03]
CHR Extension: (No Name) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjninacglmmmbabmlkaegnanopeoiong [2013-09-06]
CHR Extension: (RealDownloader) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-04]
CHR Extension: (Muzy) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jammhkdcdlocifampbainkfchnoneahm [2012-08-07]
CHR Extension: (SHOUTcast Radio) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfengigpeecmcbdfcgbdndhjaaljjgfo [2011-01-04]
CHR Extension: (Love Smoke) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2012-01-23]
CHR Extension: (Evernote Web) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-01-23]
CHR Extension: (Webcam Toy) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2012-01-23]
CHR Extension: (Poppit) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-03]
CHR Extension: (Norton Identity Protection) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-02-28]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2012-02-26]
CHR Extension: (No Name) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-09-18]
CHR Extension: (Talk.to) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghiongmjgnhconakogcmkffikfpknna [2012-08-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-26]
CHR Extension: (Gmail) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-28]
CHR Extension: (No Name) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho [2013-11-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-01-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-09] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-07-28] (CyberLink)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2013-03-16] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [148328 2013-03-16] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\NZ.exe [522592 2013-12-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\spool\DRIVERS\x64\3\HPZipm12.dll [87040 2006-05-11] (Hewlett-Packard)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-02] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0101000.004\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-19] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140217.001\ENG64.SYS [126040 2014-02-06] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140217.001\EX64.SYS [2099288 2014-02-06] (Symantec Corporation)
S3 SMIUSBAVCALL; C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys [153344 2011-09-27] (Windows ® Win 7 DDK provider)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-08-18] (Acronis)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-08-18] (Acronis)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 18:58 - 2014-02-17 18:58 - 00033058 _____ () C:\Users\Kate\Desktop\FRST.txt
2014-02-17 18:58 - 2014-02-17 18:58 - 00000000 ____D () C:\FRST
2014-02-17 18:57 - 2014-02-17 18:57 - 02152448 _____ (Farbar) C:\Users\Kate\Desktop\FRST64.exe
2014-02-16 19:55 - 2014-02-16 19:55 - 00456496 _____ () C:\Users\Kate\Desktop\iTunes Diagnostics.spx
2014-02-16 19:37 - 2014-02-16 19:37 - 00002596 _____ () C:\Users\Kate\Desktop\iTuneskey.reg
2014-02-16 19:14 - 2014-02-16 19:14 - 00029349 _____ () C:\Users\Kate\Desktop\dds.txt
2014-02-16 19:14 - 2014-02-16 19:14 - 00013483 _____ () C:\Users\Kate\Desktop\attach.txt
2014-02-16 18:46 - 2013-11-26 18:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-16 18:46 - 2013-11-26 17:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-15 16:53 - 2014-02-15 16:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-15 16:52 - 2014-02-15 16:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-15 16:52 - 2014-02-15 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 16:52 - 2014-02-15 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-02-15 16:51 - 2014-02-15 16:51 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-15 16:51 - 2014-02-15 16:51 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-15 16:50 - 2014-02-15 16:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-15 16:50 - 2014-02-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-15 15:12 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-15 15:12 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 15:12 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 15:12 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 15:12 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-15 15:12 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-15 15:12 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 15:12 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-15 15:12 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-15 15:12 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-15 15:12 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-15 15:12 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-15 15:12 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-15 15:12 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-15 15:12 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-15 15:12 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-15 15:10 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-15 15:10 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-14 17:35 - 2014-02-14 17:35 - 00000000 _____ () C:\Windows\SysWOW64\signons.sqlite
2014-02-14 17:00 - 2014-02-14 17:00 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-02-12 19:59 - 2014-02-17 18:07 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-12 19:59 - 2014-02-17 18:07 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-12 16:17 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:17 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 16:15 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 16:15 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 16:15 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 16:15 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 16:15 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 16:15 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 16:15 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 16:15 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 16:15 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:15 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 16:15 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 16:15 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 16:15 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 16:15 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 16:15 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 16:15 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 16:15 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 16:15 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 16:15 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 16:15 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 16:15 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 16:15 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 16:15 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 16:15 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 16:15 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 16:15 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 16:15 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 16:15 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 16:15 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 16:15 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 16:15 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 16:15 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 16:15 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 16:15 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 16:15 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 16:15 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 16:14 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 16:14 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 16:14 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 14:16 - 2014-02-12 14:16 - 00000316 _____ () C:\Users\Kate\Desktop\GearHeadConnect.appref-ms
2014-02-12 14:16 - 2014-02-12 14:16 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GearHead Connect
2014-02-12 14:16 - 2014-02-12 14:16 - 00000000 ____D () C:\Users\Kate\AppData\Local\GearHead Connect
2014-02-12 14:15 - 2014-02-12 14:16 - 00000000 ____D () C:\Users\Kate\AppData\Local\Deployment
2014-02-12 14:15 - 2014-02-12 14:15 - 00000000 ____D () C:\Users\Kate\Documents\GearHeadConnect
2014-02-12 14:14 - 2014-02-12 14:14 - 00474896 _____ () C:\Users\Kate\Desktop\setup.exe
2014-02-12 14:09 - 2014-02-12 14:09 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-02-12 14:09 - 2014-02-12 14:09 - 00001425 _____ () C:\Users\Kate\Desktop\System Mechanic.lnk
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\ioloGovernor
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-02-12 14:09 - 2013-12-03 10:47 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-02-12 14:09 - 2013-12-03 10:47 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-02-12 14:09 - 2013-12-03 10:01 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-02-12 14:09 - 2013-12-03 10:01 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-02-12 14:09 - 2013-12-03 09:54 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-02-12 14:09 - 2013-12-03 09:54 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-02-12 14:09 - 2013-12-03 09:54 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2014-02-12 14:05 - 2013-12-03 18:39 - 35940592 _____ (iolo technologies, LLC ) C:\Users\Kate\Desktop\SystemMechanic.exe
2014-02-12 14:04 - 2014-02-12 14:04 - 00459696 _____ () C:\Users\Kate\Desktop\sm_dm.exe
2014-02-12 13:53 - 2014-02-12 13:53 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-02-12 13:53 - 2013-12-03 09:54 - 00030752 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2014-02-12 13:52 - 2014-02-12 13:52 - 00000000 ____D () C:\iolo
2014-02-12 13:50 - 2014-02-14 17:38 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\iolo
2014-02-12 13:50 - 2014-02-14 17:24 - 00000000 ____D () C:\ProgramData\iolo
2014-02-12 13:47 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 13:47 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 13:47 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 13:47 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 13:47 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 13:47 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 13:47 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 13:47 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 13:47 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 13:47 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 13:47 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 13:47 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 13:47 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 13:47 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 13:47 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 13:47 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 13:47 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 13:47 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 13:47 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 13:47 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 13:47 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 13:47 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 13:47 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 13:47 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 13:47 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 13:47 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 13:47 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 13:47 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 15:12 - 2014-02-10 15:12 - 00457190 _____ () C:\Users\Kate\Documents\iTunes Diagnostics.spx
2014-02-06 14:40 - 2014-02-17 18:46 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-06 12:18 - 2014-02-06 12:35 - 00002159 _____ () C:\Users\Kate\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-06 12:18 - 2014-02-06 12:18 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-06 12:18 - 2014-02-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-06 12:01 - 2014-02-06 12:33 - 05072432 _____ () C:\Users\Kate\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-05 21:57 - 2014-02-05 21:57 - 00002894 _____ () C:\Users\Kate\Desktop\aswMBR1.txt
2014-02-05 21:57 - 2014-02-05 21:57 - 00000512 _____ () C:\Users\Kate\Desktop\MBR.dat
2014-02-05 15:25 - 2014-02-05 15:25 - 00001799 _____ () C:\Users\Kate\Desktop\Spotify.lnk
2014-02-05 15:21 - 2014-02-05 15:22 - 32710608 _____ (Spotify Ltd) C:\Users\Kate\Downloads\Spotify Installer.exe
2014-02-05 14:58 - 2014-02-17 18:46 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-01 19:17 - 2014-02-01 19:17 - 00036930 _____ () C:\Users\Kate\Desktop\minitool.txt
2014-02-01 17:49 - 2014-02-01 17:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-31 20:06 - 2014-01-31 20:06 - 04745728 _____ (AVAST Software) C:\Users\Kate\Desktop\aswmbr.exe
2014-01-29 18:42 - 2014-01-29 18:43 - 00448512 _____ (OldTimer Tools) C:\Users\Kate\Desktop\TFC.exe
2014-01-29 18:32 - 2014-01-29 18:32 - 00000016 _____ () C:\Users\Kate\Documents\Outlookcode.txt
2014-01-29 13:46 - 2014-01-29 13:46 - 00002308 _____ () C:\Users\Kate\Desktop\ESETscan1.txt
2014-01-28 14:55 - 2014-01-28 14:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-28 14:54 - 2014-01-28 14:54 - 02347384 _____ (ESET) C:\Users\Kate\Desktop\esetsmartinstaller_enu.exe
2014-01-28 14:50 - 2014-01-28 14:50 - 00000632 _____ () C:\Users\Kate\Desktop\JRT.txt
2014-01-28 14:27 - 2014-01-28 14:27 - 01037068 _____ (Thisisu) C:\Users\Kate\Desktop\JRT.exe
2014-01-27 21:24 - 2014-01-27 21:24 - 04101441 _____ () C:\Users\Kate\Desktop\tdsskiller.zip
2014-01-27 21:18 - 2014-01-27 21:19 - 00036930 _____ () C:\Users\Kate\Desktop\Result.txt
2014-01-27 21:16 - 2014-01-27 21:16 - 00982016 _____ (Farbar) C:\Users\Kate\Desktop\MiniToolBox.exe
2014-01-26 19:22 - 2014-02-17 17:56 - 00181600 _____ () C:\Windows\PFRO.log
2014-01-24 13:08 - 2014-02-17 18:43 - 00297144 _____ () C:\Windows\setupact.log
2014-01-24 13:08 - 2014-01-24 13:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-23 19:29 - 2014-01-23 19:30 - 00001017 _____ () C:\Users\Public\Desktop\CCleaner.lnk

==================== One Month Modified Files and Folders =======

2014-02-17 18:58 - 2014-02-17 18:58 - 00033058 _____ () C:\Users\Kate\Desktop\FRST.txt
2014-02-17 18:58 - 2014-02-17 18:58 - 00000000 ____D () C:\FRST
2014-02-17 18:57 - 2014-02-17 18:57 - 02152448 _____ (Farbar) C:\Users\Kate\Desktop\FRST64.exe
2014-02-17 18:53 - 2009-12-26 15:53 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA.job
2014-02-17 18:51 - 2012-03-02 18:34 - 00011440 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 18:51 - 2012-03-02 18:34 - 00011440 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 18:51 - 2010-11-10 17:22 - 00003628 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{435AAD22-A2A3-423E-8358-60EB49F8874E}
2014-02-17 18:48 - 2012-03-02 20:36 - 01351777 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 18:46 - 2014-02-06 14:40 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-17 18:46 - 2014-02-05 14:58 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-17 18:45 - 2010-12-04 12:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 18:45 - 2010-12-04 12:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 18:44 - 2013-01-07 20:27 - 00000095 _____ () C:\Users\Kate\.accessibility.properties
2014-02-17 18:44 - 2012-03-02 18:38 - 00000000 ____D () C:\Users\Kate
2014-02-17 18:43 - 2014-01-24 13:08 - 00297144 _____ () C:\Windows\setupact.log
2014-02-17 18:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 18:41 - 2013-12-30 20:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 18:25 - 2012-07-27 12:41 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-17 18:07 - 2014-02-12 19:59 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-17 18:07 - 2014-02-12 19:59 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000
2014-02-17 17:56 - 2014-01-26 19:22 - 00181600 _____ () C:\Windows\PFRO.log
2014-02-17 17:55 - 2009-12-26 15:53 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core.job
2014-02-17 17:49 - 2011-08-25 18:46 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA.job
2014-02-16 19:55 - 2014-02-16 19:55 - 00456496 _____ () C:\Users\Kate\Desktop\iTunes Diagnostics.spx
2014-02-16 19:37 - 2014-02-16 19:37 - 00002596 _____ () C:\Users\Kate\Desktop\iTuneskey.reg
2014-02-16 19:14 - 2014-02-16 19:14 - 00029349 _____ () C:\Users\Kate\Desktop\dds.txt
2014-02-16 19:14 - 2014-02-16 19:14 - 00013483 _____ () C:\Users\Kate\Desktop\attach.txt
2014-02-16 18:59 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 20:37 - 2013-02-13 20:03 - 00011502 _____ () C:\Windows\SysWOW64\debug.log
2014-02-15 19:11 - 2013-11-05 17:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 19:11 - 2013-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\NortonLive
2014-02-15 19:11 - 2012-12-31 16:57 - 00000000 ____D () C:\Users\Kate\Desktop\Old Firefox Data
2014-02-15 19:11 - 2011-12-04 11:42 - 00000000 ____D () C:\Users\Kate\AppData\Local\Spotify
2014-02-15 19:11 - 2010-09-01 16:08 - 00000000 ____D () C:\Users\Kate\AppData\Local\CrashDumps
2014-02-15 19:11 - 2010-08-30 16:12 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-02-15 18:57 - 2013-11-08 14:38 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKate
2014-02-15 18:57 - 2013-11-08 14:38 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForKate.job
2014-02-15 16:53 - 2014-02-15 16:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-15 16:53 - 2014-02-15 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-15 16:53 - 2014-02-15 16:52 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 16:53 - 2011-03-08 20:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-15 16:52 - 2014-02-15 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-02-15 16:51 - 2014-02-15 16:51 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-15 16:51 - 2014-02-15 16:51 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-15 16:50 - 2014-02-15 16:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-15 16:50 - 2014-02-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-15 16:50 - 2009-10-23 19:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-15 16:50 - 2009-10-23 19:38 - 00000000 ____D () C:\ProgramData\Apple
2014-02-15 16:24 - 2011-08-25 18:46 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core.job
2014-02-15 15:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 15:17 - 2013-08-15 22:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 15:13 - 2012-03-04 00:01 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 17:41 - 2009-10-20 14:17 - 00000000 ___RD () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 17:38 - 2014-02-12 13:50 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\iolo
2014-02-14 17:35 - 2014-02-14 17:35 - 00000000 _____ () C:\Windows\SysWOW64\signons.sqlite
2014-02-14 17:25 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-02-14 17:24 - 2014-02-12 13:50 - 00000000 ____D () C:\ProgramData\iolo
2014-02-14 17:00 - 2014-02-14 17:00 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-02-14 16:16 - 2010-07-11 10:30 - 00000000 ____D () C:\Users\Kate\AppData\Local\Windows Live
2014-02-14 14:25 - 2012-04-29 14:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-14 14:25 - 2009-11-03 10:51 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-12 16:24 - 2013-01-22 15:40 - 00759232 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 14:16 - 2014-02-12 14:16 - 00000316 _____ () C:\Users\Kate\Desktop\GearHeadConnect.appref-ms
2014-02-12 14:16 - 2014-02-12 14:16 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GearHead Connect
2014-02-12 14:16 - 2014-02-12 14:16 - 00000000 ____D () C:\Users\Kate\AppData\Local\GearHead Connect
2014-02-12 14:16 - 2014-02-12 14:15 - 00000000 ____D () C:\Users\Kate\AppData\Local\Deployment
2014-02-12 14:15 - 2014-02-12 14:15 - 00000000 ____D () C:\Users\Kate\Documents\GearHeadConnect
2014-02-12 14:15 - 2009-12-26 15:53 - 00000000 ____D () C:\Users\Kate\AppData\Local\Apps\2.0
2014-02-12 14:14 - 2014-02-12 14:14 - 00474896 _____ () C:\Users\Kate\Desktop\setup.exe
2014-02-12 14:09 - 2014-02-12 14:09 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-02-12 14:09 - 2014-02-12 14:09 - 00001425 _____ () C:\Users\Kate\Desktop\System Mechanic.lnk
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\ioloGovernor
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-02-12 14:09 - 2014-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-02-12 14:09 - 2012-03-09 20:51 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-12 14:04 - 2014-02-12 14:04 - 00459696 _____ () C:\Users\Kate\Desktop\sm_dm.exe
2014-02-12 13:53 - 2014-02-12 13:53 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-02-12 13:52 - 2014-02-12 13:52 - 00000000 ____D () C:\iolo
2014-02-12 13:48 - 2009-12-26 15:53 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA
2014-02-12 13:48 - 2009-12-26 15:53 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core
2014-02-11 15:47 - 2009-10-20 21:01 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Mozilla
2014-02-10 15:12 - 2014-02-10 15:12 - 00457190 _____ () C:\Users\Kate\Documents\iTunes Diagnostics.spx
2014-02-09 21:06 - 2010-08-18 20:09 - 00000000 ____D () C:\Users\Kate\Documents\Kate's Things
2014-02-09 21:05 - 2006-11-02 10:07 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Gallery
2014-02-06 17:05 - 2010-08-30 16:23 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Stamps.com Internet Postage
2014-02-06 14:38 - 2012-03-02 20:51 - 00131456 _____ () C:\Users\Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 14:37 - 2009-07-13 23:45 - 00492040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 14:34 - 2013-01-27 17:39 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-06 14:29 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\win.ini
2014-02-06 12:43 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 12:35 - 2014-02-06 12:18 - 00002159 _____ () C:\Users\Kate\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-06 12:33 - 2014-02-06 12:01 - 05072432 _____ () C:\Users\Kate\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-06 12:18 - 2014-02-06 12:18 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-06 12:18 - 2014-02-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-06 07:16 - 2014-02-12 16:15 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 16:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 16:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 16:15 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 16:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 16:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 16:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 16:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 16:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 16:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 16:14 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 16:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 16:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 16:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 16:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 16:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 16:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 16:15 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 16:15 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 16:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 16:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 16:15 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 16:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 16:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 16:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 16:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:25 - 2014-02-12 16:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:24 - 2014-02-12 16:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 16:15 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 16:15 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 16:15 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 16:15 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 16:15 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 16:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 16:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 16:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 16:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 21:57 - 2014-02-05 21:57 - 00002894 _____ () C:\Users\Kate\Desktop\aswMBR1.txt
2014-02-05 21:57 - 2014-02-05 21:57 - 00000512 _____ () C:\Users\Kate\Desktop\MBR.dat
2014-02-05 17:13 - 2011-12-04 11:41 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Spotify
2014-02-05 15:41 - 2013-12-30 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 15:41 - 2013-12-30 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 15:41 - 2013-12-30 20:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 15:25 - 2014-02-05 15:25 - 00001799 _____ () C:\Users\Kate\Desktop\Spotify.lnk
2014-02-05 15:25 - 2011-12-04 11:42 - 00001785 _____ () C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-05 15:22 - 2014-02-05 15:21 - 32710608 _____ (Spotify Ltd) C:\Users\Kate\Downloads\Spotify Installer.exe
2014-02-03 17:51 - 2009-12-26 15:56 - 00002358 _____ () C:\Users\Kate\Desktop\Google Chrome.lnk
2014-02-01 19:17 - 2014-02-01 19:17 - 00036930 _____ () C:\Users\Kate\Desktop\minitool.txt
2014-02-01 17:59 - 2009-04-08 02:39 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 17:58 - 2009-04-08 02:13 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-01 17:49 - 2014-02-01 17:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-01 17:31 - 2009-04-08 02:40 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-01 17:29 - 2008-06-09 08:44 - 00000000 ____D () C:\SwSetup
2014-01-31 20:06 - 2014-01-31 20:06 - 04745728 _____ (AVAST Software) C:\Users\Kate\Desktop\aswmbr.exe
2014-01-29 19:43 - 2013-04-01 15:46 - 00000000 ____D () C:\Users\Kate\Documents\Banking
2014-01-29 19:21 - 2010-09-12 09:10 - 00000000 ____D () C:\Users\Kate\AppData\Local\Microsoft Help
2014-01-29 18:43 - 2014-01-29 18:42 - 00448512 _____ (OldTimer Tools) C:\Users\Kate\Desktop\TFC.exe
2014-01-29 18:32 - 2014-01-29 18:32 - 00000016 _____ () C:\Users\Kate\Documents\Outlookcode.txt
2014-01-29 13:46 - 2014-01-29 13:46 - 00002308 _____ () C:\Users\Kate\Desktop\ESETscan1.txt
2014-01-29 12:46 - 2012-12-21 20:23 - 00000000 ____D () C:\Users\Kate\Downloads\CCleaner
2014-01-28 14:55 - 2014-01-28 14:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-28 14:54 - 2014-01-28 14:54 - 02347384 _____ (ESET) C:\Users\Kate\Desktop\esetsmartinstaller_enu.exe
2014-01-28 14:50 - 2014-01-28 14:50 - 00000632 _____ () C:\Users\Kate\Desktop\JRT.txt
2014-01-28 14:27 - 2014-01-28 14:27 - 01037068 _____ (Thisisu) C:\Users\Kate\Desktop\JRT.exe
2014-01-27 21:30 - 2013-09-28 15:13 - 00000000 ____D () C:\AdwCleaner
2014-01-27 21:24 - 2014-01-27 21:24 - 04101441 _____ () C:\Users\Kate\Desktop\tdsskiller.zip
2014-01-27 21:19 - 2014-01-27 21:18 - 00036930 _____ () C:\Users\Kate\Desktop\Result.txt
2014-01-27 21:16 - 2014-01-27 21:16 - 00982016 _____ (Farbar) C:\Users\Kate\Desktop\MiniToolBox.exe
2014-01-27 19:35 - 2013-09-19 15:45 - 00000000 ____D () C:\Users\Kate\AppData\Local\CD0F9CEF-B22D-497B-8A82-BE5E677F25AC.aplzod
2014-01-27 19:34 - 2009-10-23 19:40 - 00000000 ____D () C:\Users\Kate\AppData\Local\Apple
2014-01-24 13:08 - 2014-01-24 13:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-23 19:30 - 2014-01-23 19:29 - 00001017 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 19:29 - 2010-05-26 19:45 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-01-21 14:58 - 2009-10-20 17:50 - 00000000 ____D () C:\Users\Kate\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Kate\AppData\Roaming\desktop.ini
C:\Users\Kate\NPE.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 14:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Kate at 2014-02-17 18:59:28
Running from C:\Users\Kate\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (x32 Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.10 (x32 Version:  - )
Amazon MP3 Uploader (x32 Version: 1.0.1 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.1 - Amazon Services LLC) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
AMD USB Audio Driver Filter (x32 Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (x32 Version: 5.2 - Atheros)
Bing Maps 3D (Version: 4.0.903.16005 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackArmor Backup (x32 Version: 12.1.9768 - Seagate)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C7100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c7100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
Catalyst Pro Control Center (x32 Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0309.0042.976 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.04 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Digimarc Plug-ins for Adobe® Photoshop® (x32 Version: 4.0 - Digimarc)
DIRECTV Player (x32 Version: 6.1 - DIRECTV)
DivX Setup (x32 Version: 2.6.1.90 - DivX, LLC)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eMusic Download Manager v5.0.2 (x32 Version: 5.0.2 - eMusic.com Inc.)
ESET Online Scanner v3 (x32 Version:  - )
ESU for Microsoft Vista (x32 Version: 1.0.0 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Evernote v. 4.6.6 (x32 Version: 4.6.6.8360 - Evernote Corp.)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
Facebook Plug-In (HKCU Version:  - Facebook, Inc.)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feedback Tool (x32 Version: 1.1.0 - Microsoft Corporation)
Feedback Tool (x32 Version: 1.2.0 - Microsoft Corporation)
GearHeadConnect (HKCU Version: 1.0.0.4 - GearHead Connect)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Talk Plugin (x32 Version: 5.1.4.17398 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (x32 Version: 3.3.12286.3436 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Doc Viewer (x32 Version: 1.01.0005 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP MediaSmart DVD (x32 Version: 4.1.4328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4328 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (x32 Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2521 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2521 - Hewlett-Packard) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (x32 Version: 1.0.0.30 - Hewlett Packard)
HP Photo Creations (x32 Version: 1.0.0.11942 - HP)
HP Photosmart 7520 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (x32 Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Product Detection (x32 Version: 11.14.0004 - HP)
HP Quick Launch Buttons (x32 Version: 6.50.9.1 - Hewlett-Packard)
HP Smart Print 1.1.5.2 (x32 Version: 1.1.5.2 - Hewlett-Packard)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
HP Total Care Setup (x32 Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0129 (x32 Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (x32 Version: 3.50.10.1 - Hewlett-Packard)
HP_Network_UserGuide (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
iCloud (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (x32 Version: 1.0.6087.0 - IDT)
IHA_MessageCenter (x32 Version: 1.6.0 - Verizon)
iolo technologies' System Mechanic (x32 Version: 12.5.0 - iolo technologies, LLC)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400 - Oracle)
JMicron JMB38X Flash Media Controller (x32 Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (x32 Version:  - Last.fm)
LightScribe System Software (x32 Version: 1.18.9.1 - LightScribe)
LightScribe Template Labeler (x32 Version: 1.18.5.1 - LightScribe)
LogMeIn (x32 Version: 4.0.982 - LogMeIn, Inc.)
LogMeIn (x32 Version: 4.1.1310 - LogMeIn, Inc.)
LogMeIn (x32 Version: 4.1.1578 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media Player Utilities 5.15 (x32 Version: 5.15 -  )
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation)
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage 2008 version 1.1 (x32 Version: 1.01.2008 - Microsoft Research)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (Version: 2.1.1 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Move Media Player (HKCU Version:  - Move Networks)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Transcoding Tool (x32 Version: 1.00.000 - )
My HP Games (x32 Version: 1.0.0.62 - WildTangent)
Netflix in Windows Media Center (x32 Version: 2.0.0.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.2.28.24.exe  - NETGEAR Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NexDef Plug-in (x32 Version:  - )
Norton 360 (x32 Version: 21.1.0.18 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (x32 Version: 4.1.0.15 - Symantec Corporation)
Norton Identity Safe (x32 Version: 2014.6.0.27 - Symantec Corporation)
Norton Zone (x32 Version: 1.1.0.4 - Symantec Corporation)
NortonLive (x32 Version:  - Symantec)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
Pandora (x32 Version: 2.0.6 - Pandora Media, Inc.)
Pandora (x32 Version: 2.0.6 - Pandora Media, Inc.) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PictureMover (x32 Version: 3.4.1.15 - Hewlett-Packard Company)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version:  - RealNetworks)
RealPlayer (x32 Version: 16.0.0 - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (x32 Version:  - )
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Slingbox - Watch Your TV Anywhere (x32 Version: 1.0.0 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SMI USB Grabber (x32 Version: 1.0.0.02 - Somagic Inc)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Stamps.com (x32 Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 9.6.1.2323 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Common Harmony (x32 Version: 6.2.0.1488 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Outlook Express, Works, IE (x32 Version: 6.2.0.1488 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Windows Contacts for Vista (x32 Version: 6.2.0.1488 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Harmony (x32 Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2007 (x32 Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (x32 Version:  - Stamps.com, Inc.)
Stamps.com support for Outlook Express, Works, IE (x32 Version:  - Stamps.com, Inc.)
Stamps.com support for Windows Contacts for Vista (x32 Version:  - Stamps.com, Inc.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.2.0 - Tweaking.com)
Ulead VideoStudio SE DVD (x32 Version: 10.0 - Ulead Systems)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Vz In-Home Agent (x32 Version: 9.0.55.0 - Verizon)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows SideShow Managed Runtime 1.0 (x32 Version: 1.0.1.0 - Microsoft Corporation)
WinZip (x32 Version:  8.1  (4331) - WinZip Computing, Inc.)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

02-10-2013 00:13:56 ComboFix created restore point
12-10-2013 01:44:18 Windows Update
15-10-2013 01:50:25 Removed Windows 7 Upgrade Advisor
15-10-2013 01:53:53 Installed DirectX
15-10-2013 01:54:20 Installed DirectX
15-10-2013 01:55:42 Installed DirectX
16-10-2013 00:55:34 Norton_Power_Eraser_20131015205528529
20-10-2013 00:24:39 Installed Java 7 Update 45
01-11-2013 00:44:39 Removed Safari
01-11-2013 00:47:24 Installed Safari
05-11-2013 22:48:43 Norton 360 Registry Clean
09-11-2013 02:06:25 Windows Modules Installer
09-11-2013 02:08:15 Windows Modules Installer
12-11-2013 19:10:58 Installed DirectX
12-11-2013 19:11:36 Installed DirectX
12-11-2013 19:12:25 Installed DirectX
14-11-2013 02:56:25 Windows Update
21-11-2013 18:54:20 Norton 360 Registry Clean
20-12-2013 02:52:58 Windows Update
15-01-2014 20:14:23 Windows Update
17-01-2014 22:57:12 Installed Java 7 Update 51
29-01-2014 15:00:28 Windows Update
01-02-2014 22:54:14 Installed HP Support Assistant
06-02-2014 19:05:59 Tweaking.com - Windows Repair
12-02-2014 21:13:07 Windows Update
15-02-2014 20:11:04 Windows Update
15-02-2014 20:55:51 Removed iTunes
15-02-2014 20:59:56 Removed Apple Software Update
15-02-2014 21:00:40 Removed Apple Mobile Device Support
15-02-2014 21:03:05 Removed Bonjour
15-02-2014 21:03:46 Removed Apple Application Support
15-02-2014 21:51:25 Installed iTunes
16-02-2014 23:50:50 Windows Update

==================== Hosts content: ==========================

2006-11-02 07:34 - 2014-02-06 14:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01E7A0EE-9686-49D8-A44B-D3FAC9FE2835} - System32\Tasks\{F7838A53-5BB6-4FAB-93D3-69DD213E6CDB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {038156A9-F0A7-4359-920D-C38091320535} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {06C671B0-F898-4669-9130-3AC9556EE62B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1AD1A157-1AB1-4C90-B084-56801CBE93FD} - System32\Tasks\{84A32188-B93D-4DFE-AD31-289EC4759AF3} => C:\Program Files (x86)\Safari\Safari.exe [2012-04-25] (Apple Inc.)
Task: {1FE5186E-A46F-42D8-9A5A-6A47576B0A91} - System32\Tasks\HPCeeScheduleForKate => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3373994B-9816-4705-AF1B-107E3C1F2EA4} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
Task: {35A2DE50-B24E-4B80-8CAC-7BD92A1C9BDE} - System32\Tasks\{6418BDFE-30F3-42E2-B0F5-3E58756C1D0A} => C:\Program Files (x86)\Safari\Safari.exe [2012-04-25] (Apple Inc.)
Task: {37104471-6AC4-41B6-9FF7-37CE765BA07A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {38D0D648-83C1-41D8-AE2E-5F263FA5CD7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {46987A79-E875-4AEA-93A4-E970AE9A2485} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA => C:\Users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-26] (Google Inc.)
Task: {49F2DBE6-A70D-453B-B003-0FD201ECE2F7} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4B183733-D9B9-40EF-A247-0ED2B8E771A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {642BDAA8-C689-45C6-AB67-E412451042D5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {6D98C016-2D23-4912-B469-464CD1EBE3EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-28] (Microsoft)
Task: {6E0217E1-A6D0-4E3C-AEF3-22E6FFAB3B6A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-02-05] ()
Task: {6FD20696-FFB6-4496-B054-CC61EF014197} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7A477F11-5468-46B2-B545-2D19C13B75EF} - System32\Tasks\twc_screensaver_updater => C:\Program Files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
Task: {7B0F9C7A-7175-4EB4-86AB-A5F7537B35F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {7CC04D96-4032-499F-AD23-C107A721F2C3} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {81437FA8-86C4-4784-90EB-6CDEC539B3AE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {8540230D-D307-4501-9514-3F32B6F520D3} - System32\Tasks\{47BFC497-CC34-405B-90FD-F79EFB6A965C} => C:\Users\Kate\Downloads\mbam-setup-1.60.0.1800.exe [2011-12-27] (Malwarebytes Corporation                                    )
Task: {8B24E7CB-FCCE-4537-9E29-8D0BE07EED26} - System32\Tasks\{16B87CFA-E6D3-49AC-AEB3-87FDFF7A0C50} => C:\Program Files (x86)\Safari\Safari.exe [2012-04-25] (Apple Inc.)
Task: {8F206696-2A08-4D1E-9A58-071F35B78470} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {9BA07844-93A7-4BB0-8DD2-72914F37DDBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core => C:\Users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-26] (Google Inc.)
Task: {9C29C216-CCE6-4980-96EC-F1870DEB16F1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {9F9EE2A1-93CD-4BD7-BBD9-8E59056223EB} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {A0D09526-19BC-4433-9C12-D3CC99634848} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {A764D810-771A-4EBB-8C4E-AD95070B26BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-01-28] (Hewlett-Packard)
Task: {B2294AFA-9FCE-47C4-92E6-E58A9611CE84} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA => C:\Users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {B365E5F3-F9BE-4749-9C34-CAF222583A08} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core => C:\Users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {B4998DD0-D517-485D-89A2-F9403A8532B1} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {BE7D5FE9-EB8E-4982-A067-16E2CEE80C24} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {BF400422-C723-4155-9587-1444CC28FE62} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {C10FBACB-EE66-4648-981B-9C06E807EDFE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {C1EDF92C-5D9C-4C95-B197-DCB2FF961B4E} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {C3D7A6EA-8D90-4786-9211-1972CA2332E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {C495FB81-47EC-4143-9CB8-FABCAB95001D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C65C375C-00CB-4B34-8EC0-00F14C39A6DB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C97447EF-F15C-402F-ACFF-21D1E6DE9E4A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CF287898-A01A-4080-885B-03073C553CB0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMJMPMLMMJOMOMOMCNLJNJGMJJCNLMGMNMMMCNNJNMLMJMCNMMJJLJMMNJHMJMIMLJGMPMNJJNJICMIMCNOMCNMMFMGMCNPMCNIMGMMMPMFMJMCNPMCNJMPMPMNMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMELOJLIKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {D37872FD-1041-4BCA-B71A-FA9E034F0916} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {D7E9F467-70E1-412A-8A1F-E285ADCD39D7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E2A2316D-F3AA-45F7-B902-7379BA82DB49} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E861208C-6CC5-413B-9D11-1915E1301E90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EB96D990-48C7-407C-83DC-9E9BF3D8459E} - System32\Tasks\{25D394AC-C75E-4411-ADF3-7FF93A16B754} => Firefox.exe
Task: {F1130073-12BD-41EB-85C3-65A6626AC004} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-232263300-3608652338-1740726509-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {F2AA3BB3-81D2-48CA-9864-9BB90C77C43E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {F2E09BFD-694F-4A6D-8F4F-553F2502BA98} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kate => C:\Program Files (x86)\Windows Calendar\wincal.exe
Task: {F659985E-BBCE-4563-A298-491A7D00717B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F783D0B3-EDC7-43E8-9EB1-6DA35578B9C2} - System32\Tasks\{931AD6C4-EFBD-446D-AE9B-55D449637B6D} => Firefox.exe
Task: {FA8FC4D7-47CC-441B-BC40-75D8AEBE6A67} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FB31DBBD-E39F-4960-8D54-014299F15EFC} - System32\Tasks\{1692A65D-D90E-4789-A31B-5B7807E55FA4} => Firefox.exe
Task: {FD45C712-5981-4D2F-B2CA-E17A3E84DA21} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {FEED97A6-B081-4A43-8AEC-7038742B99AE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {FEF90482-5907-4667-886B-5A444563C3E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core.job => C:\Users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA.job => C:\Users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000Core.job => C:\Users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232263300-3608652338-1740726509-1000UA.job => C:\Users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKate.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-08 04:13 - 2008-12-02 20:28 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2009-04-08 04:13 - 2008-12-02 20:28 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2013-12-20 15:09 - 2013-10-21 19:36 - 36571952 ____R () C:\Program Files (x86)\Norton Zone\Engine\1.1.0.4\libcef.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (02/17/2014 06:12:00 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


System errors:
=============
Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (02/17/2014 06:59:58 PM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-29 11:54:23.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-29 11:54:23.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-29 11:54:23.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-29 11:54:22.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-25 15:42:00.008
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-25 15:41:59.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:34:10.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Kate\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-05 22:34:10.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Kate\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 19:02:42.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Kate\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 19:02:42.789
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Kate\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 4093.83 MB
Available physical RAM: 2525.41 MB
Total Pagefile: 8185.84 MB
Available Pagefile: 6415.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.71 GB) (Free:220.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0E285E0C)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by mrsbeautiful05, 17 February 2014 - 07:08 PM.

Namaste!

Love & Light

:flowers:


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 17 February 2014 - 11:50 PM

Hi Kate,

Nice to meet you. Thanks for the update.

----------

It appears you addressed the iTunes registry key on the 16th. Can you tell me if you exported that key to your desktop or did you import the key?

2014-02-16 19:37 - 2014-02-16 19:37 - 00002596 _____ () C:\Users\Kate\Desktop\iTuneskey.reg

----------

Do you have the ability to reinstall Norton?

----------

When you get the double web mail on your phone does that happen when you are connected away from home (assuming your computer router is at home)?

--------

Here is what I would like us to do next.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S4 LMIRfsClientNP; No ImagePath
S2 MCSTRM; No ImagePath
C:\Users\Kate\AppData\Roaming\desktop.ini
C:\Users\Kate\NPE.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Questions
  • AdwCleaner log
  • Junkware log
  • FSS.txt
  • Fixlog

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 07:01 PM

This is the article that Apple Care support team gave me to follow to fix my iTunes, and it still isn't working. The code to input was already there. I didn't have to change anything, until you gave me new steps. http://support.apple.com/kb/TS3299?viewlocale=en_US

 

Yes, i have the ability to reinstall Norton. I had already done that, but maybe after we try to fix it again, things will normalize. We'll see.

 

As for the emails, I need to check about that.

 

I will continue now with the next steps you've given me.


Edited by mrsbeautiful05, 18 February 2014 - 07:04 PM.

Namaste!

Love & Light

:flowers:


#8 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 07:18 PM

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (27.0.1)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 iolo System Mechanic iologovernor64.exe  
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 


Namaste!

Love & Light

:flowers:


#9 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 07:43 PM

I'm hoping that I still need these keys. Not sure if i should delete them. So, I will uncheck them for now until I hear from you.

 

 

# AdwCleaner v3.019 - Report created 18/02/2014 at 19:32:59
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kate - KATE-PC
# Running from : C:\Users\Kate\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\aq3s26e2.default-1356991052304\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4547 octets] - [28/09/2013 15:14:24]
AdwCleaner[R1].txt - [1202 octets] - [14/10/2013 20:25:12]
AdwCleaner[R2].txt - [1131 octets] - [18/10/2013 14:00:06]
AdwCleaner[R3].txt - [1452 octets] - [28/10/2013 19:48:07]
AdwCleaner[R4].txt - [6931 octets] - [09/11/2013 19:10:19]
AdwCleaner[R5].txt - [2352 octets] - [12/01/2014 20:47:18]
AdwCleaner[R6].txt - [1614 octets] - [27/01/2014 21:29:10]
AdwCleaner[R7].txt - [1612 octets] - [18/02/2014 19:33:00]
AdwCleaner[S0].txt - [4058 octets] - [28/09/2013 15:20:12]
AdwCleaner[S1].txt - [1155 octets] - [14/10/2013 20:26:41]
AdwCleaner[S2].txt - [1195 octets] - [18/10/2013 14:01:11]
AdwCleaner[S3].txt - [1519 octets] - [28/10/2013 19:48:45]
AdwCleaner[S4].txt - [6388 octets] - [09/11/2013 19:14:46]
AdwCleaner[S5].txt - [2439 octets] - [12/01/2014 20:48:34]
AdwCleaner[S6].txt - [1675 octets] - [27/01/2014 21:30:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [2092 octets] ##########

 


Namaste!

Love & Light

:flowers:


#10 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 08:14 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kate on Tue 02/18/2014 at 19:53:12.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Kate\AppData\Roaming\mozilla\firefox\profiles\aq3s26e2.default-1356991052304\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/18/2014 at 20:13:04.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Namaste!

Love & Light

:flowers:


#11 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 08:18 PM

Farbar Service Scanner Version: 16-02-2014
Ran by Kate (administrator) on 18-02-2014 at 20:16:34
Running from "C:\Users\Kate\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Namaste!

Love & Light

:flowers:


#12 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 18 February 2014 - 08:26 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Kate at 2014-02-18 20:25:35 Run:1
Running from C:\Users\Kate\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S4 LMIRfsClientNP; No ImagePath
S2 MCSTRM; No ImagePath
C:\Users\Kate\AppData\Roaming\desktop.ini
C:\Users\Kate\NPE.exe
*****************

LMIRfsClientNP => Service deleted successfully.
MCSTRM => Service deleted successfully.
C:\Users\Kate\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\Kate\NPE.exe => Moved successfully.

==== End of Fixlog ====


Namaste!

Love & Light

:flowers:


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 18 February 2014 - 09:21 PM

Hi Kate,

Thanks for the information. I am aware of that iTunes article and unfortunately those steps didn't help the last time I dealt with this issue with another person! :(

You can certainly leave the entries identified by AdwCleaner.

Please do this for me.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 mrsbeautiful05

mrsbeautiful05
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pennsylvania
  • Local time:06:06 PM

Posted 19 February 2014 - 05:44 PM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
"ClassDesc"="@%SystemRoot%\\System32\\StorProp.dll,-17001"
@="DVD/CD-ROM drives"
"IconPath"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
  00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  2d,00,33,00,30,00,00,00,00,00
"Installer32"="storprop.dll,DvdClassInstaller"
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"SilentInstall"="1"
"NoInstallClass"="1"
"UpperFilters"="GEARAspiWDM"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
 


Namaste!

Love & Light

:flowers:


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 19 February 2014 - 06:13 PM

Thank you Kate.

Please do this.

===================================================

Manually Importing an Attached Registry Key (.reg) File

-------------------
  • Download Attached File  CD.reg   244bytes   7 downloads and save it to your desktop
  • Right click on the file and select Merge
  • Once you receive confirmation the information was successfully merged reboot your computer
  • Reboot your computer and attempt to launch iTunes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you open iTunes?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users