Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run MSE, download anything from IE, run checkdisk, etc-found error 0x800


  • This topic is locked This topic is locked
41 replies to this topic

#1 DixieChick

DixieChick

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 September 2013 - 05:55 PM

Hi-Please help.  I've been working on this about 7 hours today and only know enough to really screw up my computer.  I have a fairly new built computer running a legit copy of Windows 7 ultimate, I think.  About a week ago, I noticed that I was unable to download or open any file if I was attempting to do so from IE (I had version 10 installed).  So, I "uninstalled IE" which rolled me back to version 9.  Still had the same problem.  So, I attempted to do a system restore point at a time when I didn't think I remembered this being an issue.  My system had the blue screen and I'm not even sure how I got it to boot back up.  I was trying all sorts of stuff including almost accidentally reformating to another copy of Windows 7 that I Have for another pc.  Phew! It booted after that and I attempted to do a scannow which would not complete.  Then, while attempting to research online what the deal was, I noticed that MSE is no longer even showing up in my system tray. So, I checked that it is in programs and it shows that it is installed but "off".  I attempted to turn it back on and got error code 0x80073b01.  I checked MS website for a fix and attempted to uninstall and then reinstall. It said it installed but still will not allow me to turn it on.  Now it says "An error has occurred in the program during initialization.  If this problem continues, please contact your system administrator and gave me the same error code.  I am the administrator.  Of course, I rebooted about a million times during all of this.  At this point, I have no idea what is going on and what to do.  Basically, I want my computer to run smoothly and be appropriately protected.  BTW, until I did a system restore, I did have all the appropriate updates installed except for IE which (remember) I had rolled back to an earlier version attempting to fix whatever was wrong.  One thing I can say is that AVG (was accidentally installed during a google update, I think) seemed to give me lots of problems and I recently did my best to uninstall it...and that's when things really got bad.  Can someone help me please?  I have already backed up all my files that were important and I am about to do a disk clone.  Oh yes, and I did install and run malwarebytes and I removed 5 items called "candy" something. Thank you so much!


Edited by DixieChick, 19 September 2013 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 AM

Posted 22 September 2013 - 08:38 PM





Hello DixieChick

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 07:47 AM

Hi Gringo.  I do have notify me instantly set to this reply but I had not received any notification so.;.

 

I am now downloading the Farbar Recovery Scan Tool and will run it in a few minutes.  I have also backed up (disk image) the computer.  I was attempting to install a Windows update that was needed after I rolled back my computer successfully to a last known good working order (but it is still screwed up). My update is that I am able to log on my computer and use it normally but Windows Firewall and Security Center will not run.  I get the same  error code 0x80073601.  I am not using IE because I first noticed the problems in IE after it installed AVG without my permission.  I attempted to uninstall all AVG related files and this is when my pc started really screwing up.  I do not know if IE, AVG or some other unknown issue is occuring.  Malwarebytes is up to date and not bringing anything new to my attention.  Thank you for your help!



#4 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 08:59 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Caryn (administrator) on CARYN-PC on 25-09-2013 08:47:57
Running from C:\Users\Caryn\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
() C:\Users\Caryn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [fssui] - C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416 2013-02-05] (Microsoft Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_37D704A750F804CDD818852966407387] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-16] (Google Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Caryn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {8a7aac1e-d58b-11e2-9f25-902b34588195} - F:\DTVP_Launcher.exe
MountPoints2: {fd0ef405-3cef-11e2-9e00-902b34588195} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [106344 2011-05-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [911112 2011-08-09] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [534160 2013-03-26] (QFX Software Corporation)
HKU\Kid Access\...\Policies\system: [LogonHoursAction] 2
HKU\Kid Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31126DC224A3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {10B05D6E-5BFB-11D4-8920-00C04F57BB26} https://imetlife.metlife.com/siteminderagent/forms/singlesignon/KeyMasterObj.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://morningstar.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc1.cab
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caryn\AppData\Roaming\Mozilla\Firefox\Profiles\d0x642mo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Caryn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\Caryn\AppData\Roaming\Mozilla\Firefox\Profiles\d0x642mo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (AVG Secure Search) - http://mysearch.avg.com/search?cid={9F5450B1-6CE9-4C63-BBCD-20CDBAAEB339}&mid=79844e87af3147d3b1cd416272bc6866-c88331e0cc526fe5ef0dbf389e0198bfced1bfa1&lang=en&ds=oc011&pr=sa&d=2013-05-26 12:44:50&v=15.2.0.8&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (YouTube) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (ShopAtHome.com extension) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Instagram for Chrome) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.6.3_0
CHR Extension: (Gmail) - C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-03] (ABBYY)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [5521192 2009-11-24] (Wacom Technology, Corp.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [2491392 2011-03-30] (C-Media Inc)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-03-18] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-03-18] (Windows ® Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-14] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-14] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [105832 2011-08-29] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221544 2011-08-29] (Renesas Electronics Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-25 08:43 - 2013-09-25 08:43 - 00000000 ____D C:\FRST
2013-09-25 08:41 - 2013-09-25 08:41 - 01955802 _____ (Farbar) C:\Users\Caryn\Downloads\FRST64.exe
2013-09-19 18:41 - 2013-09-19 18:41 - 00001111 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-09-19 18:29 - 2013-09-19 18:29 - 02024936 _____ C:\Users\Caryn\Downloads\dixmlsetup.exe
2013-09-19 17:55 - 2013-09-19 17:55 - 01029675 _____ (Thisisu) C:\Users\Caryn\Downloads\JRT(1).exe
2013-09-19 17:54 - 2013-09-19 17:54 - 01029675 _____ (Thisisu) C:\Users\Caryn\Downloads\JRT.exe
2013-09-19 17:47 - 2013-09-19 17:47 - 01039554 _____ C:\Users\Caryn\Downloads\AdwCleaner.exe
2013-09-19 17:42 - 2013-09-19 17:42 - 00012178 _____ C:\Users\Caryn\Desktop\attach.txt
2013-09-19 17:42 - 2013-09-19 17:41 - 00025348 _____ C:\Users\Caryn\Desktop\dds.txt
2013-09-19 17:41 - 2013-09-19 17:41 - 00688992 ____R (Swearware) C:\Users\Caryn\Downloads\dds.scr
2013-09-19 17:38 - 2013-09-19 17:38 - 00000000 __SHD C:\$$PendingFiles
2013-09-19 17:31 - 2013-09-19 17:31 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-19 17:31 - 2013-07-18 22:22 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-09-19 17:31 - 2013-07-18 20:25 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-09-19 17:29 - 2013-09-19 17:29 - 13813944 _____ (Microsoft Corporation) C:\Users\Caryn\Downloads\mseinstall(2).exe
2013-09-19 17:28 - 2013-09-19 17:28 - 11233112 _____ (Microsoft Corporation) C:\Users\Caryn\Downloads\mseinstall(1).exe
2013-09-19 14:03 - 2013-09-19 14:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Caryn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 14:03 - 2013-09-19 14:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Caryn\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-19 13:48 - 2013-09-19 13:48 - 00262192 _____ C:\Windows\Minidump\091913-33977-01.dmp
2013-09-18 18:24 - 2013-09-18 18:24 - 00000000 ____D C:\Users\Kid Access\AppData\Roaming\Apple Computer
2013-09-17 20:24 - 2013-09-17 23:22 - 00047573 _____ C:\Users\Caryn\Downloads\avgremover.log
2013-09-17 20:24 - 2013-09-17 20:24 - 00000000 ____D C:\Users\Caryn\AppData\Local\Avg2014
2013-09-17 16:16 - 2013-09-17 16:16 - 00000000 ____D C:\Users\Kid Access\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-09-25 08:48 - 2012-09-25 08:04 - 01742202 _____ C:\Windows\WindowsUpdate.log
2013-09-25 08:47 - 2012-10-05 17:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-25 08:46 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2013-09-25 08:43 - 2013-09-25 08:43 - 00000000 ____D C:\FRST
2013-09-25 08:41 - 2013-09-25 08:41 - 01955802 _____ (Farbar) C:\Users\Caryn\Downloads\FRST64.exe
2013-09-25 08:38 - 2009-07-14 00:45 - 00013616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 08:38 - 2009-07-14 00:45 - 00013616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 08:33 - 2009-07-14 01:13 - 00739918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 08:28 - 2013-07-08 13:42 - 00000632 __RSH C:\Users\Caryn\ntuser.pol
2013-09-25 08:28 - 2013-04-24 19:51 - 00000000 ____D C:\Users\Caryn\AppData\Roaming\WTablet
2013-09-25 08:28 - 2012-09-25 08:08 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-25 08:28 - 2012-09-25 08:05 - 00000000 ____D C:\Users\Caryn
2013-09-25 08:27 - 2012-09-25 08:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-25 08:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 08:27 - 2009-07-14 00:51 - 00040814 _____ C:\Windows\setupact.log
2013-09-24 22:05 - 2012-09-25 08:08 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-24 21:51 - 2013-01-06 22:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 21:40 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-24 11:29 - 2012-09-25 08:28 - 00065140 _____ C:\Windows\PFRO.log
2013-09-23 01:06 - 2012-09-25 08:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-20 03:05 - 2012-10-12 11:39 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-19 18:41 - 2013-09-19 18:41 - 00001111 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-09-19 18:40 - 2012-12-03 00:51 - 00027196 _____ C:\Users\Caryn\Documents\Lifeline.xlsx
2013-09-19 18:29 - 2013-09-19 18:29 - 02024936 _____ C:\Users\Caryn\Downloads\dixmlsetup.exe
2013-09-19 17:55 - 2013-09-19 17:55 - 01029675 _____ (Thisisu) C:\Users\Caryn\Downloads\JRT(1).exe
2013-09-19 17:54 - 2013-09-19 17:54 - 01029675 _____ (Thisisu) C:\Users\Caryn\Downloads\JRT.exe
2013-09-19 17:47 - 2013-09-19 17:47 - 01039554 _____ C:\Users\Caryn\Downloads\AdwCleaner.exe
2013-09-19 17:47 - 2013-07-15 14:40 - 00000000 ____D C:\Users\Kid Access\AppData\Roaming\QFX Software
2013-09-19 17:47 - 2013-07-15 14:38 - 00000000 ___RD C:\Users\Kid Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-19 17:47 - 2013-07-15 14:38 - 00000000 ___RD C:\Users\Kid Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-19 17:47 - 2013-07-15 14:38 - 00000000 ____D C:\Users\Kid Access
2013-09-19 17:47 - 2012-10-11 11:57 - 00000000 ____D C:\Users\Caryn\AppData\Roaming\QFX Software
2013-09-19 17:47 - 2012-09-26 06:06 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-19 17:47 - 2012-09-25 08:05 - 00000000 ___RD C:\Users\Caryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-19 17:47 - 2012-09-25 08:05 - 00000000 ___RD C:\Users\Caryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-19 17:47 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-09-19 17:47 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-19 17:47 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-09-19 17:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-19 17:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 17:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-19 17:46 - 2012-10-22 21:23 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-09-19 17:46 - 2012-10-11 11:57 - 00000000 ____D C:\ProgramData\QFX Software
2013-09-19 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-09-19 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-19 17:42 - 2013-09-19 17:42 - 00012178 _____ C:\Users\Caryn\Desktop\attach.txt
2013-09-19 17:42 - 2012-09-25 08:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-19 17:41 - 2013-09-19 17:42 - 00025348 _____ C:\Users\Caryn\Desktop\dds.txt
2013-09-19 17:41 - 2013-09-19 17:41 - 00688992 ____R (Swearware) C:\Users\Caryn\Downloads\dds.scr
2013-09-19 17:41 - 2012-10-05 17:19 - 00000000 __RHD C:\MSOCache
2013-09-19 17:38 - 2013-09-19 17:38 - 00000000 __SHD C:\$$PendingFiles
2013-09-19 17:31 - 2013-09-19 17:31 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-19 17:31 - 2012-09-25 09:54 - 00002155 _____ C:\Windows\epplauncher.mif
2013-09-19 17:30 - 2012-09-25 08:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-19 17:30 - 2012-09-25 08:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-19 17:29 - 2013-09-19 17:29 - 13813944 _____ (Microsoft Corporation) C:\Users\Caryn\Downloads\mseinstall(2).exe
2013-09-19 17:28 - 2013-09-19 17:28 - 11233112 _____ (Microsoft Corporation) C:\Users\Caryn\Downloads\mseinstall(1).exe
2013-09-19 14:51 - 2013-02-27 09:51 - 09430408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-19 14:51 - 2013-01-06 22:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 14:51 - 2012-09-26 06:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 14:51 - 2012-09-26 06:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 14:04 - 2012-10-05 15:32 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-19 14:04 - 2012-10-05 15:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 14:03 - 2013-09-19 14:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Caryn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 14:03 - 2013-09-19 14:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Caryn\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-19 13:48 - 2013-09-19 13:48 - 00262192 _____ C:\Windows\Minidump\091913-33977-01.dmp
2013-09-19 13:48 - 2012-09-26 17:46 - 444935070 _____ C:\Windows\MEMORY.DMP
2013-09-19 13:48 - 2012-09-26 17:46 - 00000000 ____D C:\Windows\Minidump
2013-09-19 13:14 - 2009-07-14 03:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-18 18:24 - 2013-09-18 18:24 - 00000000 ____D C:\Users\Kid Access\AppData\Roaming\Apple Computer
2013-09-18 18:12 - 2013-07-15 14:38 - 00000000 ____D C:\Users\Kid Access\AppData\Roaming\WTablet
2013-09-17 23:22 - 2013-09-17 20:24 - 00047573 _____ C:\Users\Caryn\Downloads\avgremover.log
2013-09-17 20:24 - 2013-09-17 20:24 - 00000000 ____D C:\Users\Caryn\AppData\Local\Avg2014
2013-09-17 16:16 - 2013-09-17 16:16 - 00000000 ____D C:\Users\Kid Access\AppData\Local\Google
2013-09-11 03:08 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-31 13:33 - 2013-07-08 14:08 - 00000000 ____D C:\Users\Caryn\AppData\Local\Windows Live
2013-08-30 21:04 - 2013-07-15 14:38 - 00179564 __RSH C:\Users\Kid Access\ntuser.pol
2013-08-29 06:59 - 2013-02-17 14:52 - 00000000 ____D C:\ProgramData\Sendori

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Caryn\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Caryn\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Caryn\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_aih.exe
C:\Users\Caryn\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Caryn\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Caryn\AppData\Local\Temp\oi_{74437F15-EA2B-4DA7-B379-5EF5D9AED799}.exe
C:\Users\Caryn\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Caryn\AppData\Local\Temp\_isD96D.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-09-21 14:53

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Caryn at 2013-09-25 08:49:12
Running from C:\Users\Caryn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.25)
AAS - KitNetix Sound Bank (x32)
ABBYY FineReader 11 (x32 Version: 11.0.275)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Amazon MP3 Downloader 1.0.18 (HKCU Version: 1.0.18)
AMP Font Viewer (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.15.16)
Bonjour (Version: 3.0.0.10)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Digital Sound Factory Symphonic Strings Hi Definition (x32 Version: 1.0)
Dimension Pro 1.5 (x32 Version: 18.0)
Dimension Pro Free Expansion Packs 1-3 (x32 Version: 1.0)
DriveImage XML (Private Edition) (x32 Version: 2.44.000)
Easy Tune 6 B12.0626.1 (x32 Version: 1.00.0000)
Epson Connect (x32)
Epson Connect Printer Setup (x32 Version: 1.1.1)
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (x32 Version: 1.0.1)
Epson Event Manager (x32 Version: 2.50.0001)
Epson FAX Utility (x32 Version: 1.20.00)
Epson PC-FAX Driver (x32)
EPSON Scan (x32)
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.4j)
Fitbit Connect (x32 Version: 1.0.0.2578)
Free eXPert PDF Reader (x32 Version: 8.0.570.0)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
FxFoto by Triscape (x32)
Google Chrome (x32 Version: 29.0.1547.76)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.12.1498)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.0.4.4)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
KaraFun Player (x32 Version: 1.20.86.771)
KeyScrambler (x32 Version: 3.2.0.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mastering Effects Bundle 2 for Sound Forge Pro (x32 Version: 2.00)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 20.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Office Timeline 2012 (x32 Version: 1.8.20)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001)
Photo Gallery (x32 Version: 16.4.3508.0205)
Preset Manager 2.0 (x32 Version: 2.0.114)
Quicken 2006 (x32 Version: 15.1.4.5)
Quicken 2013 (x32 Version: 22.1.8.4)
Rapture 1.2.2 (x32 Version: 18.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6642)
Renesas Electronics USB 3.0 Host Controller Driver Beta (x32 Version: 3.0.7.0)
Rinse (uninstall) (x32)
Rinse (x32 Version: 1.255)
Rinse (x32 Version: 1.912)
Sendori (x32 Version: 2.0.15)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
SONAR X2 Producer x64 (x32 Version: 19.0)
Sony CD Architect 5.2 (x32 Version: 5.2.240)
Sound Forge Pro 10.0 (x32 Version: 10.0.491)
TP-LINK 150Mbps Mini Wireless N USB Adapter Driver (x32 Version: )
Triscape FxFoto (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Wacom Tablet (x32)
WebEx (x32)
WebTablet IE Plugin (x32 Version: 1.1.0.4)
WebTablet Netscape Plugin (x32 Version: 1.1.0.3)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

18-09-2013 03:26:44 Windows Modules Installer
19-09-2013 07:00:11 Windows Update
19-09-2013 17:07:25 Restore Operation
19-09-2013 17:51:11 Windows Update
20-09-2013 07:00:28 Windows Update
20-09-2013 14:03:19 Windows Update
21-09-2013 03:47:10 Windows Update
21-09-2013 14:44:54 Windows Update
21-09-2013 19:00:55 Windows Update
23-09-2013 07:00:15 Windows Update
24-09-2013 01:17:39 Windows Update
24-09-2013 15:53:01 Windows Update
25-09-2013 02:06:22 Windows Update
25-09-2013 12:41:20 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {086FB54B-0151-4994-95E9-F9535BF3534E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {1A4DD24A-F849-4F83-B28C-82F02F15E109} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {216E8FC6-A5B4-42E6-A732-EB310E58FD9F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {36F98DCB-E4AB-4E5D-95F4-994BC367369E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {453C5892-A67B-44EA-B341-F8EA2B20D50E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {A7011DB2-634A-4DF6-B35F-2661CE0C3D8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B7950C18-0880-4FF8-9171-C302708B9E11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {D7AB8C88-46F0-4DF3-824D-B075484C3122} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {DD66C7D9-2B94-42C1-872F-C60FE6E83309} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-26] (Microsoft Corporation)
Task: {FE56189B-37D7-4578-B2D5-AEEA3C43A11B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 20:22 - 2009-07-13 21:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-09-25 08:42 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00244696 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00661448 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00828872 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-14 00:29 - 2013-07-14 00:29 - 01182352 _____ (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.DLL
2013-01-02 21:37 - 2013-01-02 21:36 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDHSA.DLL
2012-10-05 12:12 - 2010-11-20 09:27 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2013-08-13 22:30 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-01-09 11:43 - 2012-11-30 00:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-01-09 11:43 - 2012-11-30 00:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2012-09-26 06:23 - 2011-12-16 03:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2012-10-05 12:12 - 2010-11-20 08:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2012-10-05 12:12 - 2010-11-20 08:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2012-10-05 12:12 - 2010-11-20 08:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-13 19:11 - 2009-07-13 21:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2013-08-13 22:30 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-09-26 06:30 - 2012-06-02 00:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-13 19:12 - 2009-07-13 21:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2009-07-13 19:25 - 2009-07-13 21:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2013-01-09 11:44 - 2012-11-22 00:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-10-05 12:12 - 2010-11-20 08:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2013-05-15 20:41 - 2013-02-27 00:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2013-08-13 22:31 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2012-10-05 12:11 - 2010-11-20 08:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2009-07-13 19:12 - 2009-07-13 21:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2012-10-05 12:12 - 2010-11-20 08:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-13 19:28 - 2009-07-13 21:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2012-10-05 12:12 - 2010-11-20 08:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-09-26 06:23 - 2011-08-27 00:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2012-10-05 12:09 - 2010-11-20 08:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2009-07-13 19:15 - 2009-07-13 21:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2013-08-14 03:08 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-13 19:15 - 2009-07-13 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\normaliz.DLL
2013-08-14 03:08 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-08-13 22:31 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2009-07-13 19:44 - 2009-07-13 21:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2009-07-13 19:15 - 2009-07-13 21:10 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SFC.DLL
2013-08-14 03:08 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2012-10-05 12:11 - 2010-11-20 08:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2012-10-05 12:12 - 2010-11-20 08:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2009-07-13 19:33 - 2009-07-13 21:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2009-07-13 19:29 - 2009-07-13 21:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qmgrprxy.dll
2009-07-13 19:29 - 2009-07-13 21:14 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx4.dll
2012-10-05 12:12 - 2010-11-20 08:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.DLL
2012-10-05 12:12 - 2010-11-20 08:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\shlwapi.DLL
2012-10-05 12:12 - 2010-11-20 08:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2012-10-05 12:12 - 2010-11-20 08:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2012-09-26 06:24 - 2011-05-24 06:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2012-09-26 06:24 - 2011-05-24 06:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2011-05-17 17:55 - 2011-05-17 17:55 - 00075624 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-10-12 09:58 - 2010-10-12 09:58 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
2010-10-12 09:54 - 2010-10-12 09:54 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2009-07-13 20:14 - 2009-07-13 21:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2010-11-19 11:06 - 2010-11-19 11:06 - 00112640 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00241664 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00303104 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00085504 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00262144 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00022016 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00335872 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00786432 _____ (SEIKO EPSON) C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00299008 _____ (SEIKO EPSON) C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00278528 _____ (SEIKO EPSON) C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00229376 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00385024 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00278528 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00430080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.DLL
2012-10-05 17:00 - 2011-03-09 00:00 - 00421888 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00212992 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00249856 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00090112 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2012-10-05 17:00 - 2011-03-09 00:00 - 00536576 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXTIF.dll
2012-10-05 17:01 - 2011-03-08 11:00 - 00106496 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 01589248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2009-07-13 17:04 - 2009-07-13 21:15 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJINT40.DLL
2009-07-13 17:04 - 2009-07-13 21:15 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2013-08-14 03:08 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-01 12:49 - 2013-07-01 12:49 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-05 12:12 - 2010-11-20 08:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\advapi32.DLL
2013-05-15 20:41 - 2013-02-27 00:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.DLL
2012-10-05 12:12 - 2010-11-20 08:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.DLL
2012-10-05 12:12 - 2010-11-20 08:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2012-09-26 06:30 - 2012-06-02 00:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-14 03:08 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-07 03:04 - 2013-06-07 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-14 00:29 - 2013-07-14 00:29 - 00961168 _____ (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.DLL
2013-04-18 19:22 - 2013-04-18 19:22 - 03133336 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-18 19:22 - 2013-04-18 19:22 - 00811928 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00220632 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00534480 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00862664 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00537560 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll
2013-07-08 14:08 - 2013-07-08 14:08 - 00038360 _____ (Microsoft Corporation) C:\Users\Caryn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-09 11:43 - 2012-11-30 00:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll
2013-08-14 03:31 - 2013-08-14 03:31 - 00489472 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
2013-07-12 03:39 - 2013-07-12 03:39 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
2013-09-19 14:51 - 2013-09-19 14:51 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2013 08:28:23 AM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (09/24/2013 09:39:23 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (09/24/2013 09:39:17 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (09/24/2013 11:30:00 AM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver


System errors:
=============
Error: (09/25/2013 08:30:07 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/25/2013 08:30:07 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/24/2013 09:41:55 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/24/2013 09:41:55 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/24/2013 11:34:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (09/24/2013 11:31:52 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/24/2013 11:31:52 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2013 08:02:11 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/23/2013 04:01:08 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/23/2013 00:00:05 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (09/25/2013 08:28:23 AM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (09/24/2013 09:39:23 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (09/24/2013 09:39:17 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (09/24/2013 11:30:00 AM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 16346.12 MB
Available physical RAM: 12526.17 MB
Total Pagefile: 32690.42 MB
Available Pagefile: 28637.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.79 GB) (Free:1702.75 GB) NTFS
Drive e: ([re]drive) (Fixed) (Total:465.76 GB) (Free:166.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: EA8970D8)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 09:06 AM

I find it interesting that this report shows MS Security System enabled when it cannot initialize due to the named error.  It is NOT enabled.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 AM

Posted 25 September 2013 - 01:59 PM

Hello DixieChick



I need you to download this script I have made for you --> Attached File  fixlist.txt   273bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 06:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013
Ran by Caryn at 2013-09-25 19:13:20 Run:1
Running from C:\Users\Caryn\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s


*****************

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 AM

Posted 25 September 2013 - 08:05 PM



Hello DixieChick

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 09:23 PM

# AdwCleaner v3.005 - Report created 25/09/2013 at 22:19:25
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Caryn - CARYN-PC
# Running from : C:\Users\Caryn\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Caryn\AppData\Roaming\dvdvideosoftiehelpers
File Deleted : C:\Users\Caryn\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKCU\Software\c3cb79a1e6908ad5
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\Caryn\AppData\Roaming\Mozilla\Firefox\Profiles\d0x642mo.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Caryn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2820 octets] - [25/09/2013 22:16:59]
AdwCleaner[S0].txt - [2779 octets] - [25/09/2013 22:19:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2839 octets] ##########
 



#10 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 09:29 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by Caryn on Wed 09/25/2013 at 22:23:56.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Caryn\appdata\local\{B0D05606-1A7E-2F61-1229-710DF037F843}



~~~ FireFox

Emptied folder: C:\Users\Caryn\AppData\Roaming\mozilla\firefox\profiles\d0x642mo.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/25/2013 at 22:28:34.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 09:34 PM

BTW, I have attempted three times today to install Windows Security Update KB2676562 and KB2872339.  These updates were installed but were "gone" after I (ahem) successfully (read: FAIL) rolled back the pc to a known good point. All three times the computer tells me the updates installed correctly and successfully but then when I go into Windows update, the same updates tell me they need to be installed.  And, I still cannot initialize MS Security Center because of the same error code I've been getting this whole time.  No need to disable protection software...my pc won't allow any to run. Thank you for your help.  What now? Far as I can tell, I still have the same issue I had when I first began. Can you please tell me what, if anything, malicious has been removed? Have you seen any obvious issues from all these logs I have posted?



#12 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 September 2013 - 10:46 PM

I will not have access to my computer after tomorrow early afternoon around 1 EST until Sunday Sep 29.  Please do not close this topic.  Please...



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 AM

Posted 26 September 2013 - 08:07 PM


Hello DixieChick

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 DixieChick

DixieChick
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 29 September 2013 - 04:55 PM

I did download ComboFix but cannot run it completely because it tells me that MSE is running.  I am COMPLETELY locked out of MSE and security client.  I am unable to delete, make changes to, uninstall, reinstall, etc.  I can see they are running in processes but cannot disable.  I can see they are active in programs but cannot uninstall.  However, they are NOT functioning as any sort of defense. They are acting exactly as if I am not the admin and as if they have been hijacked.  So, since I cannot stop the processes, I cannot run ComboFix without causing issues, right?  What now?



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 AM

Posted 29 September 2013 - 08:44 PM

Hello

Go ahead and run it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users