Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows welcome screen flashes


  • This topic is locked This topic is locked
96 replies to this topic

#1 Carriekara

Carriekara

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 November 2013 - 02:05 AM

My computer takes forever to log on. When I get to the welcome screen, it flashes back and forth but never logs in. I had to do a system restore but Windows said the restore didn't complete properly. I ran Norton AV scan and found nothing. I ran Malwarebytes and found 49 issues. Deleted them all but still having problems. Please help.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Sharon Stoddard at 0:40:57 on 2013-11-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1097 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Sharon Stoddard\AppData\Local\join.me\join.me.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Sharon Stoddard\AppData\Local\join.me\LMISupportM.exe
C:\Users\Sharon Stoddard\AppData\Local\join.me\LMISupportM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333&r=17360411k203p0424v115r4781t299
uProxyOverride = localhost
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {167d9323-f7cc-48f5-948a-6f012831a69f} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {878B8524-AED5-4870-9A96-A515440DAC75} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll
BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E765B0E7-3235-40F8-8A24-56ABA7DA9899} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{E765B0E7-3235-40F8-8A24-56ABA7DA9899} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\keycry~1\ke50fd~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-3-25 49240]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-18 1524824]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131120.003\IDSviA64.sys [2013-11-20 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-10-31 41024]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-8-25 243232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-3-25 25784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-20 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-9-16 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-7 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-6 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-21 03:28:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-21 03:28:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 18:34:55 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-10 04:25:46 -------- d-----w- C:\ProgramData\Oracle
2013-11-10 04:25:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-01 22:29:01 8 --sh--r- C:\ProgramData\10381DAA8B.sys
2013-11-01 22:29:01 2516 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-11-01 22:26:21 -------- d-----w- C:\ProgramData\Corel
2013-11-01 22:24:57 -------- d-----w- C:\ProgramData\Borland
2013-11-01 22:23:12 -------- d-----w- C:\ProgramData\WordPerfect Office X5
2013-10-27 01:09:29 -------- d-----w- C:\tmpDownload
.
==================== Find3M  ====================
.
2013-11-19 03:25:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 03:25:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-12 17:17:35 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-10-16 19:03:00 10674488 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  0:41:43.61 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 26 November 2013 - 02:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514902 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 27 November 2013 - 01:00 AM

I have ran the DDS search. While waiting for a response, I have created a new profile.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Sharon Stoddard at 23:42:48 on 2013-11-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1178 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Sharon Stoddard\Downloads\join.me.exe
C:\Users\SHARON~1\AppData\Local\Temp\joi2EA3.tmp\join.me.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\RunDll32.exe
C:\Users\SHARON~1\AppData\Local\Temp\joi2EA3.tmp\LMISupportM.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SHARON~1\AppData\Local\Temp\joi2EA3.tmp\LMISupportM.exe
C:\Windows\SysWOW64\PING.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333&r=17360411k203p0424v115r4781t299
uProxyOverride = localhost
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll
uURLSearchHooks: {167d9323-f7cc-48f5-948a-6f012831a69f} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {878B8524-AED5-4870-9A96-A515440DAC75} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll
BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E765B0E7-3235-40F8-8A24-56ABA7DA9899} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{E765B0E7-3235-40F8-8A24-56ABA7DA9899} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\keycry~1\ke50fd~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-21 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-21 1147480]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-3-25 49240]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-1 1524824]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-21 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSviA64.sys [2013-11-26 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-21 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-21 590936]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-10-31 41024]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-21 264360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-8-25 243232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-3-25 25784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-20 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-9-16 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-7 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-24 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-6 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-25 02:01:30 -------- d--h--w- C:\Windows\msdownld.tmp
2013-11-21 20:27:08 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-11-21 20:27:08 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-11-21 20:27:08 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2013-11-21 20:27:08 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2013-11-21 20:27:08 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-11-21 20:27:08 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2013-11-21 20:27:08 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-11-21 20:27:07 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-11-21 20:26:50 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.012
2013-11-21 03:28:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-21 03:28:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 04:25:46 -------- d-----w- C:\ProgramData\Oracle
2013-11-10 04:25:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-01 22:29:01 8 --sh--r- C:\ProgramData\10381DAA8B.sys
2013-11-01 22:29:01 2516 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-11-01 22:26:21 -------- d-----w- C:\ProgramData\Corel
2013-11-01 22:24:57 -------- d-----w- C:\ProgramData\Borland
2013-11-01 22:23:12 -------- d-----w- C:\ProgramData\WordPerfect Office X5
.
==================== Find3M  ====================
.
2013-11-21 20:29:00 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-19 03:25:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 03:25:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-12 17:17:35 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-10-27 01:10:46 703 ----a-w- C:\Users\Sharon Stoddard\AppData\Roaming\ytmsound.dll
2013-10-16 19:03:00 10674488 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 23:43:48.54 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 PM

Posted 03 December 2013 - 09:51 AM

Greetings Carriekara and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please describe your current symptoms and run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 04 December 2013 - 12:14 AM

My name is Sharon. Current symptoms include extremely slow start up. Long delays in typing or starting any program. The cursor and scrolling stutters/freezes. I just received an AutoIt Error. Line 11162 (File "C:\users\carriekara\downloads\frst64.exe"): Error: can not redeclare a constant.
 
This is the frst log.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by CarrieKara (administrator) on SHARONSTODDARD on 03-12-2013 22:31:09
Running from C:\Users\CarrieKara\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\CarrieKara\Downloads\join.me.exe
(LogMeIn, Inc.) C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\join.me.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\LMISupportM.exe
() C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\LMISupportM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\LMISupportM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
AppInit_DLLs: C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [85304 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: c:\progra~2\keycry~1\ke50fd~1.dll [78136 2013-03-07] (Zemana Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=u219dhp&pc=u219
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00E465602AE7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {DD62FB99-84DD-4B97-96B0-F2815541D12A} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
SearchScopes: HKCU - 1940ABA32413444A81E4A935020FFDA5 URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {878B8524-AED5-4870-9A96-A515440DAC75} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll (WhiteSky)
BHO-x32: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E765B0E7-3235-40F8-8A24-56ABA7DA9899}: [NameServer]75.75.75.75,75.75.76.76
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=CT3291325&SearchSource=48&CUI=UN27511059819030234&UM=2", "hxxp://www.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=DA8D3859F9BF9865", "hxxp://search.conduit.com/?ctid=CT3316068&SearchSource=48&CUI=UN36170680793029417&UM=2"
CHR Extension: (Google Docs) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (MixiDJ V44) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii\10.22.5.510_0
CHR Extension: (Google Search) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp\1.13.1126.1_0
CHR Extension: (Norton Identity Protection) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Google Wallet) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\CARRIE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Sharon Stoddard\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\SHARON~1\AppData\Local\Temp\tbch.crx
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Sharon Stoddard\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx
CHR HKLM-x32\...\Chrome\Extension: [gipmblamjgodbimgeafaiegdpfbaeihe] - C:\Users\Sharon Stoddard\AppData\Local\CRE\gipmblamjgodbimgeafaiegdpfbaeihe.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-12] (WildTangent)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
 
==================== Drivers (Whitelisted) ====================
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-11-12] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131203.002\IDSvia64.sys [521816 2013-11-21] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-03-07] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131203.017\ENG64.SYS [126040 2013-11-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131203.017\EX64.SYS [2099288 2013-11-29] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-03 22:31 - 2013-12-03 22:38 - 00016395 _____ C:\Users\CarrieKara\Downloads\FRST.txt
2013-12-03 22:30 - 2013-12-03 22:30 - 00000000 ____D C:\FRST
2013-12-03 22:24 - 2013-12-03 22:28 - 01959614 _____ (Farbar) C:\Users\CarrieKara\Downloads\FRST64.exe
2013-12-03 22:11 - 2013-12-03 22:11 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me (2).exe
2013-12-03 22:09 - 2013-12-03 22:09 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me (1).exe
2013-12-03 22:06 - 2013-12-03 22:06 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me.exe
2013-12-01 11:40 - 2013-12-01 11:48 - 00000000 ____D C:\Users\Genesis\Desktop\Christmas Trees
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Users\Genesis\AppData\Local\CrashDumps
2013-11-30 12:50 - 2013-11-30 12:50 - 00002625 _____ C:\Users\MasterGss\Desktop\Stack'em _ Pogo.com® Free Online Games.lnk
2013-11-27 10:06 - 2013-12-01 02:11 - 00000000 ____D C:\Users\Genesis\AppData\Local\ID Vault
2013-11-27 10:06 - 2013-11-27 10:06 - 00080768 _____ C:\Users\Genesis\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 10:06 - 2013-11-27 10:06 - 00000000 ____D C:\Users\Genesis\AppData\Local\White_Sky,_Inc
2013-11-27 10:04 - 2013-12-01 02:13 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\ID Vault
2013-11-27 10:04 - 2013-11-27 10:04 - 00001426 _____ C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\Macromedia
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\Adobe
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Local\Zemana
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Local\Google
2013-11-27 10:03 - 2013-11-27 10:04 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 10:03 - 2013-11-27 10:04 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-27 10:03 - 2013-11-27 10:03 - 00000020 ___SH C:\Users\Genesis\ntuser.ini
2013-11-27 10:03 - 2013-11-27 10:03 - 00000000 ____D C:\Users\Genesis\AppData\Local\VirtualStore
2013-11-27 10:03 - 2013-11-27 10:03 - 00000000 ____D C:\Users\Genesis
2013-11-27 10:03 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-27 10:03 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-26 23:58 - 2013-11-26 23:58 - 00016755 _____ C:\Users\Sharon Stoddard\Downloads\Attach.txt
2013-11-26 23:31 - 2013-11-26 23:31 - 00688992 ____R (Swearware) C:\Users\Sharon Stoddard\Downloads\dds.com
2013-11-26 15:15 - 2013-11-26 15:15 - 00001835 _____ C:\Users\CarrieKara\AppData\Roaming\SAS7_000.DAT
2013-11-25 20:28 - 2013-11-25 20:28 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Nuance
2013-11-24 20:31 - 2013-11-24 20:31 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\CrashDumps
2013-11-24 20:28 - 2013-11-24 20:28 - 00001426 _____ C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-24 20:26 - 2013-11-24 20:26 - 00000200 _____ C:\Users\MasterGss\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
2013-11-24 20:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-24 20:01 - 2013-11-24 20:01 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-11-24 19:58 - 2013-11-24 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-24 19:58 - 2013-11-24 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-24 19:58 - 2013-11-24 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-24 19:58 - 2013-11-24 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-24 19:58 - 2013-11-24 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-24 19:58 - 2013-11-24 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-24 19:58 - 2013-11-24 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-24 19:58 - 2013-11-24 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-24 19:58 - 2013-11-24 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-24 19:58 - 2013-11-24 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-24 19:58 - 2013-11-24 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-24 19:54 - 2013-11-24 20:03 - 00014127 _____ C:\Windows\IE11_main.log
2013-11-23 23:09 - 2013-11-23 23:09 - 00002519 _____ C:\Users\CarrieKara\Desktop\Carriekara - YouTube.lnk
2013-11-23 18:39 - 2013-11-23 18:39 - 00002685 _____ C:\Users\CarrieKara\Desktop\Word Whomp _ Pogo.com® Free Online Games.lnk
2013-11-22 18:20 - 2013-11-22 18:20 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Malwarebytes
2013-11-22 15:49 - 2013-11-22 15:51 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Winamp
2013-11-22 15:40 - 2013-11-25 15:49 - 00000204 _____ C:\Users\MasterGss\Desktop\Swapples.url
2013-11-22 13:42 - 2013-11-22 13:42 - 00000000 ____D C:\Users\MasterGss\AppData\Local\Google
2013-11-22 09:41 - 2013-11-22 09:41 - 00080768 _____ C:\Users\MasterGss\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 09:41 - 2013-11-22 09:41 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Yahoo!
2013-11-22 09:40 - 2013-12-02 17:52 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\ID Vault
2013-11-22 09:40 - 2013-11-22 23:36 - 00000000 ____D C:\Users\MasterGss\AppData\Local\ID Vault
2013-11-22 09:40 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\Zemana
2013-11-22 09:40 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\White_Sky,_Inc
2013-11-22 09:39 - 2013-11-24 20:12 - 00001426 _____ C:\Users\MasterGss\Desktop\Internet Explorer.lnk
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Macromedia
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Adobe
2013-11-22 09:38 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\VirtualStore
2013-11-22 09:37 - 2013-11-22 09:39 - 00000000 ____D C:\Users\MasterGss
2013-11-22 09:37 - 2013-11-22 09:37 - 00000020 ___SH C:\Users\MasterGss\ntuser.ini
2013-11-22 09:37 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-22 09:37 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-22 00:31 - 2013-11-22 00:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-11-21 23:42 - 2013-11-26 20:45 - 00002891 _____ C:\Users\CarrieKara\Desktop\Ebay.lnk
2013-11-21 23:41 - 2013-11-21 23:41 - 00002675 _____ C:\Users\CarrieKara\Desktop\Swapples.lnk
2013-11-21 21:38 - 2013-11-21 21:38 - 00692048 _____ (Yahoo! Inc.) C:\Users\CarrieKara\Downloads\msgr11us (1).exe
2013-11-21 21:37 - 2013-11-21 21:37 - 00692048 _____ (Yahoo! Inc.) C:\Users\CarrieKara\Downloads\msgr11us.exe
2013-11-21 21:03 - 2013-11-21 21:04 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Trillian
2013-11-21 21:02 - 2013-11-21 21:02 - 22350472 _____ C:\Users\CarrieKara\Downloads\trillian-v5.4.0.13.exe
2013-11-21 20:52 - 2013-11-21 20:52 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Nero
2013-11-21 19:38 - 2013-11-21 19:38 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Google
2013-11-21 19:33 - 2013-11-21 19:34 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Adobe
2013-11-21 19:29 - 2013-11-21 19:30 - 00000000 ____D C:\Users\CarrieKara\Documents\Corel User Files
2013-11-21 19:29 - 2013-11-21 19:29 - 00061678 _____ C:\Users\CarrieKara\AppData\Roaming\PFP120JPR.{PB
2013-11-21 19:29 - 2013-11-21 19:29 - 00012358 _____ C:\Users\CarrieKara\AppData\Roaming\PFP120JCM.{PB
2013-11-21 19:29 - 2013-11-21 19:29 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Corel
2013-11-21 19:27 - 2013-11-24 14:28 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Winamp
2013-11-21 18:46 - 2013-11-21 18:46 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Yahoo!
2013-11-21 18:45 - 2013-12-03 22:18 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\ID Vault
2013-11-21 18:45 - 2013-11-24 20:29 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\ID Vault
2013-11-21 18:45 - 2013-11-21 18:45 - 00080768 _____ C:\Users\CarrieKara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 18:45 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Zemana
2013-11-21 18:45 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\White_Sky,_Inc
2013-11-21 18:44 - 2013-11-21 19:33 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Adobe
2013-11-21 18:44 - 2013-11-21 18:44 - 00001426 _____ C:\Users\CarrieKara\Desktop\Internet Explorer.lnk
2013-11-21 18:44 - 2013-11-21 18:44 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Macromedia
2013-11-21 18:43 - 2013-11-21 19:29 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\VirtualStore
2013-11-21 18:43 - 2013-11-21 18:44 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 18:43 - 2013-11-21 18:44 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 18:43 - 2013-11-21 18:43 - 00000020 ___SH C:\Users\CarrieKara\ntuser.ini
2013-11-21 18:43 - 2013-11-21 18:43 - 00000000 ____D C:\Users\CarrieKara
2013-11-21 18:43 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 18:43 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 14:28 - 2013-11-22 00:23 - 00002328 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-20 21:28 - 2013-11-28 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-20 21:28 - 2013-11-20 21:28 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-20 21:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-13 12:34 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 12:34 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 12:34 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 12:34 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 12:34 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 12:34 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 12:34 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:34 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 12:34 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 12:34 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 12:34 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 12:34 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 12:34 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 12:34 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 12:34 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:34 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 12:34 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 12:34 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 12:34 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 12:34 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 12:34 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 12:34 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 12:34 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 12:34 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 12:34 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 12:34 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 12:34 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 12:34 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 12:34 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 12:34 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 11:17 - 2013-11-12 11:18 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-10 18:41 - 2013-11-10 18:41 - 00002521 _____ C:\Users\CarrieKara\Desktop\The Pirate's Realm OPENED Forums.lnk
2013-11-09 22:25 - 2013-11-09 22:25 - 00000000 ____D C:\ProgramData\Oracle
2013-11-09 22:25 - 2013-11-09 22:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-09 22:25 - 2013-11-09 22:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-09 22:25 - 2013-11-09 22:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-09 22:25 - 2013-11-09 22:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-08 15:26 - 2013-11-08 15:26 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-08 15:25 - 2013-12-03 22:31 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-08 15:25 - 2013-12-03 18:17 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 15:25 - 2013-11-08 15:25 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-08 15:25 - 2013-11-08 15:25 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified Files and Folders =======
 
2013-12-03 22:40 - 2012-04-03 18:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 22:38 - 2013-12-03 22:31 - 00016395 _____ C:\Users\CarrieKara\Downloads\FRST.txt
2013-12-03 22:31 - 2013-11-08 15:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 22:30 - 2013-12-03 22:30 - 00000000 ____D C:\FRST
2013-12-03 22:29 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 22:29 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 22:28 - 2013-12-03 22:24 - 01959614 _____ (Farbar) C:\Users\CarrieKara\Downloads\FRST64.exe
2013-12-03 22:18 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\ID Vault
2013-12-03 22:11 - 2013-12-03 22:11 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me (2).exe
2013-12-03 22:09 - 2013-12-03 22:09 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me (1).exe
2013-12-03 22:06 - 2013-12-03 22:06 - 06844560 _____ C:\Users\CarrieKara\Downloads\join.me.exe
2013-12-03 22:04 - 2011-04-04 23:17 - 01978668 _____ C:\Windows\WindowsUpdate.log
2013-12-03 21:19 - 2013-03-25 10:41 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-12-03 18:18 - 2013-03-25 10:43 - 00000000 ____D C:\ID Vault
2013-12-03 18:17 - 2013-11-08 15:25 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 11:14 - 2009-07-13 23:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 11:07 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:07 - 2009-07-13 22:51 - 00164132 _____ C:\Windows\setupact.log
2013-12-02 17:52 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\ID Vault
2013-12-02 09:51 - 2011-04-04 07:11 - 00000000 ____D C:\Users\CarrieKara\Desktop\Sharon's Stuff
2013-12-01 11:48 - 2013-12-01 11:40 - 00000000 ____D C:\Users\Genesis\Desktop\Christmas Trees
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Users\Genesis\AppData\Local\CrashDumps
2013-12-01 02:13 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\ID Vault
2013-12-01 02:11 - 2013-11-27 10:06 - 00000000 ____D C:\Users\Genesis\AppData\Local\ID Vault
2013-11-30 12:50 - 2013-11-30 12:50 - 00002625 _____ C:\Users\MasterGss\Desktop\Stack'em _ Pogo.com® Free Online Games.lnk
2013-11-30 08:23 - 2010-08-25 12:26 - 00506264 _____ C:\Windows\PFRO.log
2013-11-28 22:20 - 2013-11-20 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 10:06 - 2013-11-27 10:06 - 00080768 _____ C:\Users\Genesis\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 10:06 - 2013-11-27 10:06 - 00000000 ____D C:\Users\Genesis\AppData\Local\White_Sky,_Inc
2013-11-27 10:04 - 2013-11-27 10:04 - 00001426 _____ C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\Macromedia
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Roaming\Adobe
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Local\Zemana
2013-11-27 10:04 - 2013-11-27 10:04 - 00000000 ____D C:\Users\Genesis\AppData\Local\Google
2013-11-27 10:04 - 2013-11-27 10:03 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 10:04 - 2013-11-27 10:03 - 00000000 ___RD C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-27 10:03 - 2013-11-27 10:03 - 00000020 ___SH C:\Users\Genesis\ntuser.ini
2013-11-27 10:03 - 2013-11-27 10:03 - 00000000 ____D C:\Users\Genesis\AppData\Local\VirtualStore
2013-11-27 10:03 - 2013-11-27 10:03 - 00000000 ____D C:\Users\Genesis
2013-11-27 00:12 - 2013-03-25 10:42 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Roaming\ID Vault
2013-11-26 23:58 - 2013-11-26 23:58 - 00016755 _____ C:\Users\Sharon Stoddard\Downloads\Attach.txt
2013-11-26 23:31 - 2013-11-26 23:31 - 00688992 ____R (Swearware) C:\Users\Sharon Stoddard\Downloads\dds.com
2013-11-26 23:27 - 2011-09-13 12:10 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4A98113A-4C14-4746-BEBD-8BE72BF97807}
2013-11-26 20:45 - 2013-11-21 23:42 - 00002891 _____ C:\Users\CarrieKara\Desktop\Ebay.lnk
2013-11-26 20:23 - 2013-03-25 10:44 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Local\ID Vault
2013-11-26 18:31 - 2011-04-23 14:43 - 00000512 _____ C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2013-11-26 15:15 - 2013-11-26 15:15 - 00001835 _____ C:\Users\CarrieKara\AppData\Roaming\SAS7_000.DAT
2013-11-26 15:14 - 2011-04-23 14:43 - 00003184 _____ C:\Windows\System32\Tasks\NatSpeak Periodic Acoustic Optimization
2013-11-25 20:38 - 2011-04-23 14:45 - 00001835 _____ C:\Users\Sharon Stoddard\AppData\Roaming\SAS7_000.DAT
2013-11-25 20:35 - 2011-04-03 23:26 - 00001426 _____ C:\Users\Sharon Stoddard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 20:28 - 2013-11-25 20:28 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Nuance
2013-11-25 15:49 - 2013-11-22 15:40 - 00000204 _____ C:\Users\MasterGss\Desktop\Swapples.url
2013-11-24 20:33 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-24 20:31 - 2013-11-24 20:31 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\CrashDumps
2013-11-24 20:29 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\ID Vault
2013-11-24 20:28 - 2013-11-24 20:28 - 00001426 _____ C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-24 20:26 - 2013-11-24 20:26 - 00000200 _____ C:\Users\MasterGss\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
2013-11-24 20:12 - 2013-11-22 09:39 - 00001426 _____ C:\Users\MasterGss\Desktop\Internet Explorer.lnk
2013-11-24 20:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-24 20:03 - 2013-11-24 19:54 - 00014127 _____ C:\Windows\IE11_main.log
2013-11-24 20:01 - 2013-11-24 20:01 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-11-24 19:58 - 2013-11-24 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-24 19:58 - 2013-11-24 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-24 19:58 - 2013-11-24 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-24 19:58 - 2013-11-24 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-24 19:58 - 2013-11-24 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-24 19:58 - 2013-11-24 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-24 19:58 - 2013-11-24 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-24 19:58 - 2013-11-24 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-24 19:58 - 2013-11-24 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-24 19:58 - 2013-11-24 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-24 19:58 - 2013-11-24 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-24 19:58 - 2013-11-24 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-24 19:58 - 2013-11-24 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-24 14:28 - 2013-11-21 19:27 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Winamp
2013-11-23 23:09 - 2013-11-23 23:09 - 00002519 _____ C:\Users\CarrieKara\Desktop\Carriekara - YouTube.lnk
2013-11-23 18:39 - 2013-11-23 18:39 - 00002685 _____ C:\Users\CarrieKara\Desktop\Word Whomp _ Pogo.com® Free Online Games.lnk
2013-11-22 23:36 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\ID Vault
2013-11-22 18:20 - 2013-11-22 18:20 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Malwarebytes
2013-11-22 15:51 - 2013-11-22 15:49 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Winamp
2013-11-22 15:46 - 2013-02-17 20:22 - 00016896 ___SH C:\Users\Sharon Stoddard\Thumbs.db
2013-11-22 13:42 - 2013-11-22 13:42 - 00000000 ____D C:\Users\MasterGss\AppData\Local\Google
2013-11-22 09:41 - 2013-11-22 09:41 - 00080768 _____ C:\Users\MasterGss\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 09:41 - 2013-11-22 09:41 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Yahoo!
2013-11-22 09:40 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\Zemana
2013-11-22 09:40 - 2013-11-22 09:40 - 00000000 ____D C:\Users\MasterGss\AppData\Local\White_Sky,_Inc
2013-11-22 09:40 - 2013-11-22 09:38 - 00000000 ____D C:\Users\MasterGss\AppData\Local\VirtualStore
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ___RD C:\Users\MasterGss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Macromedia
2013-11-22 09:39 - 2013-11-22 09:39 - 00000000 ____D C:\Users\MasterGss\AppData\Roaming\Adobe
2013-11-22 09:39 - 2013-11-22 09:37 - 00000000 ____D C:\Users\MasterGss
2013-11-22 09:37 - 2013-11-22 09:37 - 00000020 ___SH C:\Users\MasterGss\ntuser.ini
2013-11-22 00:31 - 2013-11-22 00:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-11-22 00:25 - 2011-04-04 07:05 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-11-22 00:23 - 2013-11-21 14:28 - 00002328 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-22 00:23 - 2013-03-25 11:42 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-21 23:41 - 2013-11-21 23:41 - 00002675 _____ C:\Users\CarrieKara\Desktop\Swapples.lnk
2013-11-21 23:05 - 2011-11-03 22:22 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-11-21 23:03 - 2011-04-03 23:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-21 22:48 - 2013-09-12 00:34 - 00000000 ___RD C:\Users\CarrieKara\Desktop\Documents & internt shortcuts
2013-11-21 22:45 - 2010-09-13 03:15 - 00000000 ____D C:\book
2013-11-21 22:23 - 2011-04-03 23:23 - 00000000 ____D C:\Users\Sharon Stoddard
2013-11-21 21:38 - 2013-11-21 21:38 - 00692048 _____ (Yahoo! Inc.) C:\Users\CarrieKara\Downloads\msgr11us (1).exe
2013-11-21 21:38 - 2011-04-03 23:51 - 00001138 _____ C:\Windows\wininit.ini
2013-11-21 21:37 - 2013-11-21 21:37 - 00692048 _____ (Yahoo! Inc.) C:\Users\CarrieKara\Downloads\msgr11us.exe
2013-11-21 21:04 - 2013-11-21 21:03 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Trillian
2013-11-21 21:02 - 2013-11-21 21:02 - 22350472 _____ C:\Users\CarrieKara\Downloads\trillian-v5.4.0.13.exe
2013-11-21 20:52 - 2013-11-21 20:52 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Nero
2013-11-21 19:38 - 2013-11-21 19:38 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Google
2013-11-21 19:34 - 2013-11-21 19:33 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Adobe
2013-11-21 19:33 - 2013-11-21 18:44 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Adobe
2013-11-21 19:30 - 2013-11-21 19:29 - 00000000 ____D C:\Users\CarrieKara\Documents\Corel User Files
2013-11-21 19:29 - 2013-11-21 19:29 - 00061678 _____ C:\Users\CarrieKara\AppData\Roaming\PFP120JPR.{PB
2013-11-21 19:29 - 2013-11-21 19:29 - 00012358 _____ C:\Users\CarrieKara\AppData\Roaming\PFP120JCM.{PB
2013-11-21 19:29 - 2013-11-21 19:29 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Corel
2013-11-21 19:29 - 2013-11-21 18:43 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\VirtualStore
2013-11-21 18:46 - 2013-11-21 18:46 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Yahoo!
2013-11-21 18:45 - 2013-11-21 18:45 - 00080768 _____ C:\Users\CarrieKara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 18:45 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\Zemana
2013-11-21 18:45 - 2013-11-21 18:45 - 00000000 ____D C:\Users\CarrieKara\AppData\Local\White_Sky,_Inc
2013-11-21 18:44 - 2013-11-21 18:44 - 00001426 _____ C:\Users\CarrieKara\Desktop\Internet Explorer.lnk
2013-11-21 18:44 - 2013-11-21 18:44 - 00000000 ____D C:\Users\CarrieKara\AppData\Roaming\Macromedia
2013-11-21 18:44 - 2013-11-21 18:43 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 18:44 - 2013-11-21 18:43 - 00000000 ___RD C:\Users\CarrieKara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 18:43 - 2013-11-21 18:43 - 00000020 ___SH C:\Users\CarrieKara\ntuser.ini
2013-11-21 18:43 - 2013-11-21 18:43 - 00000000 ____D C:\Users\CarrieKara
2013-11-21 14:30 - 2010-08-25 12:56 - 00000000 ____D C:\ProgramData\Norton
2013-11-21 14:29 - 2013-03-25 11:42 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-21 14:29 - 2013-03-25 11:42 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-21 14:26 - 2013-03-25 11:41 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-21 11:06 - 2013-10-26 19:11 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Roaming\Software Informer
2013-11-21 11:06 - 2013-10-26 19:11 - 00000000 ____D C:\Program Files\Software Informer
2013-11-21 11:06 - 2013-10-26 19:09 - 00000000 ____D C:\YouTube To MP3 HQ Downloader
2013-11-21 11:06 - 2011-04-03 23:51 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-11-21 11:06 - 2011-04-03 23:50 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-11-21 11:06 - 2010-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-21 11:05 - 2011-04-03 23:51 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Roaming\Yahoo!
2013-11-21 11:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-11-21 09:51 - 2011-04-04 07:04 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-21 00:21 - 2013-04-03 23:51 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Local\join.me
2013-11-20 23:14 - 2013-10-06 18:32 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-11-20 23:11 - 2013-10-06 18:37 - 00000000 ____D C:\ProgramData\Conduit
2013-11-20 23:11 - 2013-10-06 18:32 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-11-20 23:11 - 2013-10-06 18:32 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-11-20 23:11 - 2012-10-23 12:07 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Roaming\DefaultTab
2013-11-20 21:28 - 2013-11-20 21:28 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 21:26 - 2012-04-03 18:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-18 21:25 - 2012-04-03 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-18 21:25 - 2011-06-14 09:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-18 21:25 - 2011-05-14 20:36 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Local\Adobe
2013-11-13 22:16 - 2013-08-14 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:14 - 2011-04-04 09:31 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 16:42 - 2013-04-04 00:16 - 00441418 _____ C:\Users\CarrieKara\Documents\Part 2 Paradise.wpd
2013-11-12 11:18 - 2013-11-12 11:17 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-12 11:17 - 2013-03-25 10:42 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2013-11-12 11:17 - 2013-03-25 10:42 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-11-12 11:17 - 2013-03-25 10:42 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-11-10 18:41 - 2013-11-10 18:41 - 00002521 _____ C:\Users\CarrieKara\Desktop\The Pirate's Realm OPENED Forums.lnk
2013-11-10 01:00 - 2011-04-23 14:44 - 00000438 _____ C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
2013-11-09 22:25 - 2013-11-09 22:25 - 00000000 ____D C:\ProgramData\Oracle
2013-11-09 22:24 - 2013-11-09 22:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-09 22:24 - 2013-11-09 22:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-09 22:24 - 2013-11-09 22:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-09 22:24 - 2013-11-09 22:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-08 15:26 - 2013-11-08 15:26 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-08 15:26 - 2011-04-03 23:46 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Local\Google
2013-11-08 15:25 - 2013-11-08 15:25 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-08 15:25 - 2013-11-08 15:25 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-08 15:25 - 2011-04-07 20:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 23:49 - 2011-04-04 23:50 - 00000000 ____D C:\Users\Sharon Stoddard\AppData\Local\CrashDumps
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2012-06-10 03:53
 
==================== End Of Log ============================
 
 
This is the addition log.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by CarrieKara at 2013-12-03 22:55:45
Running from C:\Users\CarrieKara\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Advertising Center (x32 Version: 0.0.0.2)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Blackhawk Striker 2 (x32 Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82)
Build-a-lot (x32)
Build-a-lot 2 (x32 Version: 2.2.0.82)
Celtic Lore: Sidhe Hills (x32 Version: 2.2.0.98)
Constant Guard Protection Suite (x32 Version: 1.13.1030.3)
CyberLink PowerDVD 9 (x32 Version: 9.0.2610.50)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 - Restaurant Rescue (x32)
Dragon NaturallySpeaking 10 (x32 Version: 10.10.0)
eBay Worldwide (x32 Version: 2.1.0901)
eMachines Games (x32 Version: 1.0.2.5)
eMachines Recovery Management (x32 Version: 4.05.3007)
eMachines Registration (x32 Version: 1.02.3006)
eMachines ScreenSaver (x32 Version: 1.1.0812)
eMachines Updater (x32 Version: 1.02.3001)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
Faerie Solitaire (x32 Version: 2.2.0.82)
FATE - The Traitor Soul (x32 Version: 2.2.0.82)
G.H.O.S.T. Hunters (x32)
Garmin Communicator Plugin (x32 Version: 4.0.3)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Lifetime Updater (x32 Version: 2.1.11)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hotkey Utility (x32 Version: 2.05.3009)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Monopoly (x32 Version: 2.2.0.82)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.15.0.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
Norton Security Suite (x32 Version: 21.1.0.18)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305)
NVIDIA ForceWare Network Access Manager (x32)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
Penguins! (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
PVSonyDll (Version: 1.00.0001)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898)
Roll (x32)
Scrabble Plus (x32 Version: 2.2.0.82)
Software Informer 1.2
swMSM (x32 Version: 12.0.0.1)
Teddy Factory (x32)
The Price is Right (x32 Version: 2.2.0.82)
Trillian (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - A New Home (x32 Version: 2.2.0.82)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 10.00.800.228)
Welcome Center (x32 Version: 1.02.3004)
WildTangent Games App (x32 Version: 4.0.10.25)
Winamp (x32 Version: 5.65 )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WordPerfect IFilter 64 bit (Version: 1.2)
WordPerfect Office 12 (x32 Version: 12.0.0.238)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Yahtzee (x32 Version: 2.2.0.82)
YouTube to MP3 High Quality Downloader V4.0.2 (x32)
Zuma Deluxe (x32 Version: 2.2.0.82)
 
==================== Restore Points  =========================
 
10-11-2013 04:23:56 Installed Java 7 Update 45
14-11-2013 04:13:07 Windows Update
21-11-2013 06:22:23 Removed Acrobat.com
25-11-2013 01:56:07 Windows Modules Installer
25-11-2013 01:57:06 Windows Modules Installer
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {375CB1F2-F886-4A0E-BDB5-00807CE18E9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {40E4FEDB-EA21-4930-81BD-9E273C529627} - System32\Tasks\NatSpeak Periodic Language Model Optimization => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-16] (Nuance Communications, Inc.)
Task: {4B4E2604-C8CF-46AB-ADFD-424884815820} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {652FD3CE-6D0C-4318-BA8E-DF83D62917D3} - System32\Tasks\NatSpeak Periodic Acoustic Optimization => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-16] (Nuance Communications, Inc.)
Task: {6B43B59F-93F9-44F4-A907-2F820C68499F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18] (Adobe Systems Incorporated)
Task: {7581AF5C-B9A9-4BDC-B8CB-D3D770F4E065} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {775B75E0-EEE9-4A57-B0B8-0AAC5296CAF8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {7C93CF1C-087D-4BC8-8D87-BB143F6A3D42} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8D9629F5-C38B-48F1-8AA8-2A56A85F5117} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9451A2EA-2CCB-421F-9F79-008A335F0065} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {B7B74B72-D569-41A4-B89A-E124FCB2BFAE} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {B9555197-A510-4357-A006-4A5414D1444D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {BE719EAD-C8AE-4A2C-96B5-697BB85DEE60} - System32\Tasks\NatSpeak Periodic Data Collection => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\datacollector.exe [2009-03-16] (Nuance Communications, Inc.)
Task: {E1BA7FD3-0631-406D-8B49-6627316AE261} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Data Collection.job => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\datacollector.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-08 15:26 - 2013-10-08 18:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-11-08 15:26 - 2013-10-08 18:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-11-08 15:26 - 2013-10-08 18:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-11-08 15:26 - 2013-10-08 18:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-11-08 15:26 - 2013-10-08 18:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-11-08 15:26 - 2013-10-08 18:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-10-31 13:50 - 2013-10-31 13:50 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2011-04-03 23:51 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2011-09-18 11:10 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2013-12-03 22:11 - 2013-12-03 22:11 - 00106272 _____ () C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\LMIInputHook32.dll
2013-12-03 22:11 - 2013-12-03 22:11 - 00356128 _____ () C:\Users\CarrieKara\AppData\Local\Temp\joiA2DF.tmp\LMISupport7x32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2013 11:08:01 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/02/2013 09:48:33 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 06:35:02 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 11:55:56 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 11:40:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: IDVault.exe, version: 1.13.1030.3, time stamp: 0x52717c3e
Faulting module name: NLSData0009.dll_unloaded, version: 0.0.0.0, time stamp: 0x4791a753
Exception code: 0xc0000005
Fault offset: 0x5ddaa17d
Faulting process id: 0xd98
Faulting application start time: 0xIDVault.exe0
Faulting application path: IDVault.exe1
Faulting module path: IDVault.exe2
Report Id: IDVault.exe3
 
Error: (12/01/2013 11:24:38 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 02:08:45 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 07:23:17 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 00:35:57 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 08:24:03 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
System errors:
=============
Error: (12/03/2013 11:09:23 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (12/02/2013 01:32:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (12/02/2013 09:49:54 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (12/01/2013 10:24:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/01/2013 06:36:24 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (12/01/2013 11:57:18 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (12/01/2013 11:54:58 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:53:19 AM on ‎12/‎1/‎2013 was unexpected.
 
Error: (12/01/2013 11:26:00 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (12/01/2013 02:10:07 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (11/30/2013 07:24:39 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2013 11:08:01 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/02/2013 09:48:33 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 06:35:02 PM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 11:55:56 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 11:40:46 AM) (Source: Application Error)(User: )
Description: IDVault.exe1.13.1030.352717c3eNLSData0009.dll_unloaded0.0.0.04791a753c00000055ddaa17dd9801ceeebc6bc96c60C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeNLSData0009.dllb553e630-5aaf-11e3-8781-00262d4525b2
 
Error: (12/01/2013 11:24:38 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (12/01/2013 02:08:45 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 07:23:17 PM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 00:35:57 PM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/30/2013 08:24:03 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 86%
Total physical RAM: 2814.49 MB
Available physical RAM: 366.47 MB
Total Pagefile: 5723.16 MB
Available Pagefile: 508.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:451.66 GB) (Free:361.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 09000399)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 PM

Posted 04 December 2013 - 09:42 AM

Greetings Sharon,

Nice to meet you. You received the AutoIt error but were able to successfully run the program after that? Just trying to understand the chain of events.

This may be an issue:

Percentage of memory in use: 86%

 
----------

Does this look familiar to you?

SoftGrid Service

 
----------
 
Please do these things for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize SoftGrid Service
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Edited by Oh My, 04 December 2013 - 09:44 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 04 December 2013 - 10:59 PM

I get error messages about memory usage all the time. I got the error while I was typing my response, after FRST had ran. I do not recognize that program name.  Here is the AdwCleaner log. Please note that the link you put in your post does not work. I will post other logs since I suspect that I will have to restart after each time.

 

# AdwCleaner v3.014 - Report created 04/12/2013 at 21:42:41
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : CarrieKara - SHARONSTODDARD
# Running from : C:\Users\CarrieKara\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\GameTap Web Player
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\apn
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\Conduit
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\WordLayers
Folder Deleted : C:\Users\Sharon Stoddard\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Sharon Stoddard\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sharon Stoddard\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Roaming\Mozilla\Firefox\Profiles\vljiu4to.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Folder Deleted : C:\Users\CarrieKara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Folder Deleted : C:\Users\MasterGss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\CarrieKara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\MasterGss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\Sharon Stoddard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\CarrieKara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
[!] Folder Deleted : C:\Users\MasterGss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
File Deleted : C:\END
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\CarrieKara\Desktop\eBay.lnk
File Deleted : C:\Users\Sharon Stoddard\AppData\Roaming\Mozilla\Firefox\Profiles\vljiu4to.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Sharon Stoddard\AppData\Roaming\Mozilla\Firefox\Profiles\vljiu4to.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316068
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Sharon Stoddard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\CarrieKara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
[ File : C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\MasterGss\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9166 octets] - [04/12/2013 21:37:44]
AdwCleaner[S0].txt - [9059 octets] - [04/12/2013 21:42:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9119 octets] ##########
 


#8 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 04 December 2013 - 11:41 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by CarrieKara on Wed 12/04/2013 at 22:00:24.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/04/2013 at 22:20:33.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 04 December 2013 - 11:52 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by CarrieKara at 2013-12-04 22:48:37 Run:1
Running from C:\Users\CarrieKara\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
*****************
 
C:\ProgramData\Temp => ":F35A93AD" ADS removed successfully.
 
==== End of Fixlog ====
 
Cursor still stutters but not as much as it did before. Not much improvement.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 PM

Posted 05 December 2013 - 09:30 AM

Hi Sharon,

Thanks for the update and the broken link (now fixed!).

Please do this.

===================================================

Running Getservices by Grinler

--------------------
  • Please download Getservices and save it in the C:\ directory
  • Double click the getservices zip folder
  • Double click the getservices folder
  • Double click on the getservices icon and select Extract all
  • Click Next, Next, then Finish
  • Double click the getservices folder
  • Double click the getservice MS-DOS Batch File
  • Select Run
  • A notepad document will open
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • List of services

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 06 December 2013 - 12:48 AM

Do you want me to run these programs on just one user profile or on both of them? Also, I kept getting "post too long so I attached the log instead.

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 PM

Posted 06 December 2013 - 10:12 AM

Hi Sharon,

We want to work with the profile giving you fits. May I assume the new User Profile works OK?

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  • Check the Export keys radio button.
  • Press the Go button and post the result. If necessary please attache the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 07 December 2013 - 12:49 AM

I have been running these programs in the new profile. I have ran the FRST scan in the old profile but it didn't produce an Addition.txt log. I won't run any of the other programs unless you want me to rerun them. The logs are too big to post so I have attached them.
 
 
Here is the Mini Reg log.
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="\"C:\\Program Files (x86)\\LogMeIn\\x64\\LogMeInSystray.exe\""

 

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 PM

Posted 07 December 2013 - 01:09 PM

We need to back up a bit so we are on the same page. I need to understand who is who in the zoo! :)

Which one of these is the old profile giving you trouble , which is the new profile, and what are the other 2?
 

C:\Users\CarrieKara
C:\Users\Sharon Stoddard
C:\Users\Genesis
C:\Users\MasterGss


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Carriekara

Carriekara
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 07 December 2013 - 02:41 PM

Hi Gary.

 

The old account is C:\Users\Sharon Stoddard. This this the one that started the trouble. The screen no longer is flashing from login to welcome screen. However the scrolling is not smooth at all

 

C:\Users\CarrieKara is the new account. There is one for my son and one from my husband. We only have 1 PC  in our house.

 

Sharon






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users